{"report_id":"01ce0458-092d-43f0-80b3-523aa2c60a22","version":6,"status":"done","tags":[],"date":"2025-11-18T23:21:19Z","url":{"schema":"http","addr":"bloxra.rf.gd","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"bloxra.rf.gd/?i=1","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"title":"Robux Rewards Portal","dom":{"size":8661,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (4037)","md5":"7bc20e537cd73556fb43f8731d84e596","sha1":"01bd2f52f9c4d04b367f2463371a25bc6d14d08b","sha256":"e53dfce93a110fa4c25eccfca0e78cd79967e6584cdf27b55c0031abd2ab21a7","sha512":"6363a342f26b4c218b19cd7b3df131904586d224f6364744104a0f776b92d01ff5a4f9183159de0ebb8fa5fa262347b1782002e2ac92ebedc5e3c8eb0bfb8375","ssdeep":"192:Xph4cIbkxigtQnZvkQ8Lzd4cIbkxigtQnZvkQvQCkCaO:XpaQOkrLzeQOkL2","tlshash":"ff022b35bea515f536d2e2ca3c2ae11dec905b093700cd08b45cc4752b387bccda9ae4","dom_hash":"domhashdc54fbe1ae197f2d0347c91caad45e38","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bloxra.rf.gd","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-23T23:21:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":14}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"bloxra.rf.gd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"bloxra.rf.gd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-11-17T00:28:00.919789Z","alert_count":0,"request_count":2,"received_data":91143,"sent_data":923,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"errors.infinityfree.net","ip":{"addr":"104.26.8.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-04-18","domain_rank":3024566,"first_seen":"2022-05-27T01:14:37Z","last_seen":"2025-11-18T15:20:54.810735Z","alert_count":0,"request_count":1,"received_data":614,"sent_data":441,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"52.29.31.50","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-11-18T17:36:30.087644Z","alert_count":0,"request_count":2,"received_data":842,"sent_data":880,"comment":"","tags":null,"fingerprints":null},{"fqdn":"d1y3y09sav47f5.cloudfront.net","ip":{"addr":"3.167.7.148","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-10-31T01:50:14.555656Z","last_seen":"2025-11-14T17:46:04.055207Z","alert_count":0,"request_count":5,"received_data":23420,"sent_data":2311,"comment":"","tags":null,"fingerprints":[{"name":"OpenSSL:1.0.2k","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"PHP:7.4.11","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Apache HTTP Server:2.4.51","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Apache HTTP Server:2.4.46","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"bloxra.rf.gd","ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2013-08-25","domain_rank":0,"first_seen":"2025-11-18T23:21:20.207836Z","last_seen":"2025-11-18T23:21:20.207836Z","alert_count":8,"request_count":4,"received_data":20146,"sent_data":2016,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"d1y0yks1k8t5m5.cloudfront.net","ip":{"addr":"3.167.7.41","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-10-03T01:27:32.074878Z","last_seen":"2025-11-14T08:03:23.235479Z","alert_count":0,"request_count":1,"received_data":27800,"sent_data":425,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-11-17T02:39:22.98707Z","alert_count":15,"request_count":3,"received_data":13957,"sent_data":5223,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.highperformanceformat.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-10-15","domain_rank":366864,"first_seen":"2024-10-23T18:32:34.138968Z","last_seen":"2025-11-17T15:15:53.232334Z","alert_count":8,"request_count":2,"received_data":94528,"sent_data":914,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"realizationnewestfangs.com","ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-02T06:26:57.543488Z","last_seen":"2025-11-17T20:52:29.182882Z","alert_count":9,"request_count":3,"received_data":15343,"sent_data":5211,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.highperformanceformat.com/1bfbba10bd525063ad7d0ad3e4ee8e6f/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9469fb46eea6dc9976f597a71a27837a","sha1":"63e9bbafd2ebfb973d6c0036cab8fdb32060cd35","sha256":"6551251f52d9748d95ca8f50dd31555e3b09b73f59d8fbd29d1a618abee1423e","sha512":"dc0d68e085d807351a326662facd4ae3dd75b3905dd3f0ccab4e54f5b92c65c80e03af0d1f137a48bd52fe2864c160d94927fd5b681549ede6b07dc6fb7badd1","ssdeep":"768:n5/C6gfHBHuf0gCjEqeJMtQIHKmt2FdWS2WN:nI6gfhHuf0geEqeMQIHKV3PN","tlshash":"c82308883fa0f66b07727437126fd11ffa6acc019888cc5cca46d5e92f68b19e536b45","size":46403,"data":"","first_seen":"2025-11-18T23:21:25.088492Z","last_seen":"2025-11-18T23:21:25.088492Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"9373be1aa8723fad5cc544b2f24d0892","sha1":"c0b9c6b4311a71cf3be00136f9d19d2288ab69ac","sha256":"5feeaf68eef7ecaf3503958b97713173634736ab3e8460d1cd911dae8ddb18cc","sha512":"7ffe3a35452b8ad9720cbfe032dbed768042c68edd6742e82756ef60132df88951f0b808d80f0618123f7c3c47fc2d11d3131354a919bba9e45db9604249c584","ssdeep":"96:shQoz40bEoRkSzeQeb76bl3fk/+SzeQeb76bls1jDWCfMEDaH:sPz40bRkueQeb7gl3fkmueQeb7glUvWv","tlshash":"6ab12a7dbce8a9f6290277ad072cf46e7d30c5258808ee81b9acb3596f645043fc4c99","size":5207,"data":"","first_seen":"2025-11-18T23:21:25.123388Z","last_seen":"2025-11-18T23:21:25.123388Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"7783db556b1770e9c94a67090572bf4f","sha1":"9cebba7ce1f4dac71dcb78be09b1d15802a697c1","sha256":"02da8e3ac18550c0b90a3ee857ebd10e2c37c6da082bb1547f9fa00c53248b2a","sha512":"e52ba2664acf92ea744df58fefabb8b7eca96126fb8b68e128d7de63f22c26254843c960af71f24f72cad2aa667fc13f4a9da12f00055a22909d6cd9d26e1a3b","ssdeep":"","tlshash":"70c02b6c3f241d7077c2b80e3f0003c2ccc00a0eb0b0980912108000aeb563bc0c0880","size":145,"data":"","first_seen":"2025-11-18T23:21:25.12447Z","last_seen":"2025-11-18T23:21:25.12447Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bloxra.rf.gd/?i=1","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"2f476aa280f4c45f4fe54366c40ba9f9","sha1":"2099736b74ad0da433119a4cae1ca2d36e1fe967","sha256":"6da9f93dbff8e7c91523254503646b08a9535a11007e623b624aa9c2c226d69a","sha512":"e3888f6262b9af4d2a3b4a9a5cba73f62b3500900cf5b0c67ad8d80108932c63723a95901439f3cdfa260da856af847fe3f028f215090b87e7da70187432f1a1","ssdeep":"","tlshash":"c1a00206b5a598e0ab5953450d74020956a730f54e8a8d1d32cad674ee0289162089d3","size":59,"data":"","first_seen":"2025-11-18T23:21:25.125289Z","last_seen":"2025-11-18T23:21:25.125289Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/74c9ac4396867cbdceb050965e37e6dc/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"95481a76ebabf90b692f81ec6687dcdb","sha1":"c15cfc401bc7e47aa053f0e7d1dd299764d6478d","sha256":"60326fecee4cec6bd7e16cc72b9ce2a36c415b16fed3950f9a00100f22de244a","sha512":"51c3a9d490946bb0bab2229fb5ff6a22e59791b844dc779d4417e386e9ef91ec30a16c97264b3d53557d7eb6fb94a23f6ce11f023cda716b99cb4a414a3f7b7c","ssdeep":"768:+5/C6gfHBHuf0gCjEqeJMtQIHKmt2FOWS2WN:+I6gfhHuf0geEqeMQIHKVcPN","tlshash":"cc23f7883fa0f66b07727437126fd11ffa6acc019888cc5cc946d5e92f68b19e536b45","size":46415,"data":"","first_seen":"2025-11-18T23:21:25.121533Z","last_seen":"2025-11-18T23:21:25.121533Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"e2d1f7c024266bc049c7bf39d98c244a","sha1":"dc57079572c819907a0b9a895a46f8a6bc2facbf","sha256":"fd0a565053fdb5da330e818af27ba0feab4e93885db8ef878e3521e10569f743","sha512":"04e1d4c02e5120234c1fee4db720a108861d468ac7c5599fab69867d93991637ac57795ee8e8e8bc68a38a8cc60f0ab68b1935f1157ba8b1ca8d38ddeac97c83","ssdeep":"","tlshash":"4031d77eb4ac38f35d69779d061df5be7d70cd008959bbc2983133996f684083a84c95","size":1802,"data":"","first_seen":"2025-11-18T23:21:25.126156Z","last_seen":"2025-11-18T23:21:25.126156Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb6ca3c64d5a65bcf48e85c9d60f0bd5","sha1":"034446b91cdf8a72b53fe83431a8d257c741086e","sha256":"6ef1a10880bc85868612bd197ddc28f462ebed66ecb9b1e0e47064acfd1f09ed","sha512":"bfb3cf6637b91c834de4259385d8cb949c5e22d52882ff05134f0cba8f2ef698ae098f3691b08bec8c2db8a1a3843f451707684acf06f0c6ce935cb9896e10e4","ssdeep":"","tlshash":"4ac08cc42ba00e61bea138ae2b081fc378c243136820650a56c2705074d202b0e820c8","size":145,"data":"","first_seen":"2025-11-18T23:21:25.127018Z","last_seen":"2025-11-18T23:21:25.127018Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"68b9d88055af1b9136e3f3ae808dddb1","sha1":"4871cb414d1a55726c3b0b0f950adb101cd0f3aa","sha256":"f4a20e44fa1132afd9019447f7448e13ce5fdbdb3d4d634bd3fc619e48cacdfe","sha512":"be0792b020912a0879316824f194de2dbead68b532a5905cc19bdaa55a0eebd60fc1f744458d5d4518f676f41f176ad909e9c92197241a19585faea0e9249e9d","ssdeep":"","tlshash":"ee31fb3ae56d11e673f6e3473818f3665ea4e7401740c249885044f82334ebc07756e4","size":1814,"data":"","first_seen":"2025-11-18T23:21:25.127824Z","last_seen":"2025-11-18T23:21:25.127824Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d1y3y09sav47f5.cloudfront.net/public/external/check.php?it=4112040\u0026time=1763508059076","fqdn":"d1y3y09sav47f5.cloudfront.net","domain":"d1y3y09sav47f5.