{"report_id":"f1fbffed-e8eb-4a5f-bf18-968f0de12267","version":0,"status":"done","tags":["google"],"date":"2026-06-23T12:32:19Z","url":{"schema":"http","addr":"secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","fqdn":"secure.367450.com","domain":"367450.com","tld":"com"},"ip":{"addr":"13.210.89.195","port":0,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"final":{"url":{"schema":"https","addr":"secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","fqdn":"secure.367450.com","domain":"367450.com","tld":"com"},"title":"Sign in - Google Accounts","dom":{"size":7233,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (374)","md5":"f6dd43cab6e4d67b173e93a2c198236e","sha1":"9935afdd6ad4c46163aa36d934c2ac284315e466","sha256":"5ef289239ed40fe58dde4c84132d336a1aca71c7d2789668fde59189dcbb6331","sha512":"4d86ce4eda31500308c0c6b1a2170782d28c171b45b921826d9db1f8b053b31346cf9bce13dbbf471cbed0a17dd3bed4d465b1a5b3f2aa2e5571aa0dddb122fa","ssdeep":"192:/CkXJQhNBQ3GU1fvbu4/XX4BYQWTxd0pa9SRVQgBLUYAC:/ro6btgYQl88VQoZ","tlshash":"78e1842759419837102391e073aa6e113891c557eb07d884b3fdd3dcabe7e828e3669a","dom_hash":"domhash8ad1727b542d3e8585d4afa70ba19a38","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","fqdn":"secure.367450.com","domain":"367450.com","tld":"com"},"ip":{"addr":"13.210.89.195","port":0,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-28T12:32:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"secure.367450.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"secure.367450.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]},"summary":[{"fqdn":"images.pmeimg8.com","ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"domain_registered":"2016-08-31","domain_rank":7057478,"first_seen":"2017-07-20T13:54:09Z","last_seen":"2026-06-13T18:53:57.47207Z","alert_count":21,"request_count":7,"received_data":236961,"sent_data":3922,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-06-21T22:22:12.048317Z","alert_count":0,"request_count":2,"received_data":32025,"sent_data":1072,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"secure.367450.com","ip":{"addr":"3.104.102.7","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"domain_registered":"2017-01-12","domain_rank":0,"first_seen":"2024-12-15T12:50:27.221743Z","last_seen":"2026-06-23T12:30:58.805974Z","alert_count":6,"request_count":2,"received_data":12452,"sent_data":1238,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-06-21T22:19:08.810882Z","alert_count":0,"request_count":2,"received_data":98478,"sent_data":1153,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","fqdn":"secure.367450.com","domain":"367450.com","tld":"com"},"ip":{"addr":"3.104.102.7","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":true,"md5":"c2b81d3bba8db2bdd41f6ab7921b1a97","sha1":"95b1787a7ca30d4763574754cc52d8d6825ff202","sha256":"b04ec064e08bbd9d745320991be995bcce0b7965f193af23537dae75490908a4","sha512":"39ec057f27fad1cdc21d436e4f7f1a924827972e8dcc0a269682bbfb7c318921bb8b0561429c4a96046df34816aa0e68b31aaf724583ffad2fa7e507dcd2c971","ssdeep":"","tlshash":"5d01f41961554133067706b0f372555099b11583bb6ad68930ba5b3cdfcbd20cf33ea6","size":709,"data":"","first_seen":"2026-06-07T09:21:20.252381Z","last_seen":"2026-06-26T01:12:38.431056Z","times_seen":72,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","fqdn":"secure.367450.com","domain":"367450.com","tld":"com"},"ip":{"addr":"3.104.102.7","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":true,"md5":"b5b580007a159cd7a824dbae5b5333c6","sha1":"d000f09fea91e6b57665e8e040c33831132e5c95","sha256":"8718e1e6bc053e43ae464c23e910cede13c0afae36d8828ea9295a4b904638e6","sha512":"d2d7f415524321ce9f2f07dd10b2da6ae1fd62b6e57b36bee41c189c60274400f22f2924ad6de2169d1cd5957a137d921935404c85fcb59689bbe0a84e74