{"report_id":"03402a4c-b1cb-4efa-a6d4-fd71c5add8c2","version":6,"status":"done","tags":[],"date":"2025-09-27T20:04:05Z","url":{"schema":"http","addr":"ettv.twoproxy.net/","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"172.67.184.211","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ettv.twoproxy.net/","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"title":"ETTV | Official"},"submit":{"url":{"schema":"http","addr":"ettv.twoproxy.net/","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"172.67.184.211","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-01T20:04:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":24}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"x3os.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-09-24T10:30:27.617469Z","alert_count":2,"request_count":1,"received_data":377,"sent_data":420,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"matomo.hellohi.me","ip":{"addr":"172.67.219.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-07-03","domain_rank":0,"first_seen":"2019-07-03T20:13:04Z","last_seen":"2025-09-22T02:46:05.591533Z","alert_count":0,"request_count":1,"received_data":599,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-21T22:11:31.014241Z","alert_count":0,"request_count":7,"received_data":267185,"sent_data":3881,"comment":"","tags":null,"fingerprints":null},{"fqdn":"heartilyscales.com","ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2022-12-16","domain_rank":2862533,"first_seen":"2022-12-16T08:32:11Z","last_seen":"2025-09-22T02:46:06.204288Z","alert_count":30,"request_count":10,"received_data":176538,"sent_data":12000,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"msdoj.com","ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2025-07-01","domain_rank":211684,"first_seen":"2025-07-02T02:58:17.140394Z","last_seen":"2025-09-22T02:46:06.324991Z","alert_count":0,"request_count":2,"received_data":64929,"sent_data":966,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-21T22:11:31.798564Z","alert_count":0,"request_count":3,"received_data":41274,"sent_data":1325,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"bvtpk.com","ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-03-16","domain_rank":37068,"first_seen":"2025-05-21T11:34:02.786268Z","last_seen":"2025-09-23T14:20:40.270423Z","alert_count":0,"request_count":1,"received_data":111089,"sent_data":410,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"x3os.com","ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-03-18","domain_rank":19468,"first_seen":"2025-04-24T02:39:31.647355Z","last_seen":"2025-09-22T04:53:37.293945Z","alert_count":1,"request_count":1,"received_data":832,"sent_data":598,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-09-24T00:30:12.938789Z","alert_count":6,"request_count":3,"received_data":1590,"sent_data":2307,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ettv.twoproxy.net","ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-02-15","domain_rank":0,"first_seen":"2025-09-27T20:04:06.687909Z","last_seen":"2025-09-27T20:04:06.687909Z","alert_count":36,"request_count":18,"received_data":386751,"sent_data":10155,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-09-22T00:32:44.332817Z","alert_count":28,"request_count":14,"received_data":403933,"sent_data":6438,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-09-21T22:12:58.000435Z","alert_count":0,"request_count":2,"received_data":110188,"sent_data":1044,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"torchfriendlypay.