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.167.7.148","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"69d77690ed201acd0627e99dd35c96eb","sha1":"05ffc794be6dae3836ee5df72d82d917323b2941","sha256":"577d248638c57941b7e35d9a19ef4b5d88d52482f6e59254142d4266c57bad38","sha512":"06aaf36275b0c4de82580319878333d973d3cd464f4c09df4281551f4381940dc792eb28c2c84b3a94196b53edf41751b01976ad77c5e393c0b62574c4b214bf","ssdeep":"","tlshash":"32a0220c0c02220f033230b080bbc8280030e3320bc0c3a8282aca8a2e03c3b2a0208e","size":72,"data":"","first_seen":"2023-08-12T16:35:44Z","last_seen":"2026-04-04T20:56:17.979658Z","times_seen":2797,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bloxra.rf.gd/?i=1","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"b4140a02cb0259cd00d8bcbf3e0d01c7","sha1":"469f4c47981a53dc69ad900ee1e83b7e77dc8086","sha256":"ce6018f4c32fae62e4794ee0891a2384a208de02b4b8eb2e3a02498b403da223","sha512":"aaa99f2fcf5b9a05e1630f999edda6f7f11602e23cf5fa70f3b7c97a6422aeed4e14d7131785af38a27f3bddf0b3a58b4ab8b1d68dddcf9755e458e9270648ff","ssdeep":"96:dyH/NKcPtSXDCwYJXCHXNVxySwd/0KSOKDcSQe/u0XNo:dyMcPkXD1YJXCHXLxrwd/RSOKtQeu0XK","tlshash":"6e81492634b714300efb25f7bb6f66c87862a0037441c9467dde8b654f62f419ca39ca","size":4099,"data":"","first_seen":"2025-11-18T23:21:25.128727Z","last_seen":"2025-11-18T23:21:25.128727Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"0f66cc900a3a601615bde8d16b52a470","sha1":"3b41d09fadadd8020eee4ac0d88c1cb4aed96f0f","sha256":"d57f04158894e6b334fc4fe9cd136b68581ee7c15000f80cebbfd29251863ae6","sha512":"3d55094ddcba4c6c5d8de8564ae03500236276a314a0118d40019bef38fb6d53dcd0063c0beeaff6dd73425c63f22cca9be96d27003b30c82384e203c0baacfe","ssdeep":"","tlshash":"1a31da7db098e8ff16407b8c0e2df4bdbd701d18d56eea81a57532aebba84043e80571","size":1538,"data":"","first_seen":"2025-11-18T23:21:25.129577Z","last_seen":"2025-11-18T23:21:25.129577Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bloxra.rf.gd/","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"e9a87222d1d409661a37f3228be288fe","sha1":"f5a9a8c0fe617ac34170d93653eb0f039bd0e290","sha256":"4c4d3f63b268545716a5fad88bc94e5d57d0cb941b88a6ccdfe1cbc09c383127","sha512":"f46f0d543c3d8a2109b440f332cd4acf6f1c9c7b17e8a6d7ed2a597e89fc7e36cd0c2c828a4f4a3f466f40face3990a6367ebd8c70bb408124d1b776d4fe0858","ssdeep":"","tlshash":"c8f0e178f171b5d84bc15057093ba50fd02216a3f543c8bbc44652a06d92ddd1688d6b","size":600,"data":"","first_seen":"2025-11-18T23:21:25.130474Z","last_seen":"2025-11-18T23:21:25.130474Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bloxra.rf.gd/aes.js","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"756722c3542f271367cc3b074113a8ee","sha1":"c5c24b4cfc44d597fb7d82d79a7dcea4a8d07e2b","sha256":"ed1d3bd967abe66cff832561cb911c572a2f85fd6cffc32ef3cec68dbc60c7ce","sha512":"ec3293d425646848dc2cf5d3cebae22b91d99461d3565ed17599af961f6f0062167446f732e91ade94f7e589000cda7e85259a217c5ce571bc11c175435a4290","ssdeep":"","tlshash":"8d1150a5034607bcf6cd0ec8c40a321a21f1c04abe2112c9afb36ae77c3b8840034e26","size":1000,"data":"","first_seen":"2025-03-10T10:15:36.223346Z","last_seen":"2026-04-04T13:56:18.423115Z","times_seen":1672,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bloxra.rf.gd/?i=1","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"3538050ef3b4582a940525005b73ccab","sha1":"a0613362247da2e786be51c6432f54ac0a32c443","sha256":"11134db05c3504d6c10a7296d6f56c266f110ab2bed8b0131206966831d4bbb2","sha512":"83a5890d951d1a50b613f7b271ae51332e19d11939da5a45de848679a1aab4b820cdc20f1657a6cac83929352e5e8ad7201e903b0b7a6a3bf45242e946373801","ssdeep":"","tlshash":"b9c02bdc8200f7944063cc250d6cdc42b222cd613848401725c0303d22809194d823dc","size":139,"data":"","first_seen":"2025-11-18T23:21:25.132045Z","last_seen":"2025-11-18T23:21:25.132045Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d1y3y09sav47f5.cloudfront.net/hEvN6gAnDmael.4112040.5db67.0.js","fqdn":"d1y3y09sav47f5.cloudfront.net","domain":"d1y3y09sav47f5.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.167.7.148","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"98654085e17505b01fcf9901bc936b3b","sha1":"66a61678f62300f6600f5b0164de1a8234b94e22","sha256":"6e9b3c97d11333d566b90216d3685e543f1cbd2e2547c3607de809ee61d1f284","sha512":"6909eb169bf264a82a8bdd06f1a437219f90ad28c10132422449d25b26114bb1c01c77667a904193f40d9253999ac11715f4eee298552de8de64bfa4f33a9998","ssdeep":"384:MiwWVxDD7FNMElWE9WzK6gB+0fQpdlf/04vcswaw3wmhwewXwu:MQVxXhem6gB+F04vcDxgmylAu","tlshash":"204208e67991d428f2928c1d62ff1eb9a845302481c2f3b4fa4de53c47ce4f85ae2794","size":13183,"data":"","first_seen":"2025-11-18T23:21:25.097749Z","last_seen":"2025-11-18T23:21:25.097749Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"5fd8f63c093b7e3ac5f8945bba8b11ad","sha1":"fafacb87df99677ab5f520aabbf890da321ffca8","sha256":"95df71edf476c7953e7f80cad39b36bd9bff2f14cd7b002c7eea3c9c178bca78","sha512":"987599ff7f0f8a542b85d6d4da6f0e6b7f6032bf592072151687b4ee729ca22d96f4a6cd9dc12775ae1e7fad3725ce2923df58970262a7c841fd9e25c0da4aca","ssdeep":"","tlshash":"5e31d725b7115bde2ce2ddd99c0b903cdcd20f58b2168c44a11b90266a3c066fd4a5b8","size":1542,"data":"","first_seen":"2025-11-18T23:21:25.133118Z","last_seen":"2025-11-18T23:21:25.133118Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"5fbddfa98c56ac8f6cf74cab476b9c3b","sha1":"6ee2e3117987f4a316bcae01b0fb30dd46deb423","sha256":"271db25bc099a516e36e969bd3be0e6ad82c06193b8bbb6c8f5711c91de3c778","sha512":"1554011792a80e045fec9813ab5606110da76d3b13055990c65ea9e69bf6d42d7ede869de871b074682e45ff0d59ae6e880fbbc8bbe0eefe36b69f0287ecd4f8","ssdeep":"96:1eoznZjiUQzcq9HsKjk/q+3JQgtBif6MOJAvBOI1jDQCfMEDaH:1Lzd4cIbkxigtQnZvkQvQCkCaH","tlshash":"28911b25bee505f935d3e1de382ae01dad9096093700cd09b84cd5751f34bb89ee9ee4","size":4614,"data":"","first_seen":"2025-11-18T23:21:25.134508Z","last_seen":"2025-11-18T23:21:25.134508Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d1y3y09sav47f5.cloudfront.net/public/external/check.php?it=4112040\u0026time=1763508074427","fqdn":"d1y3y09sav47f5.cloudfront.net","domain":"d1y3y09sav47f5.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.167.7.148","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"69d77690ed201acd0627e99dd35c96eb","sha1":"05ffc794be6dae3836ee5df72d82d917323b2941","sha256":"577d248638c57941b7e35d9a19ef4b5d88d52482f6e59254142d4266c57bad38","sha512":"06aaf36275b0c4de82580319878333d973d3cd464f4c09df4281551f4381940dc792eb28c2c84b3a94196b53edf41751b01976ad77c5e393c0b62574c4b214bf","ssdeep":"","tlshash":"32a0220c0c02220f033230b080bbc8280030e3320bc0c3a8282aca8a2e03c3b2a0208e","size":72,"data":"","first_seen":"2023-08-12T16:35:44Z","last_seen":"2026-04-04T20:56:17.979658Z","times_seen":2797,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d1y0yks1k8t5m5.cloudfront.net/9eb4561.js","fqdn":"d1y0yks1k8t5m5.cloudfront.net","domain":"d1y0yks1k8t5m5.