{"report_id":"e74d0427-1a7e-4fac-be40-67d363467bda","version":0,"status":"done","tags":[],"date":"2026-06-11T20:21:03Z","url":{"schema":"http","addr":"turtle.auth-in-extranet.com","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":0,"asn":0,"as":"","country":"Panama","country_code":"PA"},"final":{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"title":"Best Crypto Wallet for Web3, NFTs and DeFi | Trust Wallet","dom":{"size":382017,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65278)","md5":"629a680e36ef90ad9978a21fab7826f7","sha1":"ed498fb81eab8fc6c8fa8b22bea86c6fa8da6272","sha256":"08283b8eb6309f5a379957dfc7d3b2e32510f8a10c26250b4450a88702c9c9d7","sha512":"768a747e95f423ca27eccc953860f4fc3866c9caaca251c6b5ed38f9023e034a274be65a8d8cac260cc583a1c1475ee8a6f8101f3280b88680f9cc80c2690be2","ssdeep":"3072:44ydDyKiGEya7vSKxRee27wWQJcv3zajHsBr:44ydDyKiGEyqvSKee27gyrOHW","tlshash":"3c840726e780236b9447cbece38ab674b13e5c5effd3ca9ba2d052256609cd41911fc4","dom_hash":"domhash4e8f7a9a97a39ed0957db4f5794d24af","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"turtle.auth-in-extranet.com","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":0,"asn":0,"as":"","country":"Panama","country_code":"PA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-16T20:21:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"turtle.auth-in-extranet.com","ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"domain_registered":"2026-03-15","domain_rank":0,"first_seen":"2026-06-11T20:21:04.537513Z","last_seen":"2026-06-11T20:21:04.537513Z","alert_count":60,"request_count":15,"received_data":1689444,"sent_data":7712,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"6d22aa09d333152aaa71e926fa9718e9","sha1":"aac21e41aec7270aff763fadff45d5384a6b195f","sha256":"d9f02c5af1ccb1a248bae1bb98467010421c5c5bd59576114d5f305782f6364d","sha512":"cace39dc67e5daab36651d12668d453a8f63a9c8fef4d8fc5d861ef2a4738e1bbb7097c08062987d0fbf3495156955d9a61976c1e88ab91558e6b43b5a38f125","ssdeep":"","tlshash":"4ce0c26e11b564b00077b169e74fb201b4b200a72048de017d4dc9895f68a2d36a6f9e","size":296,"data":"","first_seen":"2026-06-11T20:21:07.823246Z","last_seen":"2026-06-11T20:21:07.823246Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"56db2aced5bffe4b6c1e8affc354da41","sha1":"dcf5f4db013bcba5aba5e907bb58fa6da46a4bf4","sha256":"5613122cbd2cb1196c8f876809d7f103adc733fb47ea4955012316991a481c96","sha512":"d847bc365a07ae4f6dafc4b9d8df7c7f0696569ecf2cbeaf7d157e9f05e24470a768ee1f5021c5167a94487189f0f745bff1281221a0483b483b7b95f179044a","ssdeep":"","tlshash":"aee08cae19a11a361377b1b5564ff24536a280c32014ed063d4d89c14fd9a2982bf98b","size":313,"data":"","first_seen":"2026-06-11T20:21:07.82577Z","last_seen":"2026-06-11T20:21:07.82577Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"667a85cde1a8465a478aa8921de4d3b3","sha1":"4e6c9dd86caa5caa59492f4b9b58ed866a377d63","sha256":"6279f4382d7b57e6e1300c25b410c3ee6e5ca04a9df5f9460ec4d96eb788b5fa","sha512":"f378ea5d4c2bf342704887a31a09c36ad3e618228f4f43a0ffe9fc421ae539195680bf33b90fc4a2461d7188de0750b3faab87a9cf5d7c950dca92f16c8ffbdd","ssdeep":"","tlshash":"cf219dee20b25134117372a56b4fb24574a240e33010ec003e0ecbc15fe962ee6bae9f","size":1235,"data":"","first_seen":"2026-06-11T20:21:07.828072Z","last_seen":"2026-06-11T20:21:07.828072Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"297a907d4e5b4c2198915e66274d9c9a","sha1":"e0f98af49ab0f7a270e2d739436181f924449098","sha256":"0fdbc26d9d5bd7f6a4bc38acfb91fc663c57463d43a08447f1386b3354