{"report_id":"e0204f31-d3b2-4998-953f-32b6d1fb5e09","version":6,"status":"done","tags":["suspicious","phishing","kratos","aitm"],"date":"2026-01-09T22:39:23Z","url":{"schema":"http","addr":"workstech.firmcapital.sbs","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"172.67.153.46","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/index","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"title":"Completing..","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"workstech.firmcapital.sbs","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"172.67.153.46","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-13T22:39:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":4,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]},"summary":[{"fqdn":"workstech.firmcapital.sbs","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-07","domain_rank":0,"first_seen":"2026-01-09T22:36:39.268863Z","last_seen":"2026-01-09T22:36:39.268863Z","alert_count":70,"request_count":11,"received_data":229572,"sent_data":6457,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Statically","description":"Statically is a free, fast and modern CDN for open-source projects, WordPress, images, and any static assets.","website":"https://statically.io","common_platform_enumeration":"","icon":"Statically.svg","categories":["CDN"]}]},{"fqdn":"cdn.statically.io","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2019-05-05","domain_rank":181879,"first_seen":"2019-05-15T08:32:51Z","last_seen":"2026-01-09T18:44:16.727262Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":457,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-04T22:17:15.216142Z","alert_count":0,"request_count":1,"received_data":4074,"sent_data":485,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-01-04T22:14:09.841371Z","alert_count":0,"request_count":3,"received_data":98829,"sent_data":1650,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/js/y9y542O8kTwzg5JA.js","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ace8b683fe731b9b4d7c5c606ede7104","sha1":"f5822cd4dc170809befb9144f77fab9657436c8d","sha256":"5e8a39a157dfd13b51b0df79db2c846a9fbe59a31ec7cfd93fcfa66999150b9f","sha512":"8b493208a4b3b782284435eb248c7a55fc9a4e3212a5ef64f74a73f7c93fe716408f622279c37094e5e6a7a833ef260cbc71d7e800ab50a2850cf050afbf37db","ssdeep":"1536:yu3bXdpuFJgR9YxSgPaZewnn1Dnvspfcj0:13b6FSR9VgC91DnqUj0","tlshash":"47c3fda34901bcbfe3aac1b1d39e3956d8aaea11e7d714d37042ace1346f26558df1c0","size":122703,"data":"","first_seen":"2025-08-01T21:22:09.653175Z","last_seen":"2026-03-27T16:48:21.880455Z","times_seen":779,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8291baa513d144bf1a91d853c8b0ed26","sha1":"7363c82cfd451172c9fdf43dd494080a7ff78e74","sha256":"0ce11e8afd8d11f0fc6b1bc2673665663c9557889f7c2ba0ed0bc64d4a0682f1","sha512":"b96ea187641a9b6fc9d819ff4e66203e5ff8416ce961377869211416886e481bfcb75f8ebd58f195c78e0f1a573a6606c10fc9eef5593a0c1825d6d90bd4598c","ssdeep":"192:RAGv/bpgGIhkFT3s/+HkjhJ6d7esptLaeZRORbSKgwBaDqDaiZbd:RAGvFgGIhkFAM+eZRORbSKgw0DZobd","tlshash":"0d324dd6b586d9dac3237014573b4e045e1427eb0f44fb00ae0d268d26eadee7ad6cd8","size":11857,"data":"","first_seen":"2026-01-09T22:39:32.6011Z","last_seen":"2026-01-09T22:39:32.6011Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/js/XwyymqREBGZa2wQ.js","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2d73540e77a95afc0e175e6832632f80","sha1":"395b7f01612c818e42180d7bd6cc45dee889d931","sha256":"22b383bee9018beb60be59df9dc5693b710b4fbb460c4ee72249eb6bbb15340b","sha512":"845d3078a4f637aefc1cd555bc821a608ddf3f20254c2e3eae22746369f14c8b5fa3a3aae65ac47953c66d6293cda0014188649b13caa816f545fa4c074de58e","ssdeep":"192:XJOvc1ds4w/WeDKCOtsclRSQdZ1opYAGARKWmuykrLe0L8sYAqzLkK0hYS1:5O94EWIKCOlRS2o6AGAHx3HLEvqj","tlshash":"ce62409e26523da3d21fd6f606c7a2cba9b42540cb884002c6dc53c876786e573f9c