679b","ssdeep":"","tlshash":"be319d166c927439303360a1369e1ca62d2250071245dc88f33ecee48ffab4257bb6be","size":1476,"data":"","first_seen":"2026-06-07T09:21:20.253802Z","last_seen":"2026-06-24T22:29:47.695802Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.pmeimg8.com/system/content_files/uploads/5b8/ee7/1e-/original/jquery-latest.min.js","fqdn":"images.pmeimg8.com","domain":"pmeimg8.com","tld":"com"},"ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87533,"data":"","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-06-26T12:28:22.177028Z","times_seen":174065,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.pmeimg8.com/system/content_files/uploads/dae/552/5f-/original/content-data-entry-boilerplate.js","fqdn":"images.pmeimg8.com","domain":"pmeimg8.com","tld":"com"},"ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e1aa7374d39fa64778859b1a8cbfbfe","sha1":"e0d91c61c4dd9ae3ca8fb085c53ae15b9eca7968","sha256":"ec180d2bc1f49cde05d2dd6db4270f5cba1b7011a4b351c3c796bed587ef55b6","sha512":"07c4356ddc018d42f69c853d6584365b64c383797bcd003cc898e8685ff444fca283b850605509f83a85be1323eb55a98e5b38be86861d3415f24b8ce5b9ea52","ssdeep":"1536:i0JqUSo20jlGZb+sJ48DVFXXBXCIDG/vv5COXjuq:i0zi/tR+3","tlshash":"c6832f1939243271497bf33ecb5b644ce2720297560b49653cbe43842fb1a60a6fefd9","size":86249,"data":"","first_seen":"2023-03-08T06:38:21Z","last_seen":"2026-06-26T01:12:38.373301Z","times_seen":3626,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.pmeimg8.com/system/content_files/uploads/8f2/ed2/42-/original/static-education-l10n.min.js","fqdn":"images.pmeimg8.com","domain":"pmeimg8.com","tld":"com"},"ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":false,"md5":"91fcc38fe563880842e269d2b7647b8b","sha1":"dc5d692fa7dc75b8a4bbcf0732d0978b3890e0c0","sha256":"648d18f8adcfba7d26b20c51328a2d13dcabb8465d673073cefe45735c80bda3","sha512":"86c69b10b23d438daaf56bc7e53a2f6c7a074ace5ae0307b1887e599ea967abd366f510da0790b0706706cf4b1b7a10cd2cb83f9745e96bf1c395ddb3b8de042","ssdeep":"192:XtMtDyVyNRYyXmiynVroyT4miPQBRAyDWwZ+ebCavINy/5UW9dR4klr8N:X25yVyNRYylynVroyTSIBRAyDWwZ+eNA","tlshash":"8fd1762121d2613c3aab51cfb0e96fc7f5b004ae59053c41dba7d82929c7dd643f3aa6","size":6328,"data":"","first_seen":"2023-03-08T06:38:21Z","last_seen":"2026-06-26T01:12:38.374635Z","times_seen":3836,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","fqdn":"secure.367450.com","domain":"367450.com","tld":"com"},"ip":{"addr":"3.104.102.7","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":true,"md5":"c2b81d3bba8db2bdd41f6ab7921b1a97","sha1":"95b1787a7ca30d4763574754cc52d8d6825ff202","sha256":"b04ec064e08bbd9d745320991be995bcce0b7965f193af23537dae75490908a4","sha512":"39ec057f27fad1cdc21d436e4f7f1a924827972e8dcc0a269682bbfb7c318921bb8b0561429c4a96046df34816aa0e68b31aaf724583ffad2fa7e507dcd2c971","ssdeep":"","tlshash":"5d01f41961554133067706b0f372555099b11583bb6ad68930ba5b3cdfcbd20cf33ea6","size":709,"data":"","first_seen":"2026-06-07T09:21:20.252381Z","last_seen":"2026-06-26T01:12:38.431056Z","times_seen":72,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","fqdn":"secure.367450.com","domain":"367450.com","tld":"com"},"ip":{"addr":"3.104.102.7","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":true,"md5":"b5b580007a159cd7a824dbae5b5333c6","sha1":"d000f09fea91e6b57665e8e040c33831132e5c95","sha256":"8718e1e6bc053e43ae464c23e910cede13c0afae36d8828ea9295a4b904638e6","sha512":"d2d7f415524321ce9f2f07dd10b2da6ae1fd62b6e57b36bee41c189c60274400f22f2924ad6de2169d1cd5957a137d921935404c85fcb59689bbe0a84e74679b","ssdeep":"","tlshash":"be319d166c927439303360a1369e1ca62d2250071245dc88f33ecee48ffab4257bb6be","size":1476,"data":"","first_seen":"2026-06-07T09:21:20.253802Z","last_seen":"2026-06-24T22:29:47.695802Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"log","text":"Detected