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":191479,"first_seen":"2025-07-30T13:31:49.539518Z","last_seen":"2025-09-21T22:51:10.503656Z","alert_count":33,"request_count":11,"received_data":18947,"sent_data":5943,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"origunix.com","ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-11-30","domain_rank":343993,"first_seen":"2021-11-30T12:40:27Z","last_seen":"2025-09-23T05:10:19.397688Z","alert_count":0,"request_count":1,"received_data":64541,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"vmuid.com","ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2018-10-22","domain_rank":182910,"first_seen":"2019-07-09T14:53:12Z","last_seen":"2025-09-22T20:25:15.445431Z","alert_count":0,"request_count":2,"received_data":11205,"sent_data":1027,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"icon.dt.bmndx.com","ip":{"addr":"185.111.111.159","port":443,"asn":212238,"as":"Datacamp Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2024-09-03","domain_rank":2010083,"first_seen":"2024-09-10T16:10:13Z","last_seen":"2025-09-26T12:16:18.026848Z","alert_count":0,"request_count":1,"received_data":54397,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"cdn.show-sb.com","ip":{"addr":"172.67.170.115","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":187612,"first_seen":"2024-08-31T03:46:04Z","last_seen":"2025-09-22T00:32:44.591601Z","alert_count":3,"request_count":3,"received_data":6769,"sent_data":1473,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn4.mndx1.com","ip":{"addr":"79.127.216.112","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"domain_registered":"2022-08-29","domain_rank":345794,"first_seen":"2024-06-11T10:07:39Z","last_seen":"2025-09-26T12:16:18.049255Z","alert_count":0,"request_count":1,"received_data":54439,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"i.ibb.co","ip":{"addr":"45.43.142.2","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"domain_registered":"2010-07-20","domain_rank":21643,"first_seen":"2018-11-25T10:13:48Z","last_seen":"2025-09-21T22:41:34.619298Z","alert_count":0,"request_count":1,"received_data":5916,"sent_data":441,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"my.rtmark.net","ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":43911,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-09-21T23:59:49.858604Z","alert_count":0,"request_count":1,"received_data":840,"sent_data":441,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"3.123.144.251","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-09-21T22:22:39.297989Z","alert_count":0,"request_count":4,"received_data":1704,"sent_data":1828,"comment":"","tags":null,"fingerprints":null},{"fqdn":"skinnycrawlinglax.com","ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":38609,"first_seen":"2025-07-09T22:28:05.771371Z","last_seen":"2025-09-22T00:32:43.866153Z","alert_count":9,"request_count":3,"received_data":14798,"sent_data":1415,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-09-21T22:22:39.032263Z","alert_count":0,"request_count":4,"received_data":434968,"sent_data":1844,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"directlycascade.