7b","size":15856,"data":"","first_seen":"2025-07-27T12:49:35.332897Z","last_seen":"2026-03-27T16:48:21.866617Z","times_seen":787,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"16242bdfe8afefc1cacb1745add91677","sha1":"997b7c34331a78882d8fb3104d7f2c18af325274","sha256":"55235f7d9ee9db08753a0129041ab303d79569cfdf7ffb546bd41ff1ab2f41e6","sha512":"37a0161a677a0a013baf076c16787d58b830178f8cf5d5800e887c0210e42b22016179b1c657046525f3528272e0e23c17f6d9bcb3924667b2bb72ae4b702786","ssdeep":"384:pLu0wOcc3er4mY5alNv3rThaygDYQRscYQR06oicMvM+7PvM8PvM8hvMtVHIPGGf:pLKH0mY8L9jn6oizx7PbPzzZfeZq5KQ","tlshash":"c41330903f95f098c6c42362baad087efc7c349183d7650da73f854b27b05e691c9a6e","size":41535,"data":"","first_seen":"2026-01-09T22:39:32.602251Z","last_seen":"2026-01-09T22:39:32.602251Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/?api=1","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://workstech.firmcapital.sbs/","date":"2026-01-09T22:39:03.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"GET /?api=1 HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://workstech.firmcapital.sbs/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 09 Jan 2026 22:39:04 GMT\r\ncontent-type: application/json\r\ncontent-length: 85\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DuQ6TxGWC%2BdAwaoTxnz3lxr8XhKI4n0WqpVB4%2Bo7r48o%2BhL6kSqYuookTbmqJxDT8mfx2Pi5oES2KE5%2F5gFhgE4WU%2B0yRiowsoKS0mK0Lw%3D%3D\"}]}\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=1,i=?0\r\ncf-ray: 9bb76db1af11723c-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":68,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"60a7795dd4ea7467d6e4a544ee6886cf","sha1":"59976a2033bbe4a1a552e841d8af9dc5cf0f92a3","sha256":"709d9464c82c501bfd00681a2db043ee71927c07eec734fccac9ec143e92bb5d","sha512":"e297c9c050dba1405b3c6d3daa4eb8fe251b1bc4dd61a7a357d941f34dcd6261c3d9d8e4a2460459902c23d76551132026c300aded9b36970bca53b568ed80fb","ssdeep":"","tlshash":"e3a022030c20ee828cce0e33202800ce880c202a02823b08028ec0030a2c000b280a00","first_seen":"2026-01-09T22:39:32.57217Z","last_seen":"2026-01-09T22:39:32.57217Z","times_seen":1,"resource_available":false,"data":null}},"time_used":442,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":441,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/favicon.ico","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://workstech.firmcapital.sbs/","date":"2026-01-09T22:39:07.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workstech.firmcapital.sbs/\r\nCookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 09 Jan 2026 22:39:08 GMT\r\ncontent-type: text/html\r\ncache-control: private, no-cache, max-age=0\r\npragma: no-cache\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mz8%2BSWuC9AA4sA5sf%2BEAQvsKl115UtGxJWFHQ4VWn16nf58x9rA1525q1bhY5XHIq3HNyDauERCkR9%2B%2BycCsS8%2BOCkzYoNJZlA1cgu%2FLRA%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: BYPASS\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\ncf-ray: 9bb76dc92e2f723c-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":1249,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"f58515dfe987f7e027c8a71bbc884621","sha1":"bec6aebf5940ea88fbbff5748d539453d49fa284","sha256":"679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43","sha512":"f085346a38318f7935d76909db0367862924cc9b0d96256f7ff4e8999c041e610bbcde8ca56c92673bde0991c85e9c9d9b6726abd91d0c3177462c80d4a99140","ssdeep":"","tlshash":"8b21653ec1c1520ae0271164fb81f3a86629821191970f703b8eb176f6cd0bb52a36c8","first_seen":"2024-02-10T12:39:22Z","last_seen":"2026-04-04T14:40:41.876564Z","times_seen":20453,"resource_available":true,"data":null}},"time_used":375,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":375,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://workstech.firmcapital.sbs/","date":"2026-01-09T22:39:05.