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.167.7.41","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6f71ffb9a974716679657dc2be6f48a2","sha1":"39559ee70c44e2cc86c540d28ec98f63b8d929ac","sha256":"beb56d146fa8ce59399730dca37f9ee41d29b6c53d49c07e0d219e0eb04e93ca","sha512":"da2fd18206595f8115993b5ad4f05753e06530143741b8698ab4d548bd11c632be8aa5adb71293faedd2a82da84556c55130ab679171ed8eb05ae1db57b5d8b5","ssdeep":"768:n5f2+236wBXroljZ1/peRXMiH54aGz1WCyQgmip4L/4aLv0NO:03Z7OZ1h2ayQgM","tlshash":"0bc2545aab5a1849867763b9df1f5208fa75032f1512c119bc7c88d85fb0d3442aaffc","size":27325,"data":"","first_seen":"2025-10-30T19:57:12.483415Z","last_seen":"2026-03-23T20:40:14.861593Z","times_seen":590,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bloxra.rf.gd/?i=1","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"8598439efe10ad0ca60bf9be26d84c36","sha1":"7a123defe9ac39aa60bd5e5ac29caed8b6e87d6a","sha256":"0a9447ec1771f71a49b19661c87d61ccd2aa3b6007b9a30d916b3092ae33fbe5","sha512":"3c3792056748e396d7d1105190844003d2130e549281d6bd21455cf2be793a5b498a3d825d4b557a230e37381ecc3670c69a0ea319afcb3b2526ebe59d0b4e2d","ssdeep":"","tlshash":"aec09bf99558fb9442d6cc101c6cd545d3108d11759d405725d05c2547a4a25d9d1f9c","size":140,"data":"","first_seen":"2025-11-18T23:21:25.135971Z","last_seen":"2025-11-18T23:21:25.135971Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.highperformanceformat.com/1bfbba10bd525063ad7d0ad3e4ee8e6f/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:55.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Oct 2025 22:02:13 GMT","end":"Thu, 08 Jan 2026 22:02:12 GMT"},"fingerprint":{"sha1":"77:A0:FB:EB:5C:7E:49:7D:87:94:CB:C5:AB:72:11:AE:6F:98:F7:81","sha256":"A3:92:D0:6C:23:66:83:18:50:AC:6C:E2:27:1F:6A:82:CE:FC:2B:6B:7E:B7:B3:EA:B9:6A:56:B2:EC:04:AF:40"}}},"request":{"raw":"GET /1bfbba10bd525063ad7d0ad3e4ee8e6f/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 18 Nov 2025 23:20:56 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18463\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 6\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 1823c7f3bff1a3fcf59f105cddb212d9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46403,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46403), with no line terminators","md5":"9469fb46eea6dc9976f597a71a27837a","sha1":"63e9bbafd2ebfb973d6c0036cab8fdb32060cd35","sha256":"6551251f52d9748d95ca8f50dd31555e3b09b73f59d8fbd29d1a618abee1423e","sha512":"dc0d68e085d807351a326662facd4ae3dd75b3905dd3f0ccab4e54f5b92c65c80e03af0d1f137a48bd52fe2864c160d94927fd5b681549ede6b07dc6fb7badd1","ssdeep":"768:n5/C6gfHBHuf0gCjEqeJMtQIHKmt2FdWS2WN:nI6gfhHuf0geEqeMQIHKV3PN","tlshash":"c82308883fa0f66b07727437126fd11ffa6acc019888cc5cca46d5e92f68b19e536b45","first_seen":"2025-11-18T23:21:25.088492Z","last_seen":"2025-11-18T23:21:25.088492Z","times_seen":1,"resource_available":true,"data":null}},"time_used":819,"timings":{"blocked":311,"dns":20,"connect":96,"send":0,"wait":102,"receive":92,"ssl":194},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"52.29.31.50","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:56.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Thu, 13 Nov 2025 00:00:00 GMT","end":"Sat, 12 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:50:7B:F0:62:36:A9:72:6E:00:E4:29:DC:9D:26:DA:FD:0C:F3:57","sha256":"B7:36:D6:D3:F5:B6:FB:37:AE:FB:45:A8:9E:BF:4F:85:E1:7D:20:C8:4F:77:1D:00:EE:EC:AC:B8:07:AB:95:DE"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://bloxra.rf.gd\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 18 Nov 2025 23:20:56 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://bloxra.rf.gd\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=5fd016fa-0a76-4067-8999-f01d91f08132:2:1; expires=Fri, 16 Nov 2035 23:20:56 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"dbedaece719301c1e121ecc76b852ff4","sha1":"1afa72c912696e63e32c9f14f2e3c480299464f9","sha256":"e4648d4a2c78239bd9b9b871cd664b2bde98ffaa0703a099e8436bf4178bcde0","sha512":"50a8e1a1a66fa07349498c3e13f6b7fb3b1966d48a3975dfae5a03d9ac2a02be6aeedc55b0f02c46ff7560bc4e3cc67d10dd4ddb7d5cf3658fb54e634fbeb312","ssdeep":"","tlshash":"af9004c740137301010431454c0430c5c0d5c47f5543500cd4105510ccd134c5cc15d5","first_seen":"2025-11-18T23:21:25.091982Z","last_seen":"2025-11-18T23:21:25.091982Z","times_seen":1,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":113,"dns":25,"connect":21,"send":0,"wait":22,"receive":0,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d1y3y09sav47f5.cloudfront.net/hEvN6gAnDmael.4112040.5db67.0.js","fqdn":"d1y3y09sav47f5.cloudfront.net","domain":"d1y3y09sav47f5.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.167.7.148","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:56.705Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /hEvN6gAnDmael.4112040.5db67.0.js HTTP/1.1\r\nHost: d1y3y09sav47f5.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Tue, 18 Nov 2025 23:20:56 GMT\r\nserver: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11\r\nx-powered-by: PHP/7.4.11\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 be3750c9aa69fd9d53a35aea8d9dab16.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: YsrLODEkE2PFhhR1ReW-vsOpDh25ODxK4aB1Hkv3Eiy-UZxc4aoQCw==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenSSL:1.0.2k","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"PHP:7.4.11","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Apache HTTP Server:2.4.51","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":13183,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11898), with CRLF line terminators","md5":"98654085e17505b01fcf9901bc936b3b","sha1":"66a61678f62300f6600f5b0164de1a8234b94e22","sha256":"6e9b3c97d11333d566b90216d3685e543f1cbd2e2547c3607de809ee61d1f284","sha512":"6909eb169bf264a82a8bdd06f1a437219f90ad28c10132422449d25b26114bb1c01c77667a904193f40d9253999ac11715f4eee298552de8de64bfa4f33a9998","ssdeep":"384:MiwWVxDD7FNMElWE9WzK6gB+0fQpdlf/04vcswaw3wmhwewXwu:MQVxXhem6gB+F04vcDxgmylAu","tlshash":"204208e67991d428f2928c1d62ff1eb9a845302481c2f3b4fa4de53c47ce4f85ae2794","first_seen":"2025-11-18T23:21:25.097749Z","last_seen":"2025-11-18T23:21:25.097749Z","times_seen":1,"resource_available":true,"data":null}},"time_used":187,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bloxra.rf.gd/favicon.ico","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:56.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rf.gd","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 02 Sep 2025 00:00:00 GMT","end":"Mon, 01 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"A1:8B:7C:B2:6A:0C:2D:92:A7:D4:E0:E0:01:4F:C3:E3:92:02:38:85","sha256":"FA:E2:14:A2:23:AE:E7:3C:7E:5E:61:AC:8E:A9:8F:63:FD:36:A7:D4:0D:EC:C3:3F:E1:BB:B1:9D:C1:05:C1:E7"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: bloxra.rf.gd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/?i=1\r\nCookie: __test=d815560ca38dfc5407be75d8c021566d; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5fd016fa-0a76-4067-8999-f01d91f08132%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: openresty\r\nDate: Tue, 18 Nov 2025 23:20:56 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 227\r\nConnection: keep-alive\r\nLocation: https://errors.infinityfree.net/errors/404/\r\nCache-Control: max-age=2592000\r\nExpires: Thu, 18 Dec 2025 23:20:56 