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-09-10","domain_rank":0,"first_seen":"2025-09-10T21:14:18.585097Z","last_seen":"2025-09-22T02:46:05.296137Z","alert_count":12,"request_count":6,"received_data":186309,"sent_data":5792,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-09-24T04:23:33.461221Z","alert_count":12,"request_count":4,"received_data":343852,"sent_data":1660,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"maxcdn.bootstrapcdn.com","ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":6807,"first_seen":"2014-06-18T00:37:31Z","last_seen":"2025-09-21T22:15:58.131233Z","alert_count":0,"request_count":1,"received_data":122143,"sent_data":465,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ettv.twoproxy.net/","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fdc2bec923b3895a187277ce3537c9b4","sha1":"961e4ad149ede60e2fec4cbf1660140d5368eb43","sha256":"0f4a4441301771b5e6cef91663dfe35f3bb5117354ba3a6b7d741bf0f133da33","sha512":"8d2825bf393dc05912fc090f66469237647cbc85ba46dc0db144ddc8b84e4c6bf7fc3d98afb194ad8192c8c48faee843503a69114a76c5d90e0cbba988717735","ssdeep":"","tlshash":"b6f0e1fa3d9460308559f1e4b25baa24b4726414a140690984cd84c8e8d4a9d4e7d59c","size":551,"data":"","first_seen":"2023-03-07T12:40:56Z","last_seen":"2026-04-03T18:56:22.077499Z","times_seen":333,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6062294451a7a581dc74178c7c5a1332","sha1":"c8e09f671561b72bdae9fd3cfeea799629430105","sha256":"c556ffdcc50d996a51234a1dec5ae85925ffa13c788b800be900dc5eb1344d79","sha512":"5b4bcb7d6530bfa8d33d4c769d0934938af4e7842a518556021ed900fad8a06bc39c2d35494586adf34e4d6fe19095b2d41c726b8214746527e04cec9e910594","ssdeep":"192:M/H3P83adOwGuABXfKOBPpzbo3j3rFuuV6:MP/83adOwWp0j3Buz","tlshash":"fbd1a8dc768070800be7e97f776f651ab06a58501c4fe491f003a9e83d6872ed63eac1","size":6293,"data":"","first_seen":"2025-09-26T11:10:49.483616Z","last_seen":"2025-10-14T12:32:44.197235Z","times_seen":1614,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e3437160cac08c1807ac0b014553d033","sha1":"d0aed84dc666216fe48b3db526dc573a4484bf5b","sha256":"ceeb37b24e93e8d2de4a1c154b5ccbb6975dd5ac5f5d86c055ed4c6ce9174632","sha512":"66a7c1039dba101f03b9f508214391aa6fa59303000643d3c5e45387470b3147827ee835a5f3e43af0c750b57914b594448915ca5c5810a977e51b037e60658b","ssdeep":"768:fpCxicwKzukjCm/hYE4JoYC3ouzBGXDnwrHpSFXcdDqxv1l2qo0uw7T3SPGw6SXo:fppUCQ37swT0Rcd+9keSPjhj7Y","tlshash":"7573ea4c3f95f1ad43a26073222f941bf12a1d51b06cf8c8d253e8bc6eb9769b536b14","size":76311,"data":"","first_seen":"2025-09-26T16:35:49.554198Z","last_seen":"2025-10-08T05:41:54.469148Z","times_seen":41,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"directlycascade.com/22/00/54/2200540f09f939738419313a1a090c32.js","fqdn":"directlycascade.com","domain":"directlycascade.