language-specific container in the education? Yes","filename":"https://images.pmeimg8.com/system/content_files/uploads/8f2/ed2/42-/original/static-education-l10n.min.js","line_number":0,"column_number":0},{"level":"log","text":"Education language set to: en","filename":"https://images.pmeimg8.com/system/content_files/uploads/8f2/ed2/42-/original/static-education-l10n.min.js","line_number":0,"column_number":0}]},"http":[{"url":{"schema":"https","addr":"images.pmeimg8.com/system/content_files/uploads/dae/552/5f-/original/content-data-entry-boilerplate.js","fqdn":"images.pmeimg8.com","domain":"pmeimg8.com","tld":"com"},"ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:53.760Z","timestamp":1782217913760,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pmeimg8.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 13 Nov 2025 00:00:00 GMT","end":"Sat, 12 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9D:8E:47:65:AD:19:CD:B4:6D:97:F3:CE:E3:78:87:0E:A4:3D:16:AE","sha256":"75:46:70:41:88:00:B7:7F:50:B0:F0:46:2B:26:D8:42:8B:70:3C:11:A3:59:6B:C4:12:D0:D9:1F:F6:38:C6:94"}}},"request":{"raw":"GET /system/content_files/uploads/dae/552/5f-/original/content-data-entry-boilerplate.js HTTP/1.1\r\nHost: images.pmeimg8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://secure.367450.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 12:31:55 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 86249\r\nserver: nginx\r\nlast-modified: Thu, 05 May 2022 09:20:07 GMT\r\netag: \"2e1aa7374d39fa64778859b1a8cbfbfe\"\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":86249,"size_decoded":86604,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"2e1aa7374d39fa64778859b1a8cbfbfe","sha1":"e0d91c61c4dd9ae3ca8fb085c53ae15b9eca7968","sha256":"ec180d2bc1f49cde05d2dd6db4270f5cba1b7011a4b351c3c796bed587ef55b6","sha512":"07c4356ddc018d42f69c853d6584365b64c383797bcd003cc898e8685ff444fca283b850605509f83a85be1323eb55a98e5b38be86861d3415f24b8ce5b9ea52","ssdeep":"1536:i0JqUSo20jlGZb+sJ48DVFXXBXCIDG/vv5COXjuq:i0zi/tR+3","tlshash":"c6832f1939243271497bf33ecb5b644ce2720297560b49653cbe43842fb1a60a6fefd9","first_seen":"2023-03-08T06:38:21Z","last_seen":"2026-06-26T01:12:38.373301Z","times_seen":3626,"resource_available":true,"data":null}},"time_used":5174,"timings":{"blocked":-1,"dns":39,"connect":285,"send":0,"wait":811,"receive":2569,"ssl":1468},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:58.942Z","timestamp":1782217918942,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:19 GMT","end":"Mon, 17 Aug 2026 08:38:18 GMT"},"fingerprint":{"sha1":"4D:E0:8E:62:2F:B2:3D:28:5D:7D:B5:8D:C5:3A:72:E4:EE:AB:7D:93","sha256":"AE:0B:4F:B5:B7:41:E5:0C:70:C0:E1:2A:F9:DB:AD:A8:64:94:F3:70:6D:38:1C:8A:8A:CA:52:96:5C:D8:5C:87"}}},"request":{"raw":"GET /css2?family=Open+Sans:wght@300;400;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://images.pmeimg8.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 23 Jun 2026 12:31:59 GMT\r\ndate: Tue, 23 Jun 2026 12:31:59 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18042,"size_decoded":2441,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"46f0a0844739deb5b3ad28ec35021b49","sha1":"ccda4fc9bb50655a919e389870c5fe00ff2abf23","sha256":"f068cfb70e486aaf82bf309e3861f7a3684e10c89774f165f94ea99b2b37c6e1","sha512":"a683114d7c76b097c95e43ee550d6625f99e00c32667404354814a07b7848a94ba88cf9609bc52a3aef8a1f89536b06171b0a29f700370be29e80adc386957b8","ssdeep":"192:fCPPa2Skrq4nbqGIwV4G5zpDCKKf2XdrqJnbqGIwV4jozYSC77u2mIrqUnbqGIwq:6SqqY49t5qY47uOqY4P","tlshash":"60822b9000171850aa435de633ce7e34ee0f92627044d07a6bfd8b9bdedad6963b431d","first_seen":"2025-09-17T11:26:58.619457Z","last_seen":"2026-06-25T07:54:23.252489Z","times_seen":2357,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":0,"dns":2,"connect":15,"send":0,"wait":33,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secure.367450.com/system/content_images/uploads/d01/f25/f3-/original/google-favicon.png","fqdn":"secure.367450.com","domain":"367450.com","tld":"com"},"ip":{"addr":"3.104.102.7","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:59.828Z","timestamp":1782217919828,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"367450.