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T21:47:03.661814Z","times_seen":13347989,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"bloxra.rf.gd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"bloxra.rf.gd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/impr.gif?sid=H4sIAAAAAAAC_1RTvW8c1Rd947iLlOT3A5EGiS0oQMKbNzNv3syQAsWEQETiRE4gQlTv03ns7LzJvPlYbxURCaW0qCjHd51Y-RCChi4iWtMFkLJULuKGfwAJiRLQOitZ3OLec-fc4pzReV9t1wcohJrtX71sxybL2Jmoj3tv3TC5tK3rrV3v-biPz_ZumJySs73RvJXNu35I-vjt3odKDOyZAPsY-9jvXTCl0nZ05pAFUzxO_X6K-yTo-xGBUfnf3dUeOOaBbA7Q_8HI2cnf9edgxBTy4XfnlRtUtnjng2GdscqW0MjdT_JBbtschkdQlx7ofHdxDdbNEPpmCWy-u3AAttmZOwBuZmjptRfA892FTODNvZdKeQYqBy6PQ9tMQWV7YNgUhL0DRj5HAELC2hXIh_fXbNmyzZcsm7MztPzXn2DaGVp-8Srkw29XMzPqXbNZXRmbOxjpDsxoCmZjCkW9B9XYA9Pugai-BCN_Rfj0cciHDz-yjRn0GlUOwMj9NyMtsU81W8EspisE03glSdN0RWNfpr7GiR8Ghz_K6CkwtwS186A2HtTag7rwYCj3ewQnRPgspDqVIsaEESIVx2kSYMxSEUMt5g62oCq2QGRbIMrbUJS3YWC-niHv1JPn0RjK-im4m_s_BCnnNIxYjFmSijhJQ8VDlWqCsSaaRCIKGEkUTwSNYkmDVKVJoCNKFRbR_MSPNBUq8QkLfZ_yNFKEEBLFEeahjOKAaBWoQNOICD-K0kRiGiqaYox9FohEKxzEghJKMI6wLyhVIYlZzKTmLIjSlGiKA01FnGotEpFSHCYSnPTAVQga2UGrELQOQcsQtAZBWyFom-6ezFzguvsyczX3FzNYzLCb2Gpjm92z1YbKEbByC0rZ7ZjilrsDojo2GWsnJ3beGK-6CeOy2y4O0P_m2fAe_LIDA7Xf87nmnPmYyyiIMA2ZjCVmMlREqURRDc50YNwSMOfB2MzQ-rVbUJgZOvXpHnC2By7bA2GOAatPA2sncZAAuwkphnH-KGOFdTbrjzbHIG0HRbUM1aa3nR2gVybr11efHsb0DXsOlHiGFgWi7KAoO_jC_IRgI7s7Wbct2lm3rUPfXykqMzRjNo_wtYpVynv4sdpsbSkvnndbD86JOTGHj68rV11iuTT5hkOPVo2UqrxgS6HQk4vuhuJXa3dztS7zurh09f0LF4dFqZwzNp8CM89PnABhZmh57efDx3ny8t8gitvgiiOVziLgBYLMIMjU0XfGO3Dq2Y9_LHZ-hLfdXdgoPWDVHciHHTRlB03WAcu2wNXHJlVRPnvvt_CwgGfehGcl2uFZOefNfk-HKhAYJzH1w0QrPyRS6CghqaQMh6GCys3M6_989m8AAAD__1sXb_86BQAA","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:57.239Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTvW8c1Rd947iLlOT3A5EGiS0oQMKbNzNv3syQAsWEQETiRE4gQlTv03ns7LzJvPlYbxURCaW0qCjHd51Y-RCChi4iWtMFkLJULuKGfwAJiRLQOitZ3OLec-fc4pzReV9t1wcohJrtX71sxybL2Jmoj3tv3TC5tK3rrV3v-biPz_ZumJySs73RvJXNu35I-vjt3odKDOyZAPsY-9jvXTCl0nZ05pAFUzxO_X6K-yTo-xGBUfnf3dUeOOaBbA7Q_8HI2cnf9edgxBTy4XfnlRtUtnjng2GdscqW0MjdT_JBbtschkdQlx7ofHdxDdbNEPpmCWy-u3AAttmZOwBuZmjptRfA892FTODNvZdKeQYqBy6PQ9tMQWV7YNgUhL0DRj5HAELC2hXIh_fXbNmyzZcsm7MztPzXn2DaGVp-8Srkw29XMzPqXbNZXRmbOxjpDsxoCmZjCkW9B9XYA9Pugai-BCN_Rfj0cciHDz-yjRn0GlUOwMj9NyMtsU81W8EspisE03glSdN0RWNfpr7GiR8Ghz_K6CkwtwS186A2HtTag7rwYCj3ewQnRPgspDqVIsaEESIVx2kSYMxSEUMt5g62oCq2QGRbIMrbUJS3YWC-niHv1JPn0RjK-im4m_s_BCnnNIxYjFmSijhJQ8VDlWqCsSaaRCIKGEkUTwSNYkmDVKVJoCNKFRbR_MSPNBUq8QkLfZ_yNFKEEBLFEeahjOKAaBWoQNOICD-K0kRiGiqaYox9FohEKxzEghJKMI6wLyhVIYlZzKTmLIjSlGiKA01FnGotEpFSHCYSnPTAVQga2UGrELQOQcsQtAZBWyFom-6ezFzguvsyczX3FzNYzLCb2Gpjm92z1YbKEbByC0rZ7ZjilrsDojo2GWsnJ3beGK-6CeOy2y4O0P_m2fAe_LIDA7Xf87nmnPmYyyiIMA2ZjCVmMlREqURRDc50YNwSMOfB2MzQ-rVbUJgZOvXpHnC2By7bA2GOAatPA2sncZAAuwkphnH-KGOFdTbrjzbHIG0HRbUM1aa3nR2gVybr11efHsb0DXsOlHiGFgWi7KAoO_jC_IRgI7s7Wbct2lm3rUPfXykqMzRjNo_wtYpVynv4sdpsbSkvnndbD86JOTGHj68rV11iuTT5hkOPVo2UqrxgS6HQk4vuhuJXa3dztS7zurh09f0LF4dFqZwzNp8CM89PnABhZmh57efDx3ny8t8gitvgiiOVziLgBYLMIMjU0XfGO3Dq2Y9_LHZ-hLfdXdgoPWDVHciHHTRlB03WAcu2wNXHJlVRPnvvt_CwgGfehGcl2uFZOefNfk-HKhAYJzH1w0QrPyRS6CghqaQMh6GCys3M6_989m8AAAD__1sXb_86BQAA HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkwNTQ0NCwiayI6IjFiZmJiYTEwYmQ1MjUwNjNhZDdkMGFkM2U0ZWU4ZTZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzk1MzEzLCJwaWQiOjEwNzA3ODcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoibTIzNzYzZG14YiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9ibG94cmEucmYuZ2QvP2k9MSIsImFyIjpbXX19.iK12GzvQFLUtzBP_949axmKFWO04HEMlgDEun54KBvA; uid_id2=5fd016fa-0a76-4067-8999-f01d91f08132:2:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1; u_pl27905444=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 18 Nov 2025 23:20:57 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+adaa14d61454bdd102498d259cad18a5=2060097; expires=Tue, 02 Dec 2025 23:20:57 GMT; path=/; secure; SameSite=None\niprc_l:2060097=1; expires=Tue, 02 Dec 2025 23:20:57 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 5\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2d55fd99ffdf3ea719dd525bf66b692d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T21:47:03.661814Z","times_seen":13347989,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bloxra.rf.gd/aes.js","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bloxra.rf.gd/","date":"2025-11-18T23:20:55.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rf.gd","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 02 Sep 2025 00:00:00 GMT","end":"Mon, 01 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"A1:8B:7C:B2:6A:0C:2D:92:A7:D4:E0:E0:01:4F:C3:E3:92:02:38:85","sha256":"FA:E2:14:A2:23:AE:E7:3C:7E:5E:61:AC:8E:A9:8F:63:FD:36:A7:D4:0D:EC:C3:3F:E1:BB:B1:9D:C1:05:C1:E7"}}},"request":{"raw":"GET /aes.js HTTP/1.1\r\nHost: bloxra.rf.gd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T21:47:03.661814Z","times_seen":13347989,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"bloxra.rf.gd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"bloxra.rf.gd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d1y0yks1k8t5m5.cloudfront.net/9eb4561.js","fqdn":"d1y0yks1k8t5m5.cloudfront.net","domain":"d1y0yks1k8t5m5.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.167.7.41","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:55.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /9eb4561.js HTTP/1.1\r\nHost: d1y0yks1k8t5m5.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 30 Oct 2025 17:05:01 GMT\r\nserver: AmazonS3\r\ncontent-encoding: gzip\r\ndate: Tue, 18 Nov 2025 23:20:56 GMT\r\netag: W/\"6f71ffb9a974716679657dc2be6f48a2\"\r\nvary: accept-encoding\r\nx-cache: Error from cloudfront\r\nvia: 1.1 4b6691d4a753b7360fa8632b90c77126.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: sIGYZGyUKrkc9nhWUGxZI59PblE_7IzvACB6g3wQfAcQLtFadYJbzg==\r\nage: 105\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":27325,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1637), with CRLF line terminators","md5":"6f71ffb9a974716679657dc2be6f48a2","sha1":"39559ee70c44e2cc86c540d28ec98f63b8d929ac","sha256":"beb56d146fa8ce59399730dca37f9ee41d29b6c53d49c07e0d219e0eb04e93ca","sha512":"da2fd18206595f8115993b5ad4f05753e06530143741b8698ab4d548bd11c632be8aa5adb71293faedd2a82da84556c55130ab679171ed8eb05ae1db57b5d8b5","ssdeep":"768:n5f2+236wBXroljZ1/peRXMiH54aGz1WCyQgmip4L/4aLv0NO:03Z7OZ1h2ayQgM","tlshash":"0bc2545aab5a1849867763b9df1f5208fa75032f1512c119bc7c88d85fb0d3442aaffc","first_seen":"2025-10-30T19:57:12.483415Z","last_seen":"2026-03-23T20:40:14.861593Z","times_seen":590,"resource_available":true,"data":null}},"time_used":352,"timings":{"blocked":62,"dns":53,"connect":1,"send":0,"wait":225,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d1y3y09sav47f5.cloudfront.net/public/external/css_frontXF.css","fqdn":"d1y3y09sav47f5.cloudfront.net","domain":"d1y3y09sav47f5.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.167.7.148","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:56.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /public/external/css_frontXF.css HTTP/1.1\r\nHost: d1y3y09sav47f5.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 6134\r\ndate: Tue, 18 Nov 2025 23:20:56 GMT\r\naccept-ranges: bytes\r\nserver: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11\r\nlast-modified: Thu, 17 Aug 2023 03:23:45 GMT\r\netag: \"17f6-60315f092dd96\"\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 be3750c9aa69fd9d53a35aea8d9dab16.