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9707571ccac614022af56c1d55e06e9e","sha1":"04424a87332733f1cb6ed022d91da4d7bf1431f5","sha256":"53fb5ff7064391d69da3963ef817e8a2292e95f237d57980b865a5c315953963","sha512":"7688a7c2bdfe8238f3e7bef9f904b61b8b875594185d507eb236a958e7bbb5bc7755d41885a0f3603d09545652b4cb2d102e82f861076ba5b1a9765d5a959df8","ssdeep":"1536:l0xlYxhNnfI+veOOoJm+h1eE6eunK1lz2N9QeK22uLPmmrDfYpDkUeDCoxbp3pka:fxKoJSnxKI36WX","tlshash":"a9a3e9983b50f0bc02a674f9362f7906e064ce6160ccd668d507fca86b7975bf439e29","size":97965,"data":"","first_seen":"2025-09-26T15:59:14.087316Z","last_seen":"2025-10-03T01:45:29.140138Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8ec4ea2cc07fb4298dd793cbc67d3755","sha1":"04c34c92ef5baad58af7c56b728d4a84c55f7185","sha256":"9a0e8ee9789c9f554b318f332bf0d2c61f85cdcf33afc1228b6f94181f841b1d","sha512":"30304737e90f692141d3d9d94011b08bd5605aa54d85f9808fb80fb3fae2b0c1d8151784f56ab2bbd89729e5cbc7aef8f6f3b00acae27ae268a8718a5d3ceba0","ssdeep":"","tlshash":"e1f0dc20a9ce2dff820650ba9c78cd0a71a7381ec1f0c0070e00d83563b1fc909582c8","size":449,"data":"","first_seen":"2023-03-07T12:40:02Z","last_seen":"2026-04-12T17:48:36.308261Z","times_seen":2014,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6062294451a7a581dc74178c7c5a1332","sha1":"c8e09f671561b72bdae9fd3cfeea799629430105","sha256":"c556ffdcc50d996a51234a1dec5ae85925ffa13c788b800be900dc5eb1344d79","sha512":"5b4bcb7d6530bfa8d33d4c769d0934938af4e7842a518556021ed900fad8a06bc39c2d35494586adf34e4d6fe19095b2d41c726b8214746527e04cec9e910594","ssdeep":"192:M/H3P83adOwGuABXfKOBPpzbo3j3rFuuV6:MP/83adOwWp0j3Buz","tlshash":"fbd1a8dc768070800be7e97f776f651ab06a58501c4fe491f003a9e83d6872ed63eac1","size":6293,"data":"","first_seen":"2025-09-26T11:10:49.483616Z","last_seen":"2025-10-14T12:32:44.197235Z","times_seen":1614,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"975dcd271eef0838cabb1c0978563d6f","sha1":"bbcb6a4aa3fbec66d9963bb146b9788d3c81401b","sha256":"da0077880e0a909b710c99b9757da60ce4b592326a38c11a2ff950dfc20aa93e","sha512":"744b970d90b9b71d82d5bc1089be2f09bcad933aa8415bd1011a1c54b41932ad6200308dc80457d072ff5159767328503085b2fefb89c7ae823cf9f64fd8d148","ssdeep":"","tlshash":"abf04c34176743a94f9bd0e56b4b1bef06314c0be05b096d6008d3475de072a2281a77","size":555,"data":"","first_seen":"2025-09-27T06:12:23.257501Z","last_seen":"2025-10-02T12:57:49.818404Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1505869d947e53a715c482feeb5f70dc","sha1":"fb67b5bc0d3d9805343ed3a567d8aac17064da17","sha256":"0ba9078c049b52660501dc19378b02783b9c4de28c76e8d6b0a8f7a0dc40d35e","sha512":"ddefb90c482c02f73e6d5602e6198351780b7343d42d494b52f110fde000361a8e711665fdde222984bea85b8a8b3c95901f91a61bda76b36395080d5be84549","ssdeep":"","tlshash":"34d0239629798430659902476075f39c2d613050b712b24492cfcc2b7f21fe344f1958","size":217,"data":"","first_seen":"2025-09-27T20:04:10.577848Z","last_seen":"2025-09-27T20:04:10.577848Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6062294451a7a581dc74178c7c5a1332","sha1":"c8e09f671561b72bdae9fd3cfeea799629430105","sha256":"c556ffdcc50d996a51234a1dec5ae85925ffa13c788b800be900dc5eb1344d79","sha512":"5b4bcb7d6530bfa8d33d4c769d0934938af4e7842a518556021ed900fad8a06bc39c2d35494586adf34e4d6fe19095b2d41c726b8214746527e04cec9e910594","ssdeep":"192:M/H3P83adOwGuABXfKOBPpzbo3j3rFuuV6:MP/83adOwWp0j3Buz","tlshash":"fbd1a8dc768070800be7e97f776f651ab06a58501c4fe491f003a9e