cd84de","sha512":"48487cbd59e60a259a5836fc0315243da500d617e94e06b3073f79bb834bd141c9e5cfb59c42a3c2086c920c21be5996e589d4658513cf31d95bfc5757a4a44e","ssdeep":"","tlshash":"1371bc3beb00173bdc8fb9fdced5b4c02e62497262496560691ce102b16cd7087bed88","size":3741,"data":"","first_seen":"2025-08-14T22:39:51.132287Z","last_seen":"2026-06-11T20:21:07.830942Z","times_seen":3148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"6d22aa09d333152aaa71e926fa9718e9","sha1":"aac21e41aec7270aff763fadff45d5384a6b195f","sha256":"d9f02c5af1ccb1a248bae1bb98467010421c5c5bd59576114d5f305782f6364d","sha512":"cace39dc67e5daab36651d12668d453a8f63a9c8fef4d8fc5d861ef2a4738e1bbb7097c08062987d0fbf3495156955d9a61976c1e88ab91558e6b43b5a38f125","ssdeep":"","tlshash":"4ce0c26e11b564b00077b169e74fb201b4b200a72048de017d4dc9895f68a2d36a6f9e","size":296,"data":"","first_seen":"2026-06-11T20:21:07.823246Z","last_seen":"2026-06-11T20:21:07.823246Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"56db2aced5bffe4b6c1e8affc354da41","sha1":"dcf5f4db013bcba5aba5e907bb58fa6da46a4bf4","sha256":"5613122cbd2cb1196c8f876809d7f103adc733fb47ea4955012316991a481c96","sha512":"d847bc365a07ae4f6dafc4b9d8df7c7f0696569ecf2cbeaf7d157e9f05e24470a768ee1f5021c5167a94487189f0f745bff1281221a0483b483b7b95f179044a","ssdeep":"","tlshash":"aee08cae19a11a361377b1b5564ff24536a280c32014ed063d4d89c14fd9a2982bf98b","size":313,"data":"","first_seen":"2026-06-11T20:21:07.82577Z","last_seen":"2026-06-11T20:21:07.82577Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"667a85cde1a8465a478aa8921de4d3b3","sha1":"4e6c9dd86caa5caa59492f4b9b58ed866a377d63","sha256":"6279f4382d7b57e6e1300c25b410c3ee6e5ca04a9df5f9460ec4d96eb788b5fa","sha512":"f378ea5d4c2bf342704887a31a09c36ad3e618228f4f43a0ffe9fc421ae539195680bf33b90fc4a2461d7188de0750b3faab87a9cf5d7c950dca92f16c8ffbdd","ssdeep":"","tlshash":"cf219dee20b25134117372a56b4fb24574a240e33010ec003e0ecbc15fe962ee6bae9f","size":1235,"data":"","first_seen":"2026-06-11T20:21:07.828072Z","last_seen":"2026-06-11T20:21:07.828072Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"297a907d4e5b4c2198915e66274d9c9a","sha1":"e0f98af49ab0f7a270e2d739436181f924449098","sha256":"0fdbc26d9d5bd7f6a4bc38acfb91fc663c57463d43a08447f1386b3354cd84de","sha512":"48487cbd59e60a259a5836fc0315243da500d617e94e06b3073f79bb834bd141c9e5cfb59c42a3c2086c920c21be5996e589d4658513cf31d95bfc5757a4a44e","ssdeep":"","tlshash":"1371bc3beb00173bdc8fb9fdced5b4c02e62497262496560691ce102b16cd7087bed88","size":3741,"data":"","first_seen":"2025-08-14T22:39:51.132287Z","last_seen":"2026-06-11T20:21:07.830942Z","times_seen":3148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"6d22aa09d333152aaa71e926fa9718e9","sha1":"aac21e41aec7270aff763fadff45d5384a6b195f","sha256":"d9f02c5af1ccb1a248bae1bb98467010421c5c5bd59576114d5f305782f6364d","sha512":"cace39dc67e5daab36651d12668d453a8f63a9c8fef4d8fc5d861ef2a4738e1bbb7097c08062987d0fbf3495156955d9a61976c1e88ab91558e6b43b5a38f125","ssdeep":"","tlshash":"4ce0c26e11b564b00077b169e74fb201b4b200a72048de017d4dc9895f68a2d36a6f9e","size":296,"data":"","first_seen":"2026-06-11T20:21:07.823246Z","last_seen":"2026-06-11T20:21:07.823246Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"56db2aced5bffe4b6c1e8affc354da41","sha1":"dcf5f4db013bcba5aba5e907bb58fa6da46a4bf4","sha256":"5613122cbd2cb1196c8f876809d7f103adc733fb47ea4955012316991a481c96","sha512":"d847bc365a07ae4f6dafc4b9d8df7c7f0696569ecf2cbeaf7d157e9f05e24470a768ee1f5021c5167a94487189f0f745bff1281221a0483b483b7b95f179