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"POST / HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://workstech.firmcapital.sbs/\r\nContent-Type: application/x-www-form-urlencoded;charset=UTF-8\r\nContent-Length: 1823\r\nOrigin: https://workstech.firmcapital.sbs\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1823,"data":"cid=2ab55fabe80f04f3\u0026nonce=b4a84c7f5abd54b9\u0026pow=10579\u0026canvas=data%3Aimage%2Fpng%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAASwAAACWCAYAAABkW7XSAAAE00lEQVR4Xu3WsUmEURSEURdBxA4MLcLEHkzswNwGzAVLsQBzIzGxDGsQNBC85u7Llp8PjvCiVXY4cxncHe3%2FeZiPTuedzfuY97j4XR8RIEDg4AK7xTeczGfv877mXc37OXgaX0CAAIGFwGqwzufvXud9z7uc90mSAAECWwqsBut5gj3Nu5j3N153Wwb13QQIENg3WLdDcz3vZt7xvLd59%2FNekBEgQGArgdV%2FWFtl8r0ECBD4V8BgOQwCBDICBitTlaAECBgsN0CAQEbAYGWqEpQAAYPlBggQyAgYrExVghIgYLDcAAECGQGDlalKUAIEDJYbIEAgI2CwMlUJSoCAwXIDBAhkBAxWpipBCRAwWG6AAIGMgMHKVCUoAQIGyw0QIJARMFiZqgQlQMBguQECBDICBitTlaAECBgsN0CAQEbAYGWqEpQAAYPlBggQyAgYrExVghIgYLDcAAECGQGDlalKUAIEDJYbIEAgI2CwMlUJSoCAwXIDBAhkBAxWpipBCRAwWG6AAIGMgMHKVCUoAQIGyw0QIJARMFiZqgQlQMBguQECBDICBitTlaAECBgsN0CAQEbAYGWqEpQAAYPlBggQyAgYrExVghIgYLDcAAECGQGDlalKUAIEDJYbIEAgI2CwMlUJSoCAwXIDBAhkBAxWpipBCRAwWG6AAIGMgMHKVCUoAQIGyw0QIJARMFiZqgQlQMBguQECBDICBitTlaAECBgsN0CAQEbAYGWqEpQAAYPlBggQyAgYrExVghIgYLDcAAECGQGDlalKUAIEDJYbIEAgI2CwMlUJSoCAwXIDBAhkBAxWpipBCRAwWG6AAIGMgMHKVCUoAQIGyw0QIJARMFiZqgQlQMBguQECBDICBitTlaAECBgsN0CAQEbAYGWqEpQAAYPlBggQyAgYrExVghIgYLDcAAECGQGDlalKUAIEDJYbIEAgI2CwMlUJSoCAwXIDBAhkBAxWpipBCRAwWG6AAIGMgMHKVCUoAQIGyw0QIJARMFiZqgQlQMBguQECBDICBitTlaAECBgsN0CAQEbAYGWqEpQAAYPlBggQyAgYrExVghIgYLDcAAECGQGDlalKUAIEDJYbIEAgI2CwMlUJSoCAwXIDBAhkBAxWpipBCRAwWG6AAIGMgMHKVCUoAQIGyw0QIJARMFiZqgQlQMBguQECBDICBitTlaAECBgsN0CAQEbAYGWqEpQAAYPlBggQyAgYrExVghIgYLDcAAECGQGDlalKUAIEDJYbIEAgI2CwMlUJSoCAwXIDBAhkBAxWpipBCRAwWG6AAIGMgMHKVCUoAQIGyw0QIJARMFiZqgQlQMBguQECBDICBitTlaAECBgsN0CAQEbAYGWqEpQAAYPlBggQyAgYrExVghIgYLDcAAECGQGDlalKUAIEDJYbIEAgI2CwMlUJSoCAwXIDBAhkBAxWpipBCRAwWG6AAIGMgMHKVCUoAQIGyw0QIJARMFiZqgQlQMBguQECBDICBitTlaAECBgsN0CAQEbAYGWqEpQAAYPlBggQyAgYrExVghIgYLDcAAECGQGDlalKUAIEDJYbIEAgI2CwMlUJSoCAwXIDBAhkBAxWpipBCRAwWG6AAIGMgMHKVCUoAQIGyw0QIJARMFiZqgQlQOAXFRsNl3LWBUQAAAAASUVORK5CYII%3D"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 09 Jan 2026 22:39:05 GMT\r\ncontent-type: application/json\r\ncontent-length: 274\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2zFq5UrZ785RPfG0VakVhXVRfpCMwbuTqAofo%2FmIstoWl3LrjRp35cTlDd2ehJJmYR8VTiBT1QXY9kiPetiJG6%2BvhdN3x6t22BOh8pltaQ%3D%3D\"}]}\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=4,i=?0\r\ncf-ray: 9bb76dba7e4f723c-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":308,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c9a3a69f82850781885e8dd7c86808d1","sha1":"d8c06a455512cc40a2bdb5de0daad84a8ee84799","sha256":"d06ba214ab3a40440163bffb4989c0e010b386986fbfabb6eb97c8a37543bd3b","sha512":"af7a238c269b622cd72203351e5d924910872b9470cae7ac260d2ae1c599775fbd7357f73070f1739b2fa6b4aee4c3214bb3215a8b1c9effd03d1d594b9333f3","ssdeep":"","tlshash":"e8e07da40a509567e1412bec50747af00ba912bee48d30e8c89e480140d491c35459bb","first_seen":"2026-01-09T22:39:32.574184Z","last_seen":"2026-01-09T22:39:32.574184Z","times_seen":1,"resource_available":false,"data":null}},"time_used":462,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":461,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-09T22:39:06.