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 16 May 2026 13:43:02 GMT","end":"Fri, 14 Aug 2026 13:43:01 GMT"},"fingerprint":{"sha1":"80:95:D6:C9:62:CF:D3:07:1E:CA:FF:65:62:53:06:27:27:03:A0:BB","sha256":"7C:EA:24:57:CF:1F:75:80:99:27:AC:A1:A8:AC:8A:C3:5F:AB:78:BA:3C:1B:09:6E:CD:2E:3C:94:93:7E:BE:D8"}}},"request":{"raw":"GET /system/content_images/uploads/d01/f25/f3-/original/google-favicon.png HTTP/1.1\r\nHost: secure.367450.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: _phishme.com_session_id=90595d797099275b43495da61a290842\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nx-amz-id-2: ZqDh2ZiZReOFpBA9N4oLU1qZ9hO3DhQaZwR1AI6WKkzRx6nkkl3VTq3mPt3DNlbFPL3c6UmsUy5gfgWGoAezQOV7uTLZDzSJ\r\nx-amz-request-id: CWK6TBAREGT7MPRT\r\ndate: Tue, 23 Jun 2026 12:32:01 GMT\r\nlast-modified: Mon, 06 Nov 2023 16:50:13 GMT\r\netag: \"60f263c57bd740ec50a647f810859d84\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ncontent-length: 4214\r\nserver: AmazonS3\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":4214,"size_decoded":4645,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"60f263c57bd740ec50a647f810859d84","sha1":"775217018cd2dd8f7c1e06a88c7bf901b5481a9d","sha256":"f1de4abc89f238f322f5ea6a02ea5cf53b313b145f673dccd97f1b3bd32ee039","sha512":"cf2c47c15b005f85633e165fd969647f6877f0c137795bf81d165d3ac5629035b151f15aafb6b1a2f2331e43c25c90e9f53b5c0b5ba1a8ba7bb4aca99db824bd","ssdeep":"96:FllcHitlIxv9vk7C1+I4wWHLihk/xZSsFP/mg7Wz:+IIHUCD4wa3SM7k","tlshash":"3f916e8d9546958605484b7b2a7baa81467f2f89c10a6f0ce5fb410fa730f153cbb717","first_seen":"2024-01-10T04:45:11Z","last_seen":"2026-06-24T22:29:47.69141Z","times_seen":1147,"resource_available":false,"data":null}},"time_used":1128,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1128,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"secure.367450.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"secure.367450.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","fqdn":"secure.367450.com","domain":"367450.com","tld":"com"},"ip":{"addr":"3.104.102.7","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-23T12:31:51.909Z","timestamp":1782217911909,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"367450.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 16 May 2026 13:43:02 GMT","end":"Fri, 14 Aug 2026 13:43:01 GMT"},"fingerprint":{"sha1":"80:95:D6:C9:62:CF:D3:07:1E:CA:FF:65:62:53:06:27:27:03:A0:BB","sha256":"7C:EA:24:57:CF:1F:75:80:99:27:AC:A1:A8:AC:8A:C3:5F:AB:78:BA:3C:1B:09:6E:CD:2E:3C:94:93:7E:BE:D8"}}},"request":{"raw":"GET /secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380 HTTP/1.1\r\nHost: secure.367450.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 12:31:52 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 7172\r\nx-frame-options: DENY\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: no-store\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\netag: W/\"24739eae8439737d83ad0e3d285f421b\"\r\nset-cookie: _phishme.com_session_id=90595d797099275b43495da61a290842; path=/; httponly\r\nx-request-id: 13cccb87-f440-4149-b872-0855bd05cf5e\r\nx-runtime: 0.061248\r\nstrict-transport-security: max-age=15768000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":7172,"size_decoded":7807,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (374), with CRLF, LF