044a","ssdeep":"","tlshash":"aee08cae19a11a361377b1b5564ff24536a280c32014ed063d4d89c14fd9a2982bf98b","size":313,"data":"","first_seen":"2026-06-11T20:21:07.82577Z","last_seen":"2026-06-11T20:21:07.82577Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"667a85cde1a8465a478aa8921de4d3b3","sha1":"4e6c9dd86caa5caa59492f4b9b58ed866a377d63","sha256":"6279f4382d7b57e6e1300c25b410c3ee6e5ca04a9df5f9460ec4d96eb788b5fa","sha512":"f378ea5d4c2bf342704887a31a09c36ad3e618228f4f43a0ffe9fc421ae539195680bf33b90fc4a2461d7188de0750b3faab87a9cf5d7c950dca92f16c8ffbdd","ssdeep":"","tlshash":"cf219dee20b25134117372a56b4fb24574a240e33010ec003e0ecbc15fe962ee6bae9f","size":1235,"data":"","first_seen":"2026-06-11T20:21:07.828072Z","last_seen":"2026-06-11T20:21:07.828072Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"297a907d4e5b4c2198915e66274d9c9a","sha1":"e0f98af49ab0f7a270e2d739436181f924449098","sha256":"0fdbc26d9d5bd7f6a4bc38acfb91fc663c57463d43a08447f1386b3354cd84de","sha512":"48487cbd59e60a259a5836fc0315243da500d617e94e06b3073f79bb834bd141c9e5cfb59c42a3c2086c920c21be5996e589d4658513cf31d95bfc5757a4a44e","ssdeep":"","tlshash":"1371bc3beb00173bdc8fb9fdced5b4c02e62497262496560691ce102b16cd7087bed88","size":3741,"data":"","first_seen":"2025-08-14T22:39:51.132287Z","last_seen":"2026-06-11T20:21:07.830942Z","times_seen":3148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"6d22aa09d333152aaa71e926fa9718e9","sha1":"aac21e41aec7270aff763fadff45d5384a6b195f","sha256":"d9f02c5af1ccb1a248bae1bb98467010421c5c5bd59576114d5f305782f6364d","sha512":"cace39dc67e5daab36651d12668d453a8f63a9c8fef4d8fc5d861ef2a4738e1bbb7097c08062987d0fbf3495156955d9a61976c1e88ab91558e6b43b5a38f125","ssdeep":"","tlshash":"4ce0c26e11b564b00077b169e74fb201b4b200a72048de017d4dc9895f68a2d36a6f9e","size":296,"data":"","first_seen":"2026-06-11T20:21:07.823246Z","last_seen":"2026-06-11T20:21:07.823246Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"56db2aced5bffe4b6c1e8affc354da41","sha1":"dcf5f4db013bcba5aba5e907bb58fa6da46a4bf4","sha256":"5613122cbd2cb1196c8f876809d7f103adc733fb47ea4955012316991a481c96","sha512":"d847bc365a07ae4f6dafc4b9d8df7c7f0696569ecf2cbeaf7d157e9f05e24470a768ee1f5021c5167a94487189f0f745bff1281221a0483b483b7b95f179044a","ssdeep":"","tlshash":"aee08cae19a11a361377b1b5564ff24536a280c32014ed063d4d89c14fd9a2982bf98b","size":313,"data":"","first_seen":"2026-06-11T20:21:07.82577Z","last_seen":"2026-06-11T20:21:07.82577Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"667a85cde1a8465a478aa8921de4d3b3","sha1":"4e6c9dd86caa5caa59492f4b9b58ed866a377d63","sha256":"6279f4382d7b57e6e1300c25b410c3ee6e5ca04a9df5f9460ec4d96eb788b5fa","sha512":"f378ea5d4c2bf342704887a31a09c36ad3e618228f4f43a0ffe9fc421ae539195680bf33b90fc4a2461d7188de0750b3faab87a9cf5d7c950dca92f16c8ffbdd","ssdeep":"","tlshash":"cf219dee20b25134117372a56b4fb24574a240e33010ec003e0ecbc15fe962ee6bae9f","size":1235,"data":"","first_seen":"2026-06-11T20:21:07.828072Z","last_seen":"2026-06-11T20:21:07.828072Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"introduction_type":"scriptElement","is_inline":true,"md5":"297a907d4e5b4c2198915e66274d9c9a","sha1":"e0f98af49ab0f7a270e2d739436181f924449098","sha256":"0fdbc26d9d5bd7f6a4bc38acfb91fc663c57463d43a08447f1386b3354cd84de","sha512":"48487cbd59e60a259a5836fc0315243da500d617e94e06b3073f79bb834bd141c9e5cfb59c42a3c2086c920c21be5996e589d4658513cf31d95bfc5757a4a44e","ssdeep":"","tlshash":"1371bc3beb00173bdc8fb9fdced5b4c02e62497262496560691ce102b16cd7087bed88","size":3741,"data":"","first_seen":"2025-08-14T22:39:51.132287Z","last_seen":"2026-06-11T20:21:07.830942Z","times_seen":3148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/021fb5416347fe73b174e42e4081b9f3a3bbcd2f.svg","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.183Z","timestamp":1781209240183,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /021fb5416347fe73b174e42e4081b9f3a3bbcd2f.svg HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 17656\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":17656,"size_decoded":17852,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f14b6dfda5913800b5670c4a578f1a2c","sha1":"021fb5416347fe73b174e42e4081b9f3a3bbcd2f","sha256":"13eb6bfe2e5a8d0f5c73a4ed195be1c6050f7d19e1c1728d95415792b41e37e1","sha512":"6736d1cec06fed125af4fdf52f0d6cedfd78d91ebbf68c63bf6b023d4284d741d8bb748e92610231f6649e2c2932147936236b0fd49356e9f488adfe9feb668c","ssdeep":"192:ap+6y1Nt5LKodvodD60cQMnrGEZc10QoJGq9eQNrICZICeHWVWlXccWyO:ap+6CL5KUvUOxNyEZDJX9eEhZhe2qayO","tlshash":"6582fdcb73249d7ef9730f65eb4a73f8201661a60b586b5c813618741b42b8ef27bc84","first_seen":"2023-12-01T17:00:55Z","last_seen":"2026-06-11T20:21:07.797523Z","times_seen":202,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":25,"send":0,"wait":26,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/3f0225ca72e30012168c42181e2cfe1f919f258b.png","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.194Z","timestamp":1781209240194,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /3f0225ca72e30012168c42181e2cfe1f919f258b.png HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 326211\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":326211,"size_decoded":326403,"mime_type":"image/png","magic":"PNG image data, 1600 x 1242, 8-bit/color RGBA, non-interlaced","md5":"c110d9480cbdbb8b6436051fa61528c0","sha1":"3f0225ca72e30012168c42181e2cfe1f919f258b","sha256":"149650ad89f83881f731733a8bdde793e7fe721db2b7b2a1e18bf8ff9d03be57","sha512":"812c72916639fb6d123644f254c19cdaa25a618c2034966fc8f8acd9a2b366f707801a0d293ffdb07a4bc51887253fa5b9bc171ddd8529af6f7123ea6a942efb","ssdeep":"6144:9rDy3hrkIDZeAhdOeYkMqPfHooi6/w8UceMSt2b5+H:hDy30bqooq8fW","tlshash":"7064d00365a866338f579d3d092a0ae47bbb262511d81e3eef37d53c21876f49f87908","first_seen":"2026-06-11T20:21:07.79886Z","last_seen":"2026-06-11T20:21:07.79886Z","times_seen":1,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":90,"dns":0,"connect":0,"send":0,"wait":26,"receive":104,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-11T20:20:39.731Z","timestamp":1781209239731,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:39 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":382353,"size_decoded":74541,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65263)","md5":"d7979c57385835c39d8a6c149a5caf4e","sha1":"6f58a5e7829a01a95b5841c50af1c3eea00d8b2a","sha256":"ede3e858d26bfdf4f47f23558854ed4d79410a294b612e1253887c0560b8cc9d","sha512":"9f78f6fe2a8a6c6c0814c558faea6c0a5e477e3fae5f56554c29aadf7eb09bd31418558bbb4b62b4cc015a35bb7a34ef4fe86b1bb7e1f552518e8a17a811795b","ssdeep":"3072:s4ydDyKiGEya7vSKxRee27wWQJcv3zajHQfBr:s4ydDyKiGEyqvSKee27gyrOHQJ","tlshash":"63840726e780236b9447cbece38ab674b13e5c5effd3ca9ba2d052256609cd41911fc4","first_seen":"2026-06-11T20:21:07.801861Z","last_seen":"2026-06-11T20:21:07.801861Z","times_seen":1,"resource_available":true,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":120,"connect":26,"send":0,"wait":31,"receive":51,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/7af86800518e04b18c65818f7a97cb128d78b529.svg","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.185Z","timestamp":1781209240185,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /7af86800518e04b18c65818f7a97cb128d78b529.svg HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 266329\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":266329,"size_decoded":266525,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"38514a2f14e3c87f8ec4aa6552427495","sha1":"7af86800518e04b18c65818f7a97cb128d78b529","sha256":"09ee6ba31c9a960e6b5783a9e90320e80113d86bba1e7863bb31265833c96e93","sha512":"a8e21480e68074df95bd6663e8b42cb00a5b07ae7f89843e6958d7736fde77084396742dd735ba3de14d07a5265a7dbeae8fd9c1a35d96dde0c9c25461aec5d8","ssdeep":"1536:ivd0Pj+SsEs2Cvf2L7qY1BdyU8hZTaN1Hh+jFacDBTmJMl+FxFJbfSUYI8S0kDkf:S","tlshash":"244483cf1f7449c85bdc4ada7f63686ca5d7e8a159e18c06e08ccf1e04d9c9ca90798b","first_seen":"2026-06-04T13:10:30.149453Z","last_seen":"2026-06-11T20:21:07.80447Z","times_seen":3,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":36,"dns":0,"connect":0,"send":0,"wait":27,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/198610fa74394b2986a2a4b1311448dbeaaa1727.svg","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.178Z","timestamp":1781209240178,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /198610fa74394b2986a2a4b1311448dbeaaa1727.svg HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 14945\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":14945,"size_decoded":15140,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4ec212bdf6998495367ba9392b1d90e7","sha1":"198610fa74394b2986a2a4b1311448dbeaaa1727","sha256":"eb28a643ef02753d2ea041a818848219f6b0c8a81cd4ad2db2ea86ec5593a35b","sha512":"cbc914aceb1026e5d79f2c9c002a3f0b42456ceec0f25a186cc301e5bbce8d2863756e769d2e50a1cb7223725852abac53808847f84ea734586bb524e122c885","ssdeep":"384:xOALcUhGwm5CGIZupp96DvPyBP7wqDPKG:xOT+il","tlshash":"a6623fcb3714adbefa670ab9eb45f3f4211e607647983358a6354938010968fb87bdc4","first_seen":"2023-12-01T17:00:55Z","last_seen":"2026-06-11T20:21:07.805721Z","times_seen":200,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":25,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/fa0595f7d03ef2eb83c6ea2beadd23dce3e6579a.svg","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.181Z","timestamp":1781209240181,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /fa0595f7d03ef2eb83c6ea2beadd23dce3e6579a.svg HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 10250\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":10250,"size_decoded":10446,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"94df810c2ed1a1fbb3d89f767b243411","sha1":"fa0595f7d03ef2eb83c6ea2beadd23dce3e6579a","sha256":"1a07b51df7cce62e8d728ca85759d6a735fff8f54144660fc2b7206b9cf194a2","sha512":"231fb23bbe4cd8a1754f265ff7a4af7444cba4c6a3680fdeb7f49520a3822ca8e779e155373305aa192b35fac82a2c08930d1d4396dda2865cb5b191b686644e","ssdeep":"192:KAcdLt0TAR3pxOVpjWjZiO4NgCAtZ6wzvRx:3cdJ0UR3TgjWjZizqZV","tlshash":"8a220dce3b145dbcf93287a6db02b3b9202b49b707e56310ce361a79640195ea93fdc4","first_seen":"2023-12-01T17:00:55Z","last_seen":"2026-06-11T20:21:07.806914Z","times_seen":1019,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":25,"send":0,"wait":26,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/291bfdf0736bf3496d19066fafb10b07fc0901c4.avif","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.184Z","timestamp":1781209240184,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /291bfdf0736bf3496d19066fafb10b07fc0901c4.avif HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 159176\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/avif\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":159176,"size_decoded":159370,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"4fac9a1c6850651f79c11a0dab319005","sha1":"291bfdf0736bf3496d19066fafb10b07fc0901c4","sha256":"d35e9312d5528ecc895a256d93ae0b5e728cdaca0e14281883a231c417dfbba8","sha512":"d844931ac129a77602f01b719d88012b6cabb61b25fca81ffc484f66bc498ac92c73baae476bc013b8f796ccdebcdca7be7716050576b0ace2667bd531e71080","ssdeep":"3072:PI4OafgtaaFCWNb9nHoVKfcRa+U7K1aoBTf3MpKyG4018a4j:dSZJFIprU7Wv/h4j","tlshash":"f3f32211e0eca3739b411afda28c69f06ad7026d31951af55c905f388c23bf5e79b08b","first_seen":"2025-12-31T17:11:28.290283Z","last_seen":"2026-06-11T20:21:07.807821Z","times_seen":60,"resource_available":false,"data":null}},"time_used":150,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":26,"receive":76,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/dd4fcefde1f958edcf7e19bea443aa52aefa9ca2.png","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.192Z","timestamp":1781209240192,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /dd4fcefde1f958edcf7e19bea443aa52aefa9ca2.png HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 729\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":729,"size_decoded":918,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 2-bit colormap, non-interlaced","md5":"462ef95795c5970df9415de91f10ee4e","sha1":"dd4fcefde1f958edcf7e19bea443aa52aefa9ca2","sha256":"d183a396704dce3ca0bdebee7969912b0018b0cb6c2ae121e2f945267194e1d1","sha512":"63d5ccd7b7ceb327b0bd56f0d2cf3c519cbea81cc8e01265d619c7ae17abc2f55d68011ca4d7111bd3fc693dcb03861d2f92b6861c9665b56b3d0d247ef16b19","ssdeep":"","tlshash":"c90165e3a29490950ef71ee1660d4061ea71112ff207a2cae906b5d9383d7520e4080b","first_seen":"2024-12-27T04:09:13.064581Z","last_seen":"2026-06-11T20:21:07.808754Z","times_seen":17,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/8bed46e5d9af81bb03f694f48d9ddeb65daf4b2d.avif","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.225Z","timestamp":1781209240225,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /8bed46e5d9af81bb03f694f48d9ddeb65daf4b2d.avif HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 3798\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/avif\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3798,"size_decoded":3989,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"033ce16f522a280239b3e76df7b48a0d","sha1":"8bed46e5d9af81bb03f694f48d9ddeb65daf4b2d","sha256":"69ff26007c0c5bd99e4309533ab8cf891745547d00097b07767cdebe617d124d","sha512":"9f6dbf1682cd9023c82d47e47dfc78cc8802910fcee457b26d780b55042632673ca75d2e6a505ac1533a118f91e22aafdcc63ab038c5d30a3da95aecde6ba620","ssdeep":"","tlshash":"5d714c1591750ef9fcad553240ec2d393311b435a32f7b12eda038848d65af494bcac9","first_seen":"2026-06-11T20:21:07.811634Z","last_seen":"2026-06-11T20:21:07.811634Z","times_seen":1,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":60,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/6e93295f5c01cd1c189fe23016eb001a8e55e0f6.svg","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.384Z","timestamp":1781209240384,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /6e93295f5c01cd1c189fe23016eb001a8e55e0f6.svg HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 