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: R3CLVrePieHt2vkKilT-SoQeK-yuDKrYCjPhzGplwyq1u-IYDvCGtg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Apache HTTP Server:2.4.51","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP:7.4.11","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"OpenSSL:1.0.2k","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]}],"data":{"size":6134,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"8cf8da7dc6b5d43ae6872b4fe5564c38","sha1":"cc3c14ce8bccf427b4a777449876eb722381cb18","sha256":"60a0f85900cf8e56c1607c8c120f68064a4f8d22a40637b224774cb611e93c2f","sha512":"e719aa872285169d609b29810cf8b4d748bae32bb08ceb4122ea4cd08345f7fb1f688eb03f55c10ad145e414920de88ffdc02f6b77be46e2d9106d80438f7826","ssdeep":"96:XtPngNH2uJbg6iLiTX9KFORdtHGMl3JYYD9PzhZ:XtPgRpViLiTX1dtHGMlm29PzhZ","tlshash":"eac1e16c6d21254581368a15e3db861ad87ca12319317efdb381235b4f316fc13abfba","first_seen":"2023-08-18T00:45:26Z","last_seen":"2026-04-04T20:56:17.976857Z","times_seen":2624,"resource_available":false,"data":null}},"time_used":419,"timings":{"blocked":32,"dns":24,"connect":1,"send":0,"wait":352,"receive":1,"ssl":6},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.558422396347.js?key=74c9ac4396867cbdceb050965e37e6dc\u0026kw=%5B%22robux%22%2C%22rewards%22%2C%22portal%22%5D\u0026refer=https%3A%2F%2Fbloxra.rf.gd%2F%3Fi%3D1\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=2ee22885-34a1-4b43-b1f8-c6f07c9f67aa%3A3%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:56.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /watch.558422396347.js?key=74c9ac4396867cbdceb050965e37e6dc\u0026kw=%5B%22robux%22%2C%22rewards%22%2C%22portal%22%5D\u0026refer=https%3A%2F%2Fbloxra.rf.gd%2F%3Fi%3D1\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=2ee22885-34a1-4b43-b1f8-c6f07c9f67aa%3A3%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://bloxra.rf.gd\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Tue, 18 Nov 2025 23:20:57 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://bloxra.rf.gd\r\naccess-control-allow-credentials: true\r\nlocation: https://kettledroopingcontinuation.com/watch.558422396347.js?dev=e\u0026key=74c9ac4396867cbdceb050965e37e6dc\u0026kw=%5B%22robux%22%2C%22rewards%22%2C%22portal%22%5D\u0026pst=1763508117\u0026rb=\u0026refer=https%3A%2F%2Fbloxra.rf.gd%2F%3Fi%3D1\u0026res=14.3095\u0026rmtc=t\u0026shu=355cddd3d52625e7d1c807f7e36a1b46817986e33104897b66f3f4695b750347c2087719b9e052ab3f2f8d17c93530a0874dfba9df25eea79dfcebf126b82feb19b65234437f68632f6251041c53f934758ccb97a48f83701baba2\u0026tz=0\u0026uuid=2ee22885-34a1-4b43-b1f8-c6f07c9f67aa%3A3%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkwNTQzNCwiayI6Ijc0YzlhYzQzOTY4NjdjYmRjZWIwNTA5NjVlMzdlNmRjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzk1MzEzLCJwaWQiOjEwNzA3ODcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyNSwicHQiOjQsInBrIjoiY2hiaDBzdGlzZCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9ibG94cmEucmYuZ2QvP2k9MSIsImFyIjpbXX19.pisague4DUjpBYw-ndV_SFU8qKwfJbQtniKZolOXthk; expires=Tue, 18 Nov 2025 23:21:57 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b961cf8ccc1e38c9760bc0bf16ed734a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4647,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T21:47:03.661814Z","times_seen":13347989,"resource_available":true,"data":null}},"time_used":721,"timings":{"blocked":312,"dns":27,"connect":93,"send":0,"wait":97,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/58/b5/3b/58b53b1bfaf310447f6880395b0d0b18/1708270046.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:57.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/58/b5/3b/58b53b1bfaf310447f6880395b0d0b18/1708270046.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 18 Nov 2025 23:20:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 69652\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 18 Feb 2024 15:27:35 GMT\r\netag: \"65d221e7-11014\"\r\nexpires: Thu, 20 Nov 2025 23:20:57 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69652,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.5 (Windows), datetime=2024:02:16 15:27:39], progressive, precision 8, 160x600, components 3","md5":"a7777cbd377941aa40b507a1bad2acd6","sha1":"7938cfbbfeac94443dbb7ef03e331097bd74ec4c","sha256":"34dc3565d903f16911abd4a1b9936df096942bc280f7aa1a248ee003bcb3758a","sha512":"593b5dfaf8d4c5c65554b0c23fe79003fb4ca988f2f1f46d61de84dfe3f542a9bfe61422955d0f4a342ae2288aac3197e83eb74abcb8a200d149b4a74fa837cb","ssdeep":"768:NUSXiKUSZmTA9bk1dY7gnVwzRJdfmOKavqwLhy/lb0itvOxca+jN7s1jhh0HXC/+:DTZmECBuzfmOtvh9itaymthMSp33/Sp","tlshash":"e363f140bb08ba21eceb417b4dfae9c3caa345e2de53a7117c8d19127f786d05f28905","first_seen":"2024-02-19T19:04:29Z","last_seen":"2026-04-03T14:43:46.903283Z","times_seen":257,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RTS4tcRRSumwkiBDQ-UAQXvXCh4nTq3qr7MgtxjNFgXkyiQVzVc1L27Vs3t-6jp3ERDEjAzeBKXN05PcmQB6Ibd4HQ48qgMO1qFpmN4B8Q3Co9aRg9i3O-U18tvq_46qvNeh8RqNnexXN2bLKMnQj7uPf6FZNL27re-cs9H_fxyd4Vk0f0ZG80b2Xztk9oH7_R-0CJgT0RYB9jH_u906ZU2o5OHLBgivup309xnwZ9P6QwKv-_u9oDxzyQzT56HoycPfuH_gyMmEI-_OGUcoPKFm-9P6wzVtkSGrn9cT7IbZvD8BDq0gOdby9ug3UzhL49AjbfXjgA22zNHQA3M3TkpcfA8-2FTODNrSdKeQYqBy6PQdtMQWU7YNgUhL0BRu4iACHh_AXIh7fP27Jl609YNmdn6Ojff4FpZ-jo4xchH36_kplR75LN6srY3MFId2BGUzBrUyjqHajGHph2B0T1JRj5G8IvH4N8ePdD25hBr1HlAIzcey1QKgiSJFwmlPnLlFOyzH2dLItI41ikOooZO3goo6fA3BLUzoPaeFBrD-rCg6Hc61GcUOEzEulUihhTRqlUHKdJgDFLRQy1mDvYgKrYAJFtgCivQ1Feh4H5Zoa84w92wzGU9UNwV_d-ImEopJREhkEUhCqWvkhwrGNFIuZzGiV-nCaRIsTHNEljHkWaaBqlIY9DTGgsApzEsZ_yVOEwYJzoQCfSj0VKQoIZTmIqNWep1EGoFItTqYXi2g8ingRacT_lURgQSkmsoyQigY6C0MfUFyHRKaFxmAjB05jRRCckxj5nnAXgpAeuQtDIDlqFoHUIWoagNQjaCkHbdLdk5gLX3ZaZq7m_mMFikm5iq7VNdstWaypHwMoNKGW3ZYpr7gaIamky1k5O7LwxXnUTxmW3Weyj5-bZ8O78-h0M1F4vpiJlgpI0SqJYcCkUxyFOo1CRWEVSgDMdGHcEmPNgbGZo9dI1KMwMHf9kBzjbAZftgDBLwOpXgLUTP8LArk4ijGGc38tYYZ3N-qP1MUjbQVEdhWrd28z20QuT1csrDw9yevbcF6DEI7QoEGUHRdnB5-ZnBGvZzcmqbdHWqm0d-vFCUZmhGbN5hi9VrFJP3f1Irbe2lGdOuY0774o5MYf3LytXnWW5NPmaQ_dWjJSqPG1LodCDM-6K4hdrd3WlLvO6OHvxvdNnhkWpnDM2nwIzu-oXEGaGnvmzOfidb379NIjiOrjiUKWzCHiBIDMIMnV4zngH7j87P8Sb7iaslR6w6gbkww6asoMm64BlG-DqpUlVlI_e-Z0cFPDMm_CsRFs8K-e82etpogKBcRJHPkm08gmVQocJTWXEMCEKKjczr_7z6b8BAAD__4YoxpY7BQAA","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:57.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTS4tcRRSumwkiBDQ-UAQXvXCh4nTq3qr7MgtxjNFgXkyiQVzVc1L27Vs3t-6jp3ERDEjAzeBKXN05PcmQB6Ibd4HQ48qgMO1qFpmN4B8Q3Co9aRg9i3O-U18tvq_46qvNeh8RqNnexXN2bLKMnQj7uPf6FZNL27re-cs9H_fxyd4Vk0f0ZG80b2Xztk9oH7_R-0CJgT0RYB9jH_u906ZU2o5OHLBgivup309xnwZ9P6QwKv-_u9oDxzyQzT56HoycPfuH_gyMmEI-_OGUcoPKFm-9P6wzVtkSGrn9cT7IbZvD8BDq0gOdby9ug3UzhL49AjbfXjgA22zNHQA3M3TkpcfA8-2FTODNrSdKeQYqBy6PQdtMQWU7YNgUhL0BRu4iACHh_AXIh7fP27Jl609YNmdn6Ojff4FpZ-jo4xchH36_kplR75LN6srY3MFId2BGUzBrUyjqHajGHph2B0T1JRj5G8IvH4N8ePdD25hBr1HlAIzcey1QKgiSJFwmlPnLlFOyzH2dLItI41ikOooZO3goo6fA3BLUzoPaeFBrD-rCg6Hc61GcUOEzEulUihhTRqlUHKdJgDFLRQy1mDvYgKrYAJFtgCivQ1Feh4H5Zoa84w92wzGU9UNwV_d-ImEopJREhkEUhCqWvkhwrGNFIuZzGiV-nCaRIsTHNEljHkWaaBqlIY9DTGgsApzEsZ_yVOEwYJzoQCfSj0VKQoIZTmIqNWep1EGoFItTqYXi2g8ingRacT_lURgQSkmsoyQigY6C0MfUFyHRKaFxmAjB05jRRCckxj5nnAXgpAeuQtDIDlqFoHUIWoagNQjaCkHbdLdk5gLX3ZaZq7m_mMFikm5iq7VNdstWaypHwMoNKGW3ZYpr7gaIamky1k5O7LwxXnUTxmW3Weyj5-bZ8O78-h0M1F4vpiJlgpI0SqJYcCkUxyFOo1CRWEVSgDMdGHcEmPNgbGZo9dI1KMwMHf9kBzjbAZftgDBLwOpXgLUTP8LArk4ijGGc38tYYZ3N-qP1MUjbQVEdhWrd28z20QuT1csrDw9yevbcF6DEI7QoEGUHRdnB5-ZnBGvZzcmqbdHWqm0d-vFCUZmhGbN5hi9VrFJP3f1Irbe2lGdOuY0774o5MYf3LytXnWW5NPmaQ_dWjJSqPG1LodCDM-6K4hdrd3WlLvO6OHvxvdNnhkWpnDM2nwIzu-oXEGaGnvmzOfidb379NIjiOrjiUKWzCHiBIDMIMnV4zngH7j87P8Sb7iaslR6w6gbkww6asoMm64BlG-DqpUlVlI_e-Z0cFPDMm_CsRFs8K-e82etpogKBcRJHPkm08gmVQocJTWXEMCEKKjczr_7z6b8BAAD__4YoxpY7BQAA HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkwNTQzNCwiayI6Ijc0YzlhYzQzOTY4NjdjYmRjZWIwNTA5NjVlMzdlNmRjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzk1MzEzLCJwaWQiOjEwNzA3ODcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyNSwicHQiOjQsInBrIjoiY2hiaDBzdGlzZCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9ibG94cmEucmYuZ2QvP2k9MSIsImFyIjpbXX19.pisague4DUjpBYw-ndV_SFU8qKwfJbQtniKZolOXthk; uid_id2=2ee22885-34a1-4b43-b1f8-c6f07c9f67aa:3:1; pdhtkv=true; uncs=1; pdhtkv25=true; uncs25=1; u_pl27905434=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 18 Nov 2025 23:20:57 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 03260f69ee7c3654a25c11756ef6fd48\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T21:47:03.661814Z","times_seen":13347989,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d1y3y09sav47f5.cloudfront.net/public/external/check.php?it=4112040\u0026time=1763508059076","fqdn":"d1y3y09sav47f5.cloudfront.net","domain":"d1y3y09sav47f5.