line terminators","md5":"70b9f1f04ebe34c693394e93dc40c6fb","sha1":"ee254a922b18e3de05075d50c66fd977df7df00d","sha256":"24739eae8439737d83ad0e3d285f421b9f21691835e3ee36e208802910e3dadd","sha512":"e0b985c40bb7b2b2b1783686b8491c43b6ee933f858deb64cb651c99b95798744a567412e944ccaf9f28d99ff45c40521e4cfbdeb0164596a0395d74d45db915","ssdeep":"192:VCkXJQhNBQ3GU1fvbu4/1J14BYQWTJd0paxS9VQEN1UYLmB:Vro6bt/KYQB8AVQgQB","tlshash":"59e1732759409837106391e073a96f1174a1c553eb079884b3fdc7dcabf7e828e3669e","first_seen":"2024-12-14T10:14:19.822789Z","last_seen":"2026-06-24T22:29:47.691925Z","times_seen":753,"resource_available":true,"data":null}},"time_used":1219,"timings":{"blocked":-1,"dns":5,"connect":285,"send":0,"wait":352,"receive":0,"ssl":577},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"secure.367450.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"secure.367450.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Google","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Google phishing","tags":["google"],"meta":null}]}},{"url":{"schema":"https","addr":"images.pmeimg8.com/system/content_files/uploads/5b8/ee7/1e-/original/jquery-latest.min.js","fqdn":"images.pmeimg8.com","domain":"pmeimg8.com","tld":"com"},"ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:53.758Z","timestamp":1782217913758,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pmeimg8.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 13 Nov 2025 00:00:00 GMT","end":"Sat, 12 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9D:8E:47:65:AD:19:CD:B4:6D:97:F3:CE:E3:78:87:0E:A4:3D:16:AE","sha256":"75:46:70:41:88:00:B7:7F:50:B0:F0:46:2B:26:D8:42:8B:70:3C:11:A3:59:6B:C4:12:D0:D9:1F:F6:38:C6:94"}}},"request":{"raw":"GET /system/content_files/uploads/5b8/ee7/1e-/original/jquery-latest.min.js HTTP/1.1\r\nHost: images.pmeimg8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://secure.367450.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 12:31:55 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 87533\r\nserver: nginx\r\nlast-modified: Tue, 07 May 2024 14:00:08 GMT\r\netag: \"2c872dbe60f4ba70fb85356113d8b35e\"\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87533,"size_decoded":87888,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-06-26T12:28:22.177028Z","times_seen":174065,"resource_available":true,"data":null}},"time_used":6032,"timings":{"blocked":-1,"dns":41,"connect":285,"send":0,"wait":2237,"receive":1998,"ssl":1467},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.pmeimg8.com/system/content_files/uploads/8f2/ed2/42-/original/static-education-l10n.min.js","fqdn":"images.pmeimg8.com","domain":"pmeimg8.com","tld":"com"},"ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:53.762Z","timestamp":1782217913762,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pmeimg8.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 13 Nov 2025 00:00:00 GMT","end":"Sat, 12 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9D:8E:47:65:AD:19:CD:B4:6D:97:F3:CE:E3:78:87:0E:A4:3D:16:AE","sha256":"75:46:70:41:88:00:B7:7F:50:B0:F0:46:2B:26:D8:42:8B:70:3C:11:A3:59:6B:C4:12:D0:D9:1F:F6:38:C6:94"}}},"request":{"raw":"GET /system/content_files/uploads/8f2/ed2/42-/original/static-education-l10n.min.js HTTP/1.1\r\nHost: images.pmeimg8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://secure.367450.