439027\r\nKeep-Alive: timeout=5, max=96\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":439027,"size_decoded":439223,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c96aaedc31de88dcf3ef52c7c3935841","sha1":"6e93295f5c01cd1c189fe23016eb001a8e55e0f6","sha256":"e28c244f6e2bca46065cefce912a7c38efcf01d330eac052c38a868518b66864","sha512":"c76754e9c201936ca2efc34afa14652585309b3589286bd17813c5400dfb0146d3387a1800825a74c16ce5e19c9f54c14ea0a5809263d7a9e4bbae9ff20fd852","ssdeep":"1536:1vmgS3u5Wbw/A0XsxNzUFBfX/3MB/Qz78LOFL4nWXTe9UT+25Icr2CG17qA+mLQ9:195x82XKIVEpYOw","tlshash":"ff942efc67b020da98c4cfc37f5491fd322ba673a9618a04d27d3f5a095392dba45682","first_seen":"2026-05-13T10:29:22.963092Z","last_seen":"2026-06-11T20:21:07.815452Z","times_seen":12,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/8d2a0e309b457eabaeb61ba94a33df8bb83e053f.svg","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.175Z","timestamp":1781209240175,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /8d2a0e309b457eabaeb61ba94a33df8bb83e053f.svg HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 47957\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":47957,"size_decoded":48152,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6d7e451ccaf89fa11d02b6b5ee7c434a","sha1":"8d2a0e309b457eabaeb61ba94a33df8bb83e053f","sha256":"a5d09ffefcab6d46d385558dbfb6ddb8c3802aa0846501a1e51cef335dbfc812","sha512":"ce12f4b1b919ddbbf6567b00f29af18539037ac64cf91d36dd1fb30a3751676e9bdc23ab2ef79dfd5b8b1f38cfc4f2b3e5adf4ebb26970232dfc7d6313ef7b3c","ssdeep":"768:8er52+bKF/kIf+JSmcOgZPtsv14p6qnuNBOFMD2FFPNXQyvmZ:br5neF7W6Fty4p6quNBVkNNQy4","tlshash":"dc23fad6b734a6f4e4c747bcef29ecd4311a60feaa7182c8423d5b1c558b9c9e909c60","first_seen":"2026-01-14T14:00:39.531849Z","last_seen":"2026-06-11T20:21:07.816584Z","times_seen":74,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/b67eb4b5fea974adb55977c6cfc42c3ce8b224d4.svg","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.180Z","timestamp":1781209240180,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /b67eb4b5fea974adb55977c6cfc42c3ce8b224d4.svg HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 10085\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":10085,"size_decoded":10281,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"83986156dd8df49f40175538d33639af","sha1":"b67eb4b5fea974adb55977c6cfc42c3ce8b224d4","sha256":"be5bc71658387110e1776fe9d3a6eb1936d747edbeccef35bca7ef14719e0f3c","sha512":"819cfecc001cd9353ed5ccc8a0dca9848531bc26b61194581e29bd4b782e293a54dc55698e1ba5cdac29fcc7ceae9f6e4803796990be6fba397b7554266e0237","ssdeep":"96:9bEPGTGbE2GIywkC2nkDKk97uu6wW1J88PVyzXUtt00I/bCsQ5ZnQFZnS11FQqk7:pEPGTYEAGkD1hhWH8WOEq5gMn0+qkQCF","tlshash":"c022c8c677385d7dfa934facdf04b7e4302ea07a565e5398d2268a38114268ef91bcc4","first_seen":"2023-12-01T17:00:55Z","last_seen":"2026-06-11T20:21:07.817586Z","times_seen":1062,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":25,"send":0,"wait":26,"receive":22,"ssl":32},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/index_1.html","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.299Z","timestamp":1781209240299,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /index_1.html HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 