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"POST / HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 294\r\nOrigin: https://workstech.firmcapital.sbs\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workstech.firmcapital.sbs/\r\nCookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":294,"data":"054bd6e54205=eyJpcCI6Ijk0Mzg1NmI4NGQwYTlkZGM3M2NjMzA2OTVhZDVlOGQxNGM0YWQzZThlNzI1MWI0N2ZjMWE1MDQ0M2I0YjU5NGIiLCJ1YSI6IjIyMmJiOTJhZjUxMDJkNTExMGYwZTJlOWZhZDk5YzcxYmM4Y2JiNTQ5ZTRjOTkxOTY4ZDg2ZTc2ZTYzMGNjYTkiLCJleHAiOjE3Njc5OTg0MDV9.746184446e898ee3a6e552af952856b3d2952bf4feefdf4564d605b56e39aae5"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 09 Jan 2026 22:39:06 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dELGl09cSoeawMkbJ8tYbsxsjjBgmhnKfbT0HgsRoEXR7bR8MjRWTAY3NiIgS0yHlT3W7zO2Y27Z4I4OqdsivZrhiqwhQiwcH1RK2KWmlA%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=1,i=?0\r\ncontent-encoding: br\r\ncf-ray: 9bb76dc1492d723c-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":59001,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (41016), with CRLF line terminators","md5":"c90bab889e4818c0fe8786b2d1d414d3","sha1":"b2d81a6041da47d548e1d00b781092c00eb2964d","sha256":"9edebbdefef474de9d46d85deeb8277a62316ba3a301f1a4823d80989bd9fbd6","sha512":"bd88d831ba76e6c035fc716b42630f6d294733d5887298e693063d7af597b48056b6d8c9634274df8f03469660fbb5328bf8d3e4645ddb2841c3b955e4a14e05","ssdeep":"768:tqINWk6B9gnhkFAM+909HvKH0mY8L9jn6oizx7PbPzzZfeZq5K6:tqI0F4eFA3ZLY8LwoizdrzzZfeZq5K6","tlshash":"fd43a5913f85f094c6d53352b67e083efd6831924b83650db73f814b27b08e691ca9ad","first_seen":"2026-01-09T22:39:32.576462Z","last_seen":"2026-01-09T22:39:32.576462Z","times_seen":1,"resource_available":false,"data":null}},"time_used":539,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":534,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/js/y9y542O8kTwzg5JA.js","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://workstech.firmcapital.sbs/","date":"2026-01-09T22:39:07.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"GET /ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/js/y9y542O8kTwzg5JA.js HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workstech.firmcapital.sbs/\r\nCookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 09 Jan 2026 22:39:07 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 28229\r\netag: \"1df4f-688514e8-4ae15a;br\"\r\nlast-modified: Sat, 26 Jul 2025 17:48:24 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hGIvNGAUisWb9j%2BG1EL6dKOnhBXl%2FBCBhVSaFyVqiUqBEWFfVQo1t%2FaQ79trG4TnPUi9l8eECbeuOppxcV18iOM1bMolPF2KMFeI2HhHOw%3D%3D\"}]}\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\ncf-ray: 9bb76dc4ea42723c-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":122703,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ace8b683fe731b9b4d7c5c606ede7104","sha1":"f5822cd4dc170809befb9144f77fab9657436c8d","sha256":"5e8a39a157dfd13b51b0df79db2c846a9fbe59a31ec7cfd93fcfa66999150b9f","sha512":"8b493208a4b3b782284435eb248c7a55fc9a4e3212a5ef64f74a73f7c93fe716408f622279c37094e5e6a7a833ef260cbc71d7e800ab50a2850cf050afbf37db","ssdeep":"1536:yu3bXdpuFJgR9YxSgPaZewnn1Dnvspfcj0:13b6FSR9VgC91DnqUj0","tlshash":"47c3fda34901bcbfe3aac1b1d39e3956d8aaea11e7d714d37042ace1346f26558df1c0","first_seen":"2025-08-01T21:22:09.653175Z","last_seen":"2026-03-27T16:48:21.880455Z","times_seen":779,"resource_available":true,"data":null}},"time_used":659,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":543,"receive":116,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.statically.io/gh/syntaxerror019/HTML-STO/main/ld.min.js","fqdn":"cdn.statically.io","domain":"statically.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://workstech.firmcapital.sbs/ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/index","date":"2026-01-09T22:39:08.872Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /gh/syntaxerror019/HTML-STO/main/ld.min.js HTTP/1.1\r\nHost: cdn.statically.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workstech.firmcapital.sbs/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":6,"connect":1,"send":0,"wait":0,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-09T22:39:00.