83d6872ed63eac1","size":6293,"data":"","first_seen":"2025-09-26T11:10:49.483616Z","last_seen":"2025-10-14T12:32:44.197235Z","times_seen":1614,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84380,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-13T12:39:33.538378Z","times_seen":16268,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"859fe4e02fc1a1d21363f083752129e8","sha1":"c2caecf103bf7b43b9d3e689559cf39cd9c366c3","sha256":"4f9a6262acb436a5216119e680f1233f6484ff3e9f314359aafcf4bcea63dafc","sha512":"321e0ddce40c98e0f70c480365a9f4877aeaa2ff376f07edd35ffc5aa289d674f6603a9abc85338e17ee4314c22f7d1ca4cd24eb2adb0e22ac742e86fa049486","ssdeep":"","tlshash":"c0217b3b9898c3b12243f157e126738cd731005dfa192703330d0ae91eda36a26f99d9","size":1272,"data":"","first_seen":"2025-08-28T16:07:00.589556Z","last_seen":"2026-01-05T19:48:22.584027Z","times_seen":215,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"91910be319384c903db3ed58a2c0304b","sha1":"ccf435e479c8da816a0068390abe8599eb06bebb","sha256":"4595582071c01bb311992420e944b745d14ca6d81bf575a354adc55203154e90","sha512":"2b1714ce8b373ccc79a715ce6db36f420b32af41e549bc50d409f966e432c380dc05a0217ac21fd90ce782b7cd9c3f5db4e70af6866ee68396fae91dc4b06150","ssdeep":"768:YpCxicwKzukjCm/hYE4JoYC3ouzBcX2nVrHpSFXcdDqxv1l2qo0uw7T3SPGw6eXt:YppUCQ37rVT0Rcd+9keSPjLYI","tlshash":"8073ea4c3f95f1ad43a26073222f941bf12a1d51b06cf8c8d253e8bc6eb9769b536b14","size":76303,"data":"","first_seen":"2025-09-27T05:12:44.346088Z","last_seen":"2025-10-08T06:55:15.870522Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"57242f2cf2f3a5e25dbb36a683719e1c","sha1":"0bdc1595207a11b200c8fb4cb9fbe011a2a96f13","sha256":"960cf8b4930d22457b83b9922d67d652b00793b3ee11ec6e4659769974017df9","sha512":"de5bdd6f1594e50f85bb8bb3131900ced5c293aa363af31ea76618ccc05b0da485287795ae13f213579349e9f08f9ae74dc883f990b0110e04f3d6f2b6a53193","ssdeep":"192:3lFW2j5Xtgh+9mFPkKvK6cJPk6wHaqDWTpXdmZox3SPti9s1xeqci5sqbNz:7f5XtghmfKi6cJPkL6EWFXUSSlCHZqV","tlshash":"2a22facbfd4eb07426712de71417b5cda4068ea320d49c1b6120d7d8be21bb4ba86e9d","size":10078,"data":"","first_seen":"2025-09-27T20:04:10.538976Z","last_seen":"2025-09-27T20:09:55.745574Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84380,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-13T12:39:33.538378Z","times_seen":16268,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/app/apx19.js","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2344c3f05f624d595f6fb920e4d74ded","sha1":"eb4d1404ac2d5eecd307f4588aeeab5c8ef463f1","sha256":"3a28fe59e4a2af96d8edeeb12d7040c574cf71fa88fccb5cf49e9c0a1d4e4c7a","sha512":"b1660b062c77332a119e159c5c69d3f75d375915a33f141503232f424c4fdd990998a883c271efb94e8eb909f7837d235354ecae15b58fc23ab9d1908170e831","ssdeep":"192:yfBLCNsvzXnQQuWYQVN6nYaRB5c5FM/MR6Adpf04u7w2Br:4gNYXnrYtBONxpf05r","tlshash":"62126cc87ac7f00b53ed8a53ae1a66b8117b946362a47907d3bcf6cd15e920bc179cc4","size":9183,"data":"","first_seen":"2023-03-07T12:40:02Z","last_seen":"2026-04-12T17:48:36.261661Z","times_seen":3518,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"directlycascade.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js","fqdn":"directlycascade.com","domain":"directlycascade.