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 12:31:55 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 6328\r\nserver: nginx\r\nlast-modified: Thu, 19 May 2022 09:00:06 GMT\r\netag: \"91fcc38fe563880842e269d2b7647b8b\"\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6328,"size_decoded":6682,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6328), with no line terminators","md5":"91fcc38fe563880842e269d2b7647b8b","sha1":"dc5d692fa7dc75b8a4bbcf0732d0978b3890e0c0","sha256":"648d18f8adcfba7d26b20c51328a2d13dcabb8465d673073cefe45735c80bda3","sha512":"86c69b10b23d438daaf56bc7e53a2f6c7a074ace5ae0307b1887e599ea967abd366f510da0790b0706706cf4b1b7a10cd2cb83f9745e96bf1c395ddb3b8de042","ssdeep":"192:XtMtDyVyNRYyXmiynVroyT4miPQBRAyDWwZ+ebCavINy/5UW9dR4klr8N:X25yVyNRYylynVroyTSIBRAyDWwZ+eNA","tlshash":"8fd1762121d2613c3aab51cfb0e96fc7f5b004ae59053c41dba7d82929c7dd643f3aa6","first_seen":"2023-03-08T06:38:21Z","last_seen":"2026-06-26T01:12:38.374635Z","times_seen":3836,"resource_available":true,"data":null}},"time_used":2319,"timings":{"blocked":-1,"dns":37,"connect":285,"send":0,"wait":527,"receive":0,"ssl":1467},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.pmeimg8.com/public/user_assets/acb09f9b-837f-4616-9b08-ce2763524ba2/kpmg-logo-d095482d.png","fqdn":"images.pmeimg8.com","domain":"pmeimg8.com","tld":"com"},"ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:53.770Z","timestamp":1782217913770,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pmeimg8.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 13 Nov 2025 00:00:00 GMT","end":"Sat, 12 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9D:8E:47:65:AD:19:CD:B4:6D:97:F3:CE:E3:78:87:0E:A4:3D:16:AE","sha256":"75:46:70:41:88:00:B7:7F:50:B0:F0:46:2B:26:D8:42:8B:70:3C:11:A3:59:6B:C4:12:D0:D9:1F:F6:38:C6:94"}}},"request":{"raw":"GET /public/user_assets/acb09f9b-837f-4616-9b08-ce2763524ba2/kpmg-logo-d095482d.png HTTP/1.1\r\nHost: images.pmeimg8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://secure.367450.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 12:31:55 GMT\r\ncontent-type: image/png\r\ncontent-length: 29939\r\nserver: nginx\r\nlast-modified: Fri, 20 Dec 2024 16:46:26 GMT\r\netag: \"5fa54a19c819d6eb56f9e42041d49a30\"\r\naccept-ranges: bytes\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29939,"size_decoded":30273,"mime_type":"image/png","magic":"PNG image data, 1638 x 1210, 8-bit/color RGBA, non-interlaced","md5":"5fa54a19c819d6eb56f9e42041d49a30","sha1":"77665623dac246865ff28288ee13410f940c156c","sha256":"510825c2f77d3e2a77e156443fb18525fb04a21cb50e4ba550d5997b0cb81eb4","sha512":"411388250fc8ce28bfa1ea7a0943b4055df3b037ed026b8eec997d05c0a0346c85605500aaed9cc9285ef14f2b416a57fac1c222ba4abc9722f84ed0390a7590","ssdeep":"384:TXE055ofYt65viQLqRxHWPPNmuIRIswrGPb8O0e4MlYjPTao9EkwimNarzXTL4lJ:z35ko65v6HHWXq2rGDObMGPmkwiz3U","tlshash":"b6d24eeb09a1dddef826d4f3c6c8442dda6d2c0526854bef48239e6838c2370e25f356","first_seen":"2024-03-29T05:31:13Z","last_seen":"2026-06-24T22:29:47.693879Z","times_seen":871,"resource_available":false,"data":null}},"time_used":2280,"timings":{"blocked":1138,"dns":0,"connect":0,"send":0,"wait":855,"receive":287,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.pmeimg8.com/system/content_images/uploads/681/235/99-/original/user-icon-grey.png","fqdn":"images.pmeimg8.com","domain":"pmeimg8.com","tld":"com"},"ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:53.772Z","timestamp":1782217913772,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pmeimg8.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 13 Nov 2025 00:00:00 GMT","end":"Sat, 12 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9D:8E:47:65:AD:19:CD:B4:6D:97:F3:CE:E3:78:87:0E:A4:3D:16:AE","sha256":"75:46:70:41:88:00:B7:7F:50:B0:F0:46:2B:26:D8:42:8B:70:3C:11:A3:59:6B:C4:12:D0:D9:1F:F6:38:C6:94"}}},"request":{"raw":"GET /system/content_images/uploads/681/235/99-/original/user-icon-grey.png HTTP/1.1\r\nHost: images.pmeimg8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://secure.367450.