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 09 Jan 2026 22:39:00 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8dP3R5w7LHEsBMlvUWMh7j5F1MmHjR2RWC05WGie83Wb7ENXauMWEaFNfWL%2B9iRXlAm6pmgmW6Hy8iT96z2kJsHZbB6zsXLobnAegu4Buw%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\ncf-ray: 9bb76d9b6c1adfec-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3439,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (396)","md5":"6cb1ecdbd2853761352c5dceee249013","sha1":"e2e954991b311c9995f39d145c63154812a84038","sha256":"58f88f329d24b6b52198c12ce1bce47650cedb6fcb12b4f48e6ce0e6b20e54b4","sha512":"e105696f30bdd4fc77ccc123648eda4420c1256fc052b290e4e67b538426a4ee5951c7e633857d6887718d6514a468f37614a4e61a36836c5b230bf7420f78b7","ssdeep":"","tlshash":"fd61a667b6f31407448684141753679c2f50e903cc4ad95a7e9c67b1af87a80ded7a4c","first_seen":"2026-01-09T22:39:32.582016Z","last_seen":"2026-01-09T22:39:32.582016Z","times_seen":1,"resource_available":false,"data":null}},"time_used":646,"timings":{"blocked":20,"dns":1,"connect":1,"send":0,"wait":605,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Outfit:wght@300;400;500;600\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://workstech.firmcapital.sbs/","date":"2026-01-09T22:39:01.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Outfit:wght@300;400;500;600\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workstech.firmcapital.sbs/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 09 Jan 2026 22:39:01 GMT\r\ndate: Fri, 09 Jan 2026 22:39:01 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3388,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"15e42e8bfa34089ea8adc5b04da350ec","sha1":"85eed851096ae9a867ec080c8b3c68d71debfe50","sha256":"de2a10aeb2b520133ea274bf4bac3b8c496e80c297d2489bc1d164aebbb878a6","sha512":"64149017f69010bf924074935c82149e0bb637f76e616a538779e3846a969910cedf54a36bcbdff99bba6e99fa0d33582d1b0a1fdd456352d543b6b66633e0f1","ssdeep":"","tlshash":"ed61fea1042ba144df970cc222ce7e33ef5f62516444d934affe1899ac6bd5a835770d","first_seen":"2025-09-25T09:29:42.664727Z","last_seen":"2026-04-03T21:43:49.594517Z","times_seen":532,"resource_available":false,"data":null}},"time_used":276,"timings":{"blocked":129,"dns":0,"connect":7,"send":0,"wait":18,"receive":0,"ssl":118},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/outfit/v15/QGYvz_MVcBeNP4NJtEtqUYTkntBJ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://workstech.firmcapital.sbs/","date":"2026-01-09T22:39:01.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/outfit/v15/QGYvz_MVcBeNP4NJtEtqUYTkntBJ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://workstech.firmcapital.sbs\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 32108\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 08 Jan 2026 16:32:12 GMT\r\nexpires: Fri, 08 Jan 2027 16:32:12 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:18:28 GMT\r\ncontent-type: font/woff2\r\nage: 108409\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32108,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32108, version 1.0","md5":"e414fe5664f376c8f145acd792939183","sha1":"5b69d46adc3a06af762193adb2dddbc359b2e786","sha256":"fa31c7981483e52cbb8b8bc1eb0dc6326f160b8699cc0899349f977f0517a9df","sha512":"51c251910e5cce616b3c336bcb63853f83c306e16e9b79e0a18f924a738ba06b3e2cb8132ff9bc6e720527234eb80e90be2625b860e1728b66d4fe86ac9bafe5","ssdeep":"768:gUX6jLkDeuAkZHs27nAflEFIapAgCauwIFPo3zjERcgmcjz:3X6tkpNAf6FIapAgCaMFozInjz","tlshash":"6ee2e14f8beb009ef3828a7812c46b3195b305d569cbfa901eef85d76b5c247c1474a8","first_seen":"2025-09-05T02:25:45.343777Z","last_seen":"2026-04-04T14:31:14.777856Z","times_seen":10321,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":104,"dns":0,"connect":20,"send":0,"wait":8,"receive":3,"ssl":82},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/js/XwyymqREBGZa2wQ.js","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://workstech.firmcapital.sbs/","date":"2026-01-09T22:39:07.