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"beb769c30296ba9c3490d882cdd34510","sha1":"f0c3adef7aec2ff8ec5ffc0df2530d0f505bb4f8","sha256":"a0d7a843abcdfba86dada09bfc13775ed0b33183b05f5f27e9c604bbcc291a6d","sha512":"4401f7251c21812ab854226c54d67e5a1df1fd1a6b0a4ddf97b07d909feb8cb7046d3288e26f9744bb55f33105513c1d6b077111d91da527a3e74927eca3a72f","ssdeep":"768:fpCxicwKzukjCm/hYE4JoYC3ouzBcX2nVrHpSFXcdDqxv1l2qo0uw7T3SPGw65XW:fppUCQ37rVT0Rcd+9keSPjijlI","tlshash":"b273ea4c3f95f1ad43a26073222f941bf12a1d51b06cf8c8d253e8bc6eb9769b536b14","size":76300,"data":"","first_seen":"2025-09-26T15:59:14.106227Z","last_seen":"2025-10-08T07:50:28.638049Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"origunix.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8","fqdn":"origunix.com","domain":"origunix.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"60c97fea9bdf1e9f554c1636479bc30a","sha1":"dad886a6d18aa54b67983fccc2a8673e97f0f245","sha256":"2c11638b4024cd61524eb315ebed3af3a6326ab872750235f5200a93c2f4ac16","sha512":"cb8b33d91adcae6beba8ccff75c82c61887ff94544bccba8c34981e5ae40870076f3727f8aeb515e057cedc70cec40048eb0b37421d12a3e455d881906a2c851","ssdeep":"768:hCflSCRC850RCX+4D+R8WyX+86wA6C8CflJu4sTJ+zaXeXgtA9zk4sTJ+HXJpZ6I:qvV50gPowAzJfTqIF","tlshash":"4053d698b5d2f1a102c370b8543f6106b2366929248dc098f7b5ded5ad78d6ea633f3c","size":64136,"data":"","first_seen":"2025-09-27T20:04:10.570575Z","last_seen":"2025-09-27T20:04:10.570575Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"859fe4e02fc1a1d21363f083752129e8","sha1":"c2caecf103bf7b43b9d3e689559cf39cd9c366c3","sha256":"4f9a6262acb436a5216119e680f1233f6484ff3e9f314359aafcf4bcea63dafc","sha512":"321e0ddce40c98e0f70c480365a9f4877aeaa2ff376f07edd35ffc5aa289d674f6603a9abc85338e17ee4314c22f7d1ca4cd24eb2adb0e22ac742e86fa049486","ssdeep":"","tlshash":"c0217b3b9898c3b12243f157e126738cd731005dfa192703330d0ae91eda36a26f99d9","size":1272,"data":"","first_seen":"2025-08-28T16:07:00.589556Z","last_seen":"2026-01-05T19:48:22.584027Z","times_seen":215,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vmuid.com/script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8","fqdn":"vmuid.com","domain":"vmuid.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"dedd352338543b137f608adc8d0d4aa8","sha1":"100edb4e8fef9b6da043d51135077e68d2a61b22","sha256":"b338a91ba1d2ab7c3a7a0dd659426f5ffa4cd699be38e2bed5075c4d3e773a48","sha512":"e2fab4d95d5baa013a7c248945156524478341282dcffc462fb2de318f55ba29dcafba0db3abcfb6399c6164f6f630f06d48a7323b73f8ea05d5978cd60a4c5c","ssdeep":"192:ATn+ip4qxJ/gzuvu3fo8idwqnOqgStYc1qRP44+PHlCXXZE7904AxF:YbRJYz3oe+3tYGGx+NGXZCAn","tlshash":"2b22b5c9b2d2f06443d77161942f2007f23b2869b54dc498eb66e8d3bcb045ea227f79","size":10178,"data":"","first_seen":"2024-01-26T05:18:07Z","last_seen":"2025-12-29T12:17:25.567723Z","times_seen":3656,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bvtpk.com/tag.min.js","fqdn":"bvtpk.com","domain":"bvtpk.com","tld":"com"},"ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"59a5f86b0896f3b179053de2d9ad97bd","sha1":"cfefb6dc560a50701ba8a97a39c79c267b630061","sha256":"cafbe60713779c1b07efd752cccb2fd6a6c33555b268d9bd2aa1135e5d71f6f9","sha512":"009f00c38e04e88946cf5a23a1c59b8da97b3caaa2583517a371de96e8684125f11a1f7d3981d49