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.167.7.148","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:59.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /public/external/check.php?it=4112040\u0026time=1763508059076 HTTP/1.1\r\nHost: d1y3y09sav47f5.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 72\r\ndate: Tue, 18 Nov 2025 23:20:59 GMT\r\nx-powered-by: PHP/7.4.11\r\nserver: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 be3750c9aa69fd9d53a35aea8d9dab16.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: SmEcehqcx7Y4fLnAW4EDf2ZmqRWFB3mXHiHPeSlfTWgYyNTRzRdEFw==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenSSL:1.0.2k","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Apache HTTP Server:2.4.51","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP:7.4.11","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":72,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"69d77690ed201acd0627e99dd35c96eb","sha1":"05ffc794be6dae3836ee5df72d82d917323b2941","sha256":"577d248638c57941b7e35d9a19ef4b5d88d52482f6e59254142d4266c57bad38","sha512":"06aaf36275b0c4de82580319878333d973d3cd464f4c09df4281551f4381940dc792eb28c2c84b3a94196b53edf41751b01976ad77c5e393c0b62574c4b214bf","ssdeep":"","tlshash":"32a0220c0c02220f033230b080bbc8280030e3320bc0c3a8282aca8a2e03c3b2a0208e","first_seen":"2023-08-12T16:35:44Z","last_seen":"2026-04-04T20:56:17.979658Z","times_seen":2797,"resource_available":true,"data":null}},"time_used":345,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":344,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bloxra.rf.gd/","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-18T23:20:55.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rf.gd","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 02 Sep 2025 00:00:00 GMT","end":"Mon, 01 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"A1:8B:7C:B2:6A:0C:2D:92:A7:D4:E0:E0:01:4F:C3:E3:92:02:38:85","sha256":"FA:E2:14:A2:23:AE:E7:3C:7E:5E:61:AC:8E:A9:8F:63:FD:36:A7:D4:0D:EC:C3:3F:E1:BB:B1:9D:C1:05:C1:E7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bloxra.rf.gd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Tue, 18 Nov 2025 23:20:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 839\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":839,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (839), with no line terminators","md5":"75a735b7a4a181f1e99efbe1618b4d08","sha1":"832372d215f554b4239b32baf7136bac6587ffe0","sha256":"bbe2c00b8ab429d8a7cc9b5e0ef3d25d86e15bb20ff75ec361831395c849aa12","sha512":"e560ca97e1481b22625b7f0bfbb7c753ec6bcd50e5fc80c4187e93097d1c6119a9c2afbd7ae783c4ab604d35b3e4793ca257b53e8b8f10a90499d8118449ab9d","ssdeep":"","tlshash":"280175b8fcb0f4c88bc000c21936d41ea412d6a6e542ccbfc4c142e965d1fdc0e85c7a","first_seen":"2025-11-18T23:21:25.113063Z","last_seen":"2025-11-18T23:21:25.113063Z","times_seen":1,"resource_available":false,"data":null}},"time_used":696,"timings":{"blocked":331,"dns":215,"connect":35,"send":0,"wait":35,"receive":0,"ssl":77},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"bloxra.rf.gd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"bloxra.rf.gd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bloxra.rf.gd/?i=1","fqdn":"bloxra.rf.gd","domain":"bloxra.rf.gd","tld":""},"ip":{"addr":"185.27.134.219","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-18T23:20:55.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rf.gd","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 02 Sep 2025 00:00:00 GMT","end":"Mon, 01 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"A1:8B:7C:B2:6A:0C:2D:92:A7:D4:E0:E0:01:4F:C3:E3:92:02:38:85","sha256":"FA:E2:14:A2:23:AE:E7:3C:7E:5E:61:AC:8E:A9:8F:63:FD:36:A7:D4:0D:EC:C3:3F:E1:BB:B1:9D:C1:05:C1:E7"}}},"request":{"raw":"GET /?i=1 HTTP/1.1\r\nHost: bloxra.rf.gd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nCookie: __test=d815560ca38dfc5407be75d8c021566d\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Tue, 18 Nov 2025 23:20:55 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 18446\r\nConnection: keep-alive\r\nLast-Modified: Sun, 16 Nov 2025 02:37:53 GMT\r\nETag: \"480e-643ad1e1c5f08\"\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=2592000, public, proxy-revalidate\r\nExpires: Thu, 18 Dec 2025 23:20:55 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18446,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"07a1953989f47a09a3e6c2657fea597f","sha1":"58b7a6bb8763459c44949b702f2bb4939e96018f","sha256":"6189aceb80c141691c71f83f17b5dfb5751820eba0ad97a1c5a7107fa6b07305","sha512":"9c1a3e0ee50983f42ee0571d48dd4c2eea693e5b591e9fabbfba2dd8c29b2c08aae4e52e102435e89d056468a685f217b0c2083149df8be669594c8c13900fc0","ssdeep":"192:gUGAaaT83Fk0R5d76WcaMH4gSnrXyqf4hb7qGtMGeo7S1SM6tmyw8yDfrdyKE5YI:UFdK7cLoPcrSFafZypSHbJb8Z","tlshash":"9682112a68f32022149390f52f774b8b3b91ea03d40bcd5a3aed57948fc6ec5cd53688","first_seen":"2025-11-18T23:21:25.11485Z","last_seen":"2025-11-18T23:21:25.11485Z","times_seen":1,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"bloxra.rf.gd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"bloxra.rf.gd","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"52.29.31.50","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:56.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Thu, 13 Nov 2025 00:00:00 GMT","end":"Sat, 12 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D1:50:7B:F0:62:36:A9:72:6E:00:E4:29:DC:9D:26:DA:FD:0C:F3:57","sha256":"B7:36:D6:D3:F5:B6:FB:37:AE:FB:45:A8:9E:BF:4F:85:E1:7D:20:C8:4F:77:1D:00:EE:EC:AC:B8:07:AB:95:DE"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://bloxra.rf.gd\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 18 Nov 2025 23:20:56 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://bloxra.rf.gd\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=2ee22885-34a1-4b43-b1f8-c6f07c9f67aa:3:1; expires=Fri, 16 Nov 2035 23:20:56 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"881e27f8867a3a543d87db12bfd9420c","sha1":"40ec43fc2bea205eb6b35c568b59e9493b3d1f9f","sha256":"2ac02d298710021bd1e7f8dae10a3cba6f43d62af27da084ceabcf7868e8c903","sha512":"67314b6bec6e4a909a951977bced0d814ef6d25453d07470b06b9576c00088d4d1e823a7b6a03372163617b3e19a2df6d1be6dda95f97fbaa4b9bcef7b7563a9","ssdeep":"","tlshash":"4090024e211156521640518009490ec48aad000088f16000050592186454d659420422","first_seen":"2025-11-18T23:21:25.11705Z","last_seen":"2025-11-18T23:21:25.11705Z","times_seen":1,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":165,"dns":22,"connect":23,"send":0,"wait":22,"receive":0,"ssl":118},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"errors.infinityfree.net/errors/404/","fqdn":"errors.infinityfree.net","domain":"infinityfree.net","tld":"net"},"ip":{"addr":"104.26.8.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:56.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"infinityfree.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Oct 2025 14:47:24 GMT","end":"Mon, 26 Jan 2026 15:47:12 GMT"},"fingerprint":{"sha1":"30:31:B0:23:27:B8:AC:B9:FE:4B:2D:37:D8:93:58:17:70:ED:A1:E1","sha256":"87:D0:90:F6:38:48:5A:4E:EF:9A:CE:D9:BC:65:63:D9:1F:8D:F2:CD:01:6C:FF:79:B3:11:67:34:3A:3D:70:F9"}}},"request":{"raw":"GET /errors/404/ HTTP/1.1\r\nHost: errors.infinityfree.