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"GET /ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/js/XwyymqREBGZa2wQ.js HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workstech.firmcapital.sbs/\r\nCookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 09 Jan 2026 22:39:07 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 5504\r\netag: \"3df0-6883131c-4ae159;br\"\r\nlast-modified: Fri, 25 Jul 2025 05:16:12 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P1sZwkcmrZksz%2Fp2PEOela0%2BkGxFTgTs2i20e1GFNdPAKB6V4LgxWoTRelovaeaJZstLsvUpWLUhBuy9OwP8q8yhXUKSDQ5nZ0MiJUe8rA%3D%3D\"}]}\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\ncf-ray: 9bb76dc4da36723c-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":15856,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (15856), with no line terminators","md5":"2d73540e77a95afc0e175e6832632f80","sha1":"395b7f01612c818e42180d7bd6cc45dee889d931","sha256":"22b383bee9018beb60be59df9dc5693b710b4fbb460c4ee72249eb6bbb15340b","sha512":"845d3078a4f637aefc1cd555bc821a608ddf3f20254c2e3eae22746369f14c8b5fa3a3aae65ac47953c66d6293cda0014188649b13caa816f545fa4c074de58e","ssdeep":"192:XJOvc1ds4w/WeDKCOtsclRSQdZ1opYAGARKWmuykrLe0L8sYAqzLkK0hYS1:5O94EWIKCOlRS2o6AGAHx3HLEvqj","tlshash":"ce62409e26523da3d21fd6f606c7a2cba9b42540cb884002c6dc53c876786e573f9c7b","first_seen":"2025-07-27T12:49:35.332897Z","last_seen":"2026-03-27T16:48:21.866617Z","times_seen":787,"resource_available":true,"data":null}},"time_used":521,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":520,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/index","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-09T22:39:08.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"GET /ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/index HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workstech.firmcapital.sbs/\r\nCookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 09 Jan 2026 22:39:08 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JW7%2F4%2FdVQJ%2Bj1ukkr4F0bvbY8SQF34IF%2F3bmJR2lGoX1oQPja5uL8W1k7JkW32PDWiWrYFIKQrAPtQ9AFQyjQTdcfZhnYQFkiXMgFUBU%2BA%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=1,i=?0\r\ncontent-encoding: br\r\ncf-ray: 9bb76dcc5f69723c-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Statically","description":"Statically is a free, fast and modern CDN for open-source projects, WordPress, images, and any static assets.","website":"https://statically.io","common_platform_enumeration":"","icon":"Statically.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":6421,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3217), with CRLF line terminators","md5":"aa7ad8ce0d6e80e7042071aaa7e06af6","sha1":"7a7c30b9a89bb0a2e91021ce721b9d356a096c86","sha256":"49d02a2129b472ea6a21578c61fd1252fc5c2222eff8a7eb4f73887690434663","sha512":"d60ac571e0d5202119f7e12d6c5f0b62ebd474474d15444bf431032b9dc1ef20a84a4dc947a28a0f2abc67cb25ac5eadaa2be000ec35ff4c8a66db450b101408","ssdeep":"192:LpaIhBWRor09eFIcNnmwaqVEo49VreOwgKM3kYN5VAQ9CZV77xcXJQQnJhFcYWWy:taIhBWRor09eFIWnmwaUEo49FeOwgKMi","tlshash":"19d1bb1ceac0683a839792f5d3253ba8f5d28d1ae6520424d3e8d0f32fd0e59c67257c","first_seen":"2026-01-09T22:39:32.595172Z","last_seen":"2026-01-09T22:39:32.595172Z","times_seen":1,"resource_available":false,"data":null}},"time_used":611,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":611,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/favicon.ico","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://workstech.firmcapital.sbs/ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/index","date":"2026-01-09T22:39:09.