e8f1df99eddc94635c7e50b3cf89feaceaad1c187c24d60f3","ssdeep":"1536:KORV5n7I9pN5MStR8L6Ru5HjQdXog6wTEDtr0r0:KORVd4n+qvXoRGEhr0r0","tlshash":"4eb31a9c625734711d7a9129785fc44daeeaef80048e89e4d0daac732653071d3bbfe8","size":109903,"data":"","first_seen":"2025-09-26T05:58:13.470734Z","last_seen":"2025-09-29T04:18:53.816115Z","times_seen":92,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ddb38cec2a3e44027f210856f6c3ab06","sha1":"8dcbb5f9a59c7d2c12441b2d46e47194281e3fd7","sha256":"145bcde519f7316cb23a753d5147be17044a81c66d3e2062610f49738914a969","sha512":"bbf3d3201d294b0a4ac92e1619eaed9bd6764a0da32712ff7dc7837d043795c4704108ca013e794ec4a536facba30be2dfd6a0872d20d5708a2d6c8e2f9f516d","ssdeep":"","tlshash":"ebc022b564a490300424009a707beaa83c31318874926080c48d781ca924fd30452ca8","size":187,"data":"","first_seen":"2025-09-24T02:22:33.853601Z","last_seen":"2025-11-12T14:46:36.801298Z","times_seen":271,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5302167c5851a0735120af1e9564ab2","sha1":"6bce1e4db6e8faeddd800c29085d5bd02fa8b502","sha256":"abe2eee7153296a7886879dfc2281d4f186c0d37225bdd79984031ec2fe40612","sha512":"06b2f5f0335d126a7fa8f0e7bef76caa131d700a0a3d3c094fe4990d81e76e16ff5ae59f3515a75991e1d604574edde4c09911c4cfc36a861156be6f51e39502","ssdeep":"","tlshash":"941100753b1a1534c9c6818b317ef7a93d3220217b02a084c36dcc299d18e9714efcbe","size":902,"data":"","first_seen":"2025-09-27T20:04:10.58268Z","last_seen":"2025-09-27T20:04:10.58268Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6062294451a7a581dc74178c7c5a1332","sha1":"c8e09f671561b72bdae9fd3cfeea799629430105","sha256":"c556ffdcc50d996a51234a1dec5ae85925ffa13c788b800be900dc5eb1344d79","sha512":"5b4bcb7d6530bfa8d33d4c769d0934938af4e7842a518556021ed900fad8a06bc39c2d35494586adf34e4d6fe19095b2d41c726b8214746527e04cec9e910594","ssdeep":"192:M/H3P83adOwGuABXfKOBPpzbo3j3rFuuV6:MP/83adOwWp0j3Buz","tlshash":"fbd1a8dc768070800be7e97f776f651ab06a58501c4fe491f003a9e83d6872ed63eac1","size":6293,"data":"","first_seen":"2025-09-26T11:10:49.483616Z","last_seen":"2025-10-14T12:32:44.197235Z","times_seen":1614,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ettv.twoproxy.net/b/?https://ettv.twoproxy.net/themes/superAwesome/theme.css","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /b/?https://ettv.twoproxy.net/themes/superAwesome/theme.css HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://ettv.twoproxy.net/themes/superAwesome/theme.css\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xuqb6Gsmum3XalorDJ5Snb5AFjn21lPS3oiWaHgZdr%2BryWT6tDv7wBQmIG%2FQipB3CUtWE30t8WnE3O7vxq%2B1SeSC2%2FP1VU97mcT4PyoMQgmQ\"}]}\r\ncf-ray: 985d9b281e335ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20429,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/themes/superAwesome/theme.css","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.118Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /themes/superAwesome/theme.css HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ettv.twoproxy.