133\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":133,"size_decoded":344,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"2655b1b0b8b0fdfc77efb2a3196a9759","sha1":"f9f661b227fb53a076e7c1f6589987146c96422b","sha256":"979815e9fc24d328b44651683cb761a210ae8640671554cb1781d10697bcea1d","sha512":"481f3479ed2794a1e902fe358290e2246c2ebab0800f341bb7ebf3e8b9ddd7da47b8ee186375667c18bb148692f1029eead6aacd721e907049071bb9de55dfcc","ssdeep":"","tlshash":"f1c02b89a550240d58993bfcedc334a80e8e73e536825ac034e02cfc984025806013ce","first_seen":"2026-06-11T20:21:07.818597Z","last_seen":"2026-06-11T20:21:07.818597Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/8a1c176baabdea1858dbbfa49ebdd2bd08e84fa7.svg","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.448Z","timestamp":1781209240448,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /8a1c176baabdea1858dbbfa49ebdd2bd08e84fa7.svg HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 854\r\nKeep-Alive: timeout=5, max=95\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":854,"size_decoded":1047,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1a2ea22e9e3715f46aa10c5d5d515802","sha1":"8a1c176baabdea1858dbbfa49ebdd2bd08e84fa7","sha256":"c3729a732e44aec8b096f4b888d211efe395566452e3eccc7c6743467158b148","sha512":"150f8e44dbc8627b7a6b06b4098facabd4465b6bbd4279a7fe8a15cce065607bc65e3787d6497a530b9defe1c8c79d105dfc87549b47d7ed230d91c07f997038","ssdeep":"","tlshash":"4a0108268798e62bed5ed20ed058e420312650e76bc8c245f2be9f4f5f145864c477d9","first_seen":"2024-01-20T14:08:29Z","last_seen":"2026-06-11T20:21:07.821007Z","times_seen":189,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"turtle.auth-in-extranet.com/dff7963c2b7cc0a95b65d777bae56e7cf8a762f1.svg","fqdn":"turtle.auth-in-extranet.com","domain":"auth-in-extranet.com","tld":"com"},"ip":{"addr":"5.252.153.45","port":443,"asn":0,"as":"","country":"Panama","country_code":"PA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://turtle.auth-in-extranet.com/","date":"2026-06-11T20:20:40.177Z","timestamp":1781209240177,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"turtle.auth-in-extranet.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Jun 2026 10:41:52 GMT","end":"Wed, 09 Sep 2026 10:41:51 GMT"},"fingerprint":{"sha1":"BE:D2:59:C5:A0:4C:47:81:5C:E5:7D:33:33:E0:21:61:9B:97:34:7F","sha256":"83:4E:A6:B9:B9:6F:8B:E8:19:C4:8C:CB:74:39:41:1F:F3:85:61:04:9B:29:AC:F5:6F:5D:ED:CB:D9:03:D5:DF"}}},"request":{"raw":"GET /dff7963c2b7cc0a95b65d777bae56e7cf8a762f1.svg HTTP/1.1\r\nHost: turtle.auth-in-extranet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 11 Jun 2026 20:20:40 GMT\r\nServer: Apache/2.4.52 (Ubuntu)\r\nContent-Length: 6947\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.52","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":6947,"size_decoded":7142,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"cda874259b72818dd657fdc8e026f343","sha1":"dff7963c2b7cc0a95b65d777bae56e7cf8a762f1","sha256":"00d4932ea31ede39a2d7348985c6dd5416b54e19fda923b866b5fc435e2d6c82","sha512":"3002edc71781a68f7b90c19806eb740e4708436510896f74f7e225fc851f87e111776a99fba399e6b1142862b02713e8c763398668f591267451b2ce5afe5276","ssdeep":"96:ArdFO+fLClvKoyTjtgI95CfDMd/kPpxPL:ArLOIyioAJ95CrM1Ovz","tlshash":"a0e11ece37440cfe7e26079aef2a72b9102255fb2d886200c53b1a79158165ead3fec4","first_seen":"2023-12-01T17:00:55Z","last_seen":"2026-06-11T20:21:07.821992Z","times_seen":1008,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":26,"send":0,"wait":26,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"turtle.auth-in-extranet.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"turtle.auth-in-extranet.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}