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workstech.firmcapital.sbs/ATT2n1Gxor3lXF4xiH7TKfBY0YFSpSPnOZfF0uTxuWirIUbuFp2zbor7JEqtN4pIStw2hLpJOhYKEoUFUbNTNIzaXf3wm9pTWYnYhBsv7myac00gztjbOi61Ka005gENpA1w5wi/index\r\nCookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 09 Jan 2026 22:39:09 GMT\r\ncontent-type: text/html\r\ncache-control: private, no-cache, max-age=0\r\npragma: no-cache\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w7tyekKgcS1pMByaVVF3uehlR1JxVDZzqQ%2BCY1l%2BszVJ15H16n9f3yW5Rze7FaBr2cf3Q2nKsSufplUnIFWTtCkZ5XvVKB7R%2BSjLoog0bw%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: BYPASS\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\ncf-ray: 9bb76dd47c13723c-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1249,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"f58515dfe987f7e027c8a71bbc884621","sha1":"bec6aebf5940ea88fbbff5748d539453d49fa284","sha256":"679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43","sha512":"f085346a38318f7935d76909db0367862924cc9b0d96256f7ff4e8999c041e610bbcde8ca56c92673bde0991c85e9c9d9b6726abd91d0c3177462c80d4a99140","ssdeep":"","tlshash":"8b21653ec1c1520ae0271164fb81f3a86629821191970f703b8eb176f6cd0bb52a36c8","first_seen":"2024-02-10T12:39:22Z","last_seen":"2026-04-04T14:40:41.876564Z","times_seen":20453,"resource_available":true,"data":null}},"time_used":314,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":314,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-09T22:39:01.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 09 Jan 2026 22:39:01 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cIhZzJqDx5bbA5UHa4hEokqmT5ZLfaD62JfJcSDW6fzlTqCZQuHFjX9WBRdCWo9szUcKNhSmM2p7Tq7XBqTmB7m3ynFDtVInwezeHhQL5A%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=1,i=?0\r\ncontent-encoding: br\r\ncf-ray: 9bb76da06ffe723c-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10023,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"c05091683414173809431c101da0f568","sha1":"2cc86c58209f6da670da23be73f17abdc8eb97d6","sha256":"3a8dc109c4584fe42408f1847aa0af6673df67b730f19463715ffec448771356","sha512":"041b40a5a7b6a0190a709a856aceee3750d2bb7402e075cbe2b5a1e23a09391fd6488319e7c3f18b768b5b4072239d0f7104dddd8499ae954a627c50615fb86c","ssdeep":"192:c9cekW0q6CmDpTk2edDuW6jjUyRCEXO0zhtJ8W8hUuL2wrsioKiU7uiznQu:+wGMW6D78mM4ifiUiiEu","tlshash":"0922855665f704649953a0a86ff3a71632309103b506ce5d3fcc92988f87a88edb77ec","first_seen":"2026-01-09T22:39:32.5967Z","last_seen":"2026-01-09T22:39:32.5967Z","times_seen":1,"resource_available":false,"data":null}},"time_used":435,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":435,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"workstech.firmcapital.sbs/favicon.ico","fqdn":"workstech.firmcapital.sbs","domain":"firmcapital.sbs","tld":"sbs"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://workstech.firmcapital.sbs/","date":"2026-01-09T22:39:01.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"firmcapital.sbs","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 06:43:48 GMT","end":"Sun, 05 Apr 2026 07:41:23 GMT"},"fingerprint":{"sha1":"6C:47:F3:BB:03:4C:B9:DB:1B:ED:48:EC:EB:9D:F1:BA:61:56:0F:77","sha256":"AE:6C:97:D9:65:A7:B0:B1:E0:B2:DA:B6:13:81:78:56:B0:32:40:91:8D:0B:A3:F0:8A:96:D8:61:D8:AF:A2:05"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: workstech.firmcapital.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://workstech.firmcapital.sbs/\r\nCookie: PHPSESSID=tjav99437rjdr109o42j7vkl3p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 09 Jan 2026 22:39:02 GMT\r\ncontent-type: text/html\r\ncache-control: private, no-cache, max-age=0\r\npragma: no-cache\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aFeMyVQFjnPeIUG7NRpUrPwyi9tLb3O0rRj88BZKSE24GBkVUUZ6eRkiceyNO%2FKyF%2BUR%2BSiLyf93hFhcB%2FlXjJlUoJ49bw0ShOXGbg0wGw%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: BYPASS\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\ncf-ray: 