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bloxra.rf.gd/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Tue, 18 Nov 2025 23:20:57 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CUDudyaWdW0Ii7UqMfqfE8O9eOzgcgNK85igiJ3AsdFL9NfGMF4S%2B0YJHcBkEY7RALVUiOGzg8gD7VaqpPYfL99luYHdO%2BKihOiHbVO5YB%2FH5g%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9a0b338c5c5c0b59-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T21:47:03.661814Z","times_seen":13347989,"resource_available":true,"data":null}},"time_used":190,"timings":{"blocked":0,"dns":22,"connect":1,"send":0,"wait":138,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/watch.977979479364.js?dev=e\u0026key=1bfbba10bd525063ad7d0ad3e4ee8e6f\u0026kw=%5B%22robux%22%2C%22rewards%22%2C%22portal%22%5D\u0026pst=1763508116\u0026rb=\u0026refer=https%3A%2F%2Fbloxra.rf.gd%2F%3Fi%3D1\u0026res=14.3095\u0026rmtc=t\u0026shu=29bb635a70a89c7893eb3e9f400f4f45c52a48eb8c657d629e982f566e0c50f4f15f6ce814a3116b95e44445750b3d5724fe2e2f654c15598d063e690001a2c8fe027c646400501c66e347a7adfba25994f602f6c79ffc8c96038d\u0026tz=0\u0026uuid=5fd016fa-0a76-4067-8999-f01d91f08132%3A2%3A1","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:57.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /watch.977979479364.js?dev=e\u0026key=1bfbba10bd525063ad7d0ad3e4ee8e6f\u0026kw=%5B%22robux%22%2C%22rewards%22%2C%22portal%22%5D\u0026pst=1763508116\u0026rb=\u0026refer=https%3A%2F%2Fbloxra.rf.gd%2F%3Fi%3D1\u0026res=14.3095\u0026rmtc=t\u0026shu=29bb635a70a89c7893eb3e9f400f4f45c52a48eb8c657d629e982f566e0c50f4f15f6ce814a3116b95e44445750b3d5724fe2e2f654c15598d063e690001a2c8fe027c646400501c66e347a7adfba25994f602f6c79ffc8c96038d\u0026tz=0\u0026uuid=5fd016fa-0a76-4067-8999-f01d91f08132%3A2%3A1 HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://bloxra.rf.gd\r\nReferer: https://bloxra.rf.gd/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkwNTQ0NCwiayI6IjFiZmJiYTEwYmQ1MjUwNjNhZDdkMGFkM2U0ZWU4ZTZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzk1MzEzLCJwaWQiOjEwNzA3ODcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoibTIzNzYzZG14YiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9ibG94cmEucmYuZ2QvP2k9MSIsImFyIjpbXX19.iK12GzvQFLUtzBP_949axmKFWO04HEMlgDEun54KBvA\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 18 Nov 2025 23:20:57 GMT\r\nContent-Type: text/html\r\nContent-Length: 2704\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://bloxra.rf.gd\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=5fd016fa-0a76-4067-8999-f01d91f08132:2:1; expires=Tue, 25 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 19 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 19 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\npdhtkv23=true; expires=Wed, 19 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\nuncs23=1; expires=Wed, 19 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\nu_pl27905444=1; expires=Wed, 19 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 33\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 95b7e918b2df3f26f9323601b98fe135\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5239,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (4363)","md5":"9c64e10a3b52949802f5203bfcfc26eb","sha1":"2f1e813c3eede7c7ebcc7bb4a2aefa888d93b1d0","sha256":"d0cb183f3c36edb218d95e7947657dba3f52f94f295d1b1dcbbeb1a722ba267e","sha512":"5186ca8100c9d97ef4c56cafc3e38406f1570d8cecfd0b750b057d0d2192cd19b63a7a9712f2affd5ba0e55df70fa43f6303cde7218469d9ecbc28e9d02c5579","ssdeep":"96:rhQoz40bEoRkSzeQeb76bl3fk/+SzeQeb76bls1ZDWCfMEDaH:rPz40bRkueQeb7gl3fkmueQeb7glUVWv","tlshash":"19b12a69bce8a9b62902776d072cf46e7d30c5258908ee81b9acb3596f645043ec4c99","first_seen":"2025-11-18T23:21:25.118378Z","last_seen":"2025-11-18T23:21:25.118378Z","times_seen":1,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":127,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d1y3y09sav47f5.cloudfront.net/public/clockers/PrimeApps/cssXF.css","fqdn":"d1y3y09sav47f5.cloudfront.net","domain":"d1y3y09sav47f5.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.167.7.148","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:57.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /public/clockers/PrimeApps/cssXF.css HTTP/1.1\r\nHost: d1y3y09sav47f5.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 1804\r\ndate: Tue, 18 Nov 2025 23:20:57 GMT\r\naccept-ranges: bytes\r\nserver: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11\r\nlast-modified: Thu, 17 Aug 2023 03:35:04 GMT\r\netag: \"70c-60316190d8c31\"\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 be3750c9aa69fd9d53a35aea8d9dab16.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 4bRtfA2TixAfV-mP37jpNV8DTqfkJOFOa-2_mujo2zsenMdVYINsXw==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"PHP:7.4.11","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Apache HTTP Server:2.4.46","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"OpenSSL:1.0.2k","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]}],"data":{"size":1804,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"9be74b455cf7e0b6fc1461ba3d9ad01c","sha1":"f1fa072d9874b423fd003efeffcd128e174d88ca","sha256":"e6959d5cfed508bcc278587c05b26b361bc678f8a7f0502ca6f8ce01f2838cd5","sha512":"6269145c9f99746b9135c994e118582b5219ff98a20ebe50e57d27a14f7859bc085c063002e86f718e301197d53a73275f3544915c1a1a3416adaf9669767182","ssdeep":"","tlshash":"51316a3eae72594f41b9861126f7d21ba5bc515f0a30af7d7a20360a1f261bd2073fd8","first_seen":"2023-08-26T19:01:26Z","last_seen":"2026-04-04T20:56:17.984669Z","times_seen":1792,"resource_available":false,"data":null}},"time_used":348,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":344,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.558422396347.js?dev=e\u0026key=74c9ac4396867cbdceb050965e37e6dc\u0026kw=%5B%22robux%22%2C%22rewards%22%2C%22portal%22%5D\u0026pst=1763508117\u0026rb=\u0026refer=https%3A%2F%2Fbloxra.rf.gd%2F%3Fi%3D1\u0026res=14.3095\u0026rmtc=t\u0026shu=355cddd3d52625e7d1c807f7e36a1b46817986e33104897b66f3f4695b750347c2087719b9e052ab3f2f8d17c93530a0874dfba9df25eea79dfcebf126b82feb19b65234437f68632f6251041c53f934758ccb97a48f83701baba2\u0026tz=0\u0026uuid=2ee22885-34a1-4b43-b1f8-c6f07c9f67aa%3A3%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:57.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /watch.558422396347.js?dev=e\u0026key=74c9ac4396867cbdceb050965e37e6dc\u0026kw=%5B%22robux%22%2C%22rewards%22%2C%22portal%22%5D\u0026pst=1763508117\u0026rb=\u0026refer=https%3A%2F%2Fbloxra.rf.gd%2F%3Fi%3D1\u0026res=14.3095\u0026rmtc=t\u0026shu=355cddd3d52625e7d1c807f7e36a1b46817986e33104897b66f3f4695b750347c2087719b9e052ab3f2f8d17c93530a0874dfba9df25eea79dfcebf126b82feb19b65234437f68632f6251041c53f934758ccb97a48f83701baba2\u0026tz=0\u0026uuid=2ee22885-34a1-4b43-b1f8-c6f07c9f67aa%3A3%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://bloxra.rf.gd\r\nReferer: https://bloxra.rf.gd/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkwNTQzNCwiayI6Ijc0YzlhYzQzOTY4NjdjYmRjZWIwNTA5NjVlMzdlNmRjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzk1MzEzLCJwaWQiOjEwNzA3ODcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyNSwicHQiOjQsInBrIjoiY2hiaDBzdGlzZCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9ibG94cmEucmYuZ2QvP2k9MSIsImFyIjpbXX19.pisague4DUjpBYw-ndV_SFU8qKwfJbQtniKZolOXthk\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 18 Nov 2025 23:20:57 GMT\r\nContent-Type: text/html\r\nContent-Length: 3307\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://bloxra.rf.gd\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=2ee22885-34a1-4b43-b1f8-c6f07c9f67aa:3:1; expires=Tue, 25 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 19 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 19 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\npdhtkv25=true; expires=Wed, 19 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\nuncs25=1; expires=Wed, 19 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\nu_pl27905434=1; expires=Wed, 19 Nov 2025 23:20:57 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 18\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 76b5f99b7e5e673b6a65691253f2d60f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4647,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3771)","md5":"2d089280525f6ccec4cc13b0c664b457","sha1":"97d1a07c9a12856bfa756cdb2f31c79cfba21814","sha256":"fe916f973f2be39dbd47c1082d8a9978c135fd525d38a217bd2eab741e0e84f9","sha512":"5abd71686dc91ed9aca2b7f13149a8f605a337e0d994e74d28855f4c59c62a243d4ded05880920247d196f89f0b439c067406b87a7eaa8a2b45c03f74b9bcbbe","ssdeep":"96:PeoznZjiUQzcq9HsKjk/q+3JQgtBif6MOJAvBOI1ZDQCfMEDaH:PLzd4cIbkxigtQnZvkQVQCkCaH","tlshash":"0fa12b25bee545f935d3e19e382ae01dad9096093700cd05b84cd4751f34b789de9ae8","first_seen":"2025-11-18T23:21:25.119888Z","last_seen":"2025-11-18T23:21:25.119888Z","times_seen":1,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d1y3y09sav47f5.cloudfront.net/public/external/check.php?it=4112040\u0026time=1763508074427","fqdn":"d1y3y09sav47f5.cloudfront.net","domain":"d1y3y09sav47f5.