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 12:31:55 GMT\r\ncontent-type: image/png\r\ncontent-length: 460\r\nserver: nginx\r\nlast-modified: Wed, 21 Jun 2023 08:30:10 GMT\r\netag: \"1529e55c8eea07a47df274938c798dc8\"\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":460,"size_decoded":800,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"1529e55c8eea07a47df274938c798dc8","sha1":"bf8427d0fac980aadd0a111fcddb6412fbcf5ddc","sha256":"118b17a5c8752bb05843e47c7175ca28b2ae6598cb672d1ff8128581334a8010","sha512":"4d5e560b383c56c5b45e05e381184836a782e703ec1310dd86d0e53c569f3e88d1e1d42504da913114e0acfc3fabfa66c219d07df23a8cd545de54100d244715","ssdeep":"","tlshash":"c8f05ccebb923421ce0a703302c24c228cb1cab41019ae8d638adab403ca40014a86ab","first_seen":"2024-01-10T04:45:11Z","last_seen":"2026-06-24T22:29:47.694371Z","times_seen":1159,"resource_available":false,"data":null}},"time_used":1426,"timings":{"blocked":1138,"dns":0,"connect":0,"send":0,"wait":288,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:59.511Z","timestamp":1782217919511,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:19 GMT","end":"Mon, 17 Aug 2026 08:38:18 GMT"},"fingerprint":{"sha1":"4D:E0:8E:62:2F:B2:3D:28:5D:7D:B5:8D:C5:3A:72:E4:EE:AB:7D:93","sha256":"AE:0B:4F:B5:B7:41:E5:0C:70:C0:E1:2A:F9:DB:AD:A8:64:94:F3:70:6D:38:1C:8A:8A:CA:52:96:5C:D8:5C:87"}}},"request":{"raw":"GET /css2?family=Inter:wght@100;200;300;400;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://images.pmeimg8.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 23 Jun 2026 12:31:59 GMT\r\ndate: Tue, 23 Jun 2026 12:31:59 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12635,"size_decoded":1465,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"9f1db03e70fca26469b6b20bd030bf72","sha1":"6420662f5a21bef4657a735e0a61ab6a23f044ce","sha256":"f76b1417f46ab4d9768d3e2f24355b0ef2778c52442ebfb89d275153464a2d7b","sha512":"ab147f733f10e3a0e919b190fa0b46330f5fa633b2f1692c1d1fab40b2416b9abd4627b83574a33055c3e834475b2eef09ff09d215a6832479605fde12b93c5a","ssdeep":"192:WpNmp9pKpO3tp3pxYp5NnWjO3GAxRKNA1cO3lnxirNNIxO34OxDONEhYO3RrxGx:WLmXoKtZIB1OKYXY+4","tlshash":"cc428a92002ba400ab971dc233cf7f3aaece10856085d1b96ffd0dc59cead66436876d","first_seen":"2025-09-11T17:21:57.334266Z","last_seen":"2026-06-26T01:12:38.391326Z","times_seen":3177,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:59.570Z","timestamp":1782217919570,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://secure.367450.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Jun 2026 18:12:11 GMT\r\nexpires: Sat, 19 Jun 2027 18:12:11 GMT\r\ncache-control: public, max-age=31536000\r\nage: 325188\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48320,"size_decoded":49133,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-06-26T12:27:42.264656Z","times_seen":293818,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":4,"connect":30,"send":0,"wait":16,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:59.573Z","timestamp":1782217919573,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://secure.367450.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Jun 2026 01:47:53 GMT\r\nexpires: Fri, 18 Jun 2027 01:47:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 470646\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-26T12:21:13.701866Z","times_seen":219278,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":32,"dns":0,"connect":0,"send":0,"wait":20,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.pmeimg8.com/system/content_files/uploads/26b/ad3/4b-/original/content-data-entry-boilerplate.min.css","fqdn":"images.pmeimg8.com","domain":"pmeimg8.com","tld":"com"},"ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:53.752Z","timestamp":1782217913752,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pmeimg8.