9bb76da48b09723c-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1249,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"f58515dfe987f7e027c8a71bbc884621","sha1":"bec6aebf5940ea88fbbff5748d539453d49fa284","sha256":"679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43","sha512":"f085346a38318f7935d76909db0367862924cc9b0d96256f7ff4e8999c041e610bbcde8ca56c92673bde0991c85e9c9d9b6726abd91d0c3177462c80d4a99140","ssdeep":"","tlshash":"8b21653ec1c1520ae0271164fb81f3a86629821191970f703b8eb176f6cd0bb52a36c8","first_seen":"2024-02-10T12:39:22Z","last_seen":"2026-04-04T14:40:41.876564Z","times_seen":20453,"resource_available":true,"data":null}},"time_used":560,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":559,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"workstech.firmcapital.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Kratos Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","kratos","aitm"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/outfit/v15/QGYvz_MVcBeNP4NJtEtqUYTkntBJ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://workstech.firmcapital.sbs/","date":"2026-01-09T22:39:01.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/outfit/v15/QGYvz_MVcBeNP4NJtEtqUYTkntBJ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://workstech.firmcapital.sbs\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 32108\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 08 Jan 2026 16:32:12 GMT\r\nexpires: Fri, 08 Jan 2027 16:32:12 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:18:28 GMT\r\ncontent-type: font/woff2\r\nage: 108409\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32108,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32108, version 1.0","md5":"e414fe5664f376c8f145acd792939183","sha1":"5b69d46adc3a06af762193adb2dddbc359b2e786","sha256":"fa31c7981483e52cbb8b8bc1eb0dc6326f160b8699cc0899349f977f0517a9df","sha512":"51c251910e5cce616b3c336bcb63853f83c306e16e9b79e0a18f924a738ba06b3e2cb8132ff9bc6e720527234eb80e90be2625b860e1728b66d4fe86ac9bafe5","ssdeep":"768:gUX6jLkDeuAkZHs27nAflEFIapAgCauwIFPo3zjERcgmcjz:3X6tkpNAf6FIapAgCaMFozInjz","tlshash":"6ee2e14f8beb009ef3828a7812c46b3195b305d569cbfa901eef85d76b5c247c1474a8","first_seen":"2025-09-05T02:25:45.343777Z","last_seen":"2026-04-04T14:31:14.777856Z","times_seen":10321,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":71,"dns":1,"connect":7,"send":0,"wait":9,"receive":9,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/outfit/v15/QGYvz_MVcBeNP4NJtEtqUYTkntBJ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://workstech.firmcapital.sbs/","date":"2026-01-09T22:39:01.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/outfit/v15/QGYvz_MVcBeNP4NJtEtqUYTkntBJ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://workstech.firmcapital.sbs\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 32108\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 08 Jan 2026 16:32:12 GMT\r\nexpires: Fri, 08 Jan 2027 16:32:12 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:18:28 GMT\r\ncontent-type: font/woff2\r\nage: 108409\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32108,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32108, version 1.0","md5":"e414fe5664f376c8f145acd792939183","sha1":"5b69d46adc3a06af762193adb2dddbc359b2e786","sha256":"fa31c7981483e52cbb8b8bc1eb0dc6326f160b8699cc0899349f977f0517a9df","sha512":"51c251910e5cce616b3c336bcb63853f83c306e16e9b79e0a18f924a738ba06b3e2cb8132ff9bc6e720527234eb80e90be2625b860e1728b66d4fe86ac9bafe5","ssdeep":"768:gUX6jLkDeuAkZHs27nAflEFIapAgCauwIFPo3zjERcgmcjz:3X6tkpNAf6FIapAgCaMFozInjz","tlshash":"6ee2e14f8beb009ef3828a7812c46b3195b305d569cbfa901eef85d76b5c247c1474a8","first_seen":"2025-09-05T02:25:45.343777Z","last_seen":"2026-04-04T14:31:14.777856Z","times_seen":10321,"resource_available":false,"data":null}},"time_used":239,"timings":{"blocked":115,"dns":2,"connect":21,"send":0,"wait":8,"receive":3,"ssl":86},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}