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.167.7.148","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:21:14.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /public/external/check.php?it=4112040\u0026time=1763508074427 HTTP/1.1\r\nHost: d1y3y09sav47f5.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 72\r\ndate: Tue, 18 Nov 2025 23:21:14 GMT\r\nx-powered-by: PHP/7.4.11\r\nserver: Apache/2.4.46 () OpenSSL/1.0.2k-fips PHP/7.4.11\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 be3750c9aa69fd9d53a35aea8d9dab16.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 8zOiKJzjRtbss9lCB9ndfF0M2xgZaoyOrYAuQJb4J9hHDWkONWeOHw==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.46","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP:7.4.11","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"OpenSSL:1.0.2k","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":72,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"69d77690ed201acd0627e99dd35c96eb","sha1":"05ffc794be6dae3836ee5df72d82d917323b2941","sha256":"577d248638c57941b7e35d9a19ef4b5d88d52482f6e59254142d4266c57bad38","sha512":"06aaf36275b0c4de82580319878333d973d3cd464f4c09df4281551f4381940dc792eb28c2c84b3a94196b53edf41751b01976ad77c5e393c0b62574c4b214bf","ssdeep":"","tlshash":"32a0220c0c02220f033230b080bbc8280030e3320bc0c3a8282aca8a2e03c3b2a0208e","first_seen":"2023-08-12T16:35:44Z","last_seen":"2026-04-04T20:56:17.979658Z","times_seen":2797,"resource_available":true,"data":null}},"time_used":347,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":346,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/74c9ac4396867cbdceb050965e37e6dc/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:55.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Oct 2025 22:02:13 GMT","end":"Thu, 08 Jan 2026 22:02:12 GMT"},"fingerprint":{"sha1":"77:A0:FB:EB:5C:7E:49:7D:87:94:CB:C5:AB:72:11:AE:6F:98:F7:81","sha256":"A3:92:D0:6C:23:66:83:18:50:AC:6C:E2:27:1F:6A:82:CE:FC:2B:6B:7E:B7:B3:EA:B9:6A:56:B2:EC:04:AF:40"}}},"request":{"raw":"GET /74c9ac4396867cbdceb050965e37e6dc/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 18 Nov 2025 23:20:56 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18468\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 5\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d4242eb90e89ca53f8c78b71108839e0\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46415,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46415), with no line terminators","md5":"95481a76ebabf90b692f81ec6687dcdb","sha1":"c15cfc401bc7e47aa053f0e7d1dd299764d6478d","sha256":"60326fecee4cec6bd7e16cc72b9ce2a36c415b16fed3950f9a00100f22de244a","sha512":"51c3a9d490946bb0bab2229fb5ff6a22e59791b844dc779d4417e386e9ef91ec30a16c97264b3d53557d7eb6fb94a23f6ce11f023cda716b99cb4a414a3f7b7c","ssdeep":"768:+5/C6gfHBHuf0gCjEqeJMtQIHKmt2FOWS2WN:+I6gfhHuf0geEqeMQIHKVcPN","tlshash":"cc23f7883fa0f66b07727437126fd11ffa6acc019888cc5cc946d5e92f68b19e536b45","first_seen":"2025-11-18T23:21:25.121533Z","last_seen":"2025-11-18T23:21:25.121533Z","times_seen":1,"resource_available":true,"data":null}},"time_used":793,"timings":{"blocked":298,"dns":20,"connect":92,"send":0,"wait":100,"receive":92,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/watch.977979479364.js?key=1bfbba10bd525063ad7d0ad3e4ee8e6f\u0026kw=%5B%22robux%22%2C%22rewards%22%2C%22portal%22%5D\u0026refer=https%3A%2F%2Fbloxra.rf.gd%2F%3Fi%3D1\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=5fd016fa-0a76-4067-8999-f01d91f08132%3A2%3A1","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:56.590Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /watch.977979479364.js?key=1bfbba10bd525063ad7d0ad3e4ee8e6f\u0026kw=%5B%22robux%22%2C%22rewards%22%2C%22portal%22%5D\u0026refer=https%3A%2F%2Fbloxra.rf.gd%2F%3Fi%3D1\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=5fd016fa-0a76-4067-8999-f01d91f08132%3A2%3A1 HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://bloxra.rf.gd\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bloxra.rf.gd/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Tue, 18 Nov 2025 23:20:56 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://bloxra.rf.gd\r\naccess-control-allow-credentials: true\r\nlocation: https://realizationnewestfangs.com/watch.977979479364.js?dev=e\u0026key=1bfbba10bd525063ad7d0ad3e4ee8e6f\u0026kw=%5B%22robux%22%2C%22rewards%22%2C%22portal%22%5D\u0026pst=1763508116\u0026rb=\u0026refer=https%3A%2F%2Fbloxra.rf.gd%2F%3Fi%3D1\u0026res=14.3095\u0026rmtc=t\u0026shu=29bb635a70a89c7893eb3e9f400f4f45c52a48eb8c657d629e982f566e0c50f4f15f6ce814a3116b95e44445750b3d5724fe2e2f654c15598d063e690001a2c8fe027c646400501c66e347a7adfba25994f602f6c79ffc8c96038d\u0026tz=0\u0026uuid=5fd016fa-0a76-4067-8999-f01d91f08132%3A2%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkwNTQ0NCwiayI6IjFiZmJiYTEwYmQ1MjUwNjNhZDdkMGFkM2U0ZWU4ZTZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzk1MzEzLCJwaWQiOjEwNzA3ODcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoibTIzNzYzZG14YiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9ibG94cmEucmYuZ2QvP2k9MSIsImFyIjpbXX19.iK12GzvQFLUtzBP_949axmKFWO04HEMlgDEun54KBvA; expires=Tue, 18 Nov 2025 23:21:56 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: fa05324f9449284a4a64529cb148f3c0\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5239,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T21:47:03.661814Z","times_seen":13347989,"resource_available":true,"data":null}},"time_used":713,"timings":{"blocked":307,"dns":27,"connect":91,"send":0,"wait":97,"receive":1,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/bi/99/8c/bf/998cbfe02099f7b3e1be6ec647e0528f/1596466136.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bloxra.rf.gd/?i=1","date":"2025-11-18T23:20:57.237Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /bi/99/8c/bf/998cbfe02099f7b3e1be6ec647e0528f/1596466136.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 18 Nov 2025 23:20:57 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20790\r\nserver: nginx/1.21.6\r\nlast-modified: Mon, 03 Aug 2020 14:48:59 GMT\r\netag: \"5f2823db-5136\"\r\nexpires: Thu, 20 Nov 2025 23:20:57 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20790,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 728x90, components 3","md5":"dc47de4e75a80a4ef1e7f6a5a79aa4d7","sha1":"245458733d72d1a9008f56346e525b1628cca2f6","sha256":"40b6737afe8c5ab875fb216aff15c619918057058fe199fb8359773c7ab92801","sha512":"a07b35980fdedf7c1f2babe2819d4eff532663f840b1e0796a8eab5963177b4d9f8233518aec916b0123f0256cb00d0eceb878411292e158e7c674289e9dae0f","ssdeep":"384:McXcTXUpNnzUCJoqGkdYeXU95POhTdOSdAuf:Nxoqm7WTdOSdf","tlshash":"f1925bd53204945e9e8f91e3423eab31b6c4b73658e5c7a22c9cb9bf5cba4a0d507308","first_seen":"2023-05-08T14:18:09Z","last_seen":"2026-04-04T14:29:20.828386Z","times_seen":359,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":120,"dns":79,"connect":19,"send":0,"wait":39,"receive":1,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}