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 13 Nov 2025 00:00:00 GMT","end":"Sat, 12 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9D:8E:47:65:AD:19:CD:B4:6D:97:F3:CE:E3:78:87:0E:A4:3D:16:AE","sha256":"75:46:70:41:88:00:B7:7F:50:B0:F0:46:2B:26:D8:42:8B:70:3C:11:A3:59:6B:C4:12:D0:D9:1F:F6:38:C6:94"}}},"request":{"raw":"GET /system/content_files/uploads/26b/ad3/4b-/original/content-data-entry-boilerplate.min.css HTTP/1.1\r\nHost: images.pmeimg8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://secure.367450.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 12:31:56 GMT\r\ncontent-type: text/css\r\ncontent-length: 18290\r\nserver: nginx\r\nlast-modified: Tue, 24 May 2022 14:30:06 GMT\r\netag: \"cde1906f54d9ea8c69be1488fad61743\"\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18290,"size_decoded":18631,"mime_type":"text/css","magic":"ASCII text, with very long lines (18290), with no line terminators","md5":"cde1906f54d9ea8c69be1488fad61743","sha1":"bc35ba9b37e3e293ef57036210f5a71ac0e7001b","sha256":"51829c6361406bbe6bbc441e575d760fb1ee39891a7729878b7d3304d4c1399c","sha512":"9f151a3215239f5f1d0fe80920dd57683e9f445c604b9500e4d4d9fd3f6577f5521030b0f72fe04331f4f4dfaa1a6543486939f420aa391d0476ef9bac9f8071","ssdeep":"192:zcWh5Td9SZ5yxhpJVQJaSn/VeWRBnJlrQIYm3r:Is3oyxVVQJaSVlrQ4","tlshash":"d882fcc198206d66503bce2fb0d27a5b456b24027772dfbff6a72d648f5e6970432a03","first_seen":"2023-04-11T07:24:22Z","last_seen":"2026-06-26T01:12:38.371511Z","times_seen":3842,"resource_available":false,"data":null}},"time_used":4897,"timings":{"blocked":-1,"dns":47,"connect":285,"send":0,"wait":1655,"receive":857,"ssl":2053},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.pmeimg8.com/system/content_files/uploads/ebf/645/b2-/original/google-landing-styles.css","fqdn":"images.pmeimg8.com","domain":"pmeimg8.com","tld":"com"},"ip":{"addr":"3.27.98.250","port":443,"asn":16509,"as":"AMAZON-02","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://secure.367450.com/secure/training/6422c2/8c5781c2-7b1e-4035-b1d7-990e269e5380","date":"2026-06-23T12:31:53.755Z","timestamp":1782217913755,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pmeimg8.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 13 Nov 2025 00:00:00 GMT","end":"Sat, 12 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9D:8E:47:65:AD:19:CD:B4:6D:97:F3:CE:E3:78:87:0E:A4:3D:16:AE","sha256":"75:46:70:41:88:00:B7:7F:50:B0:F0:46:2B:26:D8:42:8B:70:3C:11:A3:59:6B:C4:12:D0:D9:1F:F6:38:C6:94"}}},"request":{"raw":"GET /system/content_files/uploads/ebf/645/b2-/original/google-landing-styles.css HTTP/1.1\r\nHost: images.pmeimg8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://secure.367450.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 12:31:55 GMT\r\ncontent-type: text/css\r\ncontent-length: 5743\r\nserver: nginx\r\nlast-modified: Tue, 07 Nov 2023 17:10:06 GMT\r\netag: \"8b9bb6e63352aae173f9745728d3dfef\"\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5743,"size_decoded":6083,"mime_type":"text/css","magic":"ASCII text","md5":"8b9bb6e63352aae173f9745728d3dfef","sha1":"f24f4eca03885b07531093e1881de275dbe188a8","sha256":"f3950399539e973776f35e7de8bbbdfce97c3abc04f7540e5a1b00e99c60d299","sha512":"0f78299222ea736e831e63a95db2fc8a4ab5837f431ca2c8c9a18d64c95a13fbf98856f7b003c9399044f57ee05bb7f543075e6cf3148ee11c8476d7cfac99dc","ssdeep":"96:nO7jallCvOnET6NRcIllK2EIYwCkgOjnIu6F7WuBRHc:ncj4YvPWNCInsF7WiRHc","tlshash":"1fc1338d2aa20600701bc59d3591dfa4777e4002ac0fdd38bbe225289f8a6d99672fdd","first_seen":"2024-01-10T04:45:11Z","last_seen":"2026-06-24T22:29:47.688599Z","times_seen":1158,"resource_available":false,"data":null}},"time_used":4036,"timings":{"blocked":-1,"dns":44,"connect":285,"send":0,"wait":2237,"receive":0,"ssl":1466},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"images.pmeimg8.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}