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/css;charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\ncf-cache-status: BYPASS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kt9L%2BesRrVyU%2BK%2BR3h2C3GoMudRbSYk89m2958puInaIVjzW2%2FJANM%2B6UKTCmm%2BGSfxAuvHFkLHvG%2BO%2BvG7FwUQzk5%2BCc1NAfra8I5KOL2dm\"}]}\r\ncontent-encoding: br\r\nset-cookie: view=1; Max-Age=86400; Expires=Sun, 28 Sep 2025 20:03:44 GMT\nPHPSESSID=67m7k645omgnejoshjhqth2uja; Path=/\r\ncf-ray: 985d9b28bf9e5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20429,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"6ca042876120ae6c7746ee082f732e86","sha1":"458956072a968c78d99a8a5b3f5b95fd9af2dfab","sha256":"7c52d79fe9ad6b96bab9ce6b11a2be23360e559636f7dd6bedbaf4421c1db62e","sha512":"c334d4d11f93c7dd53439feaf7e32f0de1314bbfe3e82f626f3f6d2b51940e26587d4fba00b27a99ab340ca57dfdeb8522352db563a4aa8722d738d67a711846","ssdeep":"384:upGtWtt4BZVvFr5vsX/hGGShSj7lNGs1Vz8yGMqVv8pAsAirq:upGtW34BZxFr5m/hGGShSj7lNGs1N8yQ","tlshash":"5792113da899208eb217f5e9bb719f416f4b0116ca0f877cb5f57aa8d3460ac34722d4","first_seen":"2023-05-14T11:10:34Z","last_seen":"2026-03-29T19:26:08.546142Z","times_seen":29,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 20612\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 22 Sep 2025 23:18:44 GMT\r\nexpires: Tue, 22 Sep 2026 23:18:44 GMT\r\ncache-control: public, max-age=31536000\r\nage: 420300\r\nlast-modified: Mon, 08 Sep 2025 18:08:15 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20612,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20612, version 1.0","md5":"b07da7aa3e4f363c5cdbc11312239e8c","sha1":"47bf5b2f24ea4a4caafccc89b9d2a6677ef9e3b8","sha256":"e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa","sha512":"420729406b315d8af34b62b78f39e763f5cf33cbf94467457b393fde0573dd7ffc6a23f25680988f9b82a4a3b719876ff76f3e1db047ce82615f544fc3a82532","ssdeep":"384:k5Eu+yl5Y9RpwjjmD/8Qu+POP9w+oB7rezldH9W4EMs8qCr9WvS80M8T4PTEXPFw:YEu+/Jw3FF+WP9DC/ez79jcCrb8BK4Eq","tlshash":"8192df6bce71497ac711262c773917addb8b44f627f91f2ba0562411c7b8e015c2cc7a","first_seen":"2025-01-09T06:25:34.419113Z","last_seen":"2026-04-13T13:26:52.869403Z","times_seen":45813,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":95,"dns":0,"connect":16,"send":0,"wait":16,"receive":5,"ssl":78},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:00:34 GMT","end":"Tue, 25 Nov 2025 22:00:33 GMT"},"fingerprint":{"sha1":"FC:5B:24:E2:ED:A9:65:69:CA:97:74:44:F8:E9:93:1A:50:E7:73:C1","sha256":"26:1B:F8:72:30:B2:C4:49:6A:2E:E7:A5:FC:26:35:74:02:CB:56:D1:F7:7E:A5:5E:89:65:A9:B4:1F:1F:DB:8F"}}},"request":{"raw":"GET /1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3430\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 968f736acc0c6c9f480e8c67ee926cfb\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6293,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6293), with no line terminators","md5":"6062294451a7a581dc74178c7c5a1332","sha1":"c8e09f671561b72bdae9fd3cfeea799629430105","sha256":"c556ffdcc50d996a51234a1dec5ae85925ffa13c788b800be900dc5eb1344d79","sha512":"5b4bcb7d6530bfa8d33d4c769d0934938af4e7842a518556021ed900fad8a06bc39c2d35494586adf34e4d6fe19095b2d41c726b8214746527e04cec9e910594","ssdeep":"192:M/H3P83adOwGuABXfKOBPpzbo3j3rFuuV6:MP/83adOwWp0j3Buz","tlshash":"fbd1a8dc768070800be7e97f776f651ab06a58501c4fe491f003a9e83d6872ed63eac1","first_seen":"2025-09-26T11:10:49.483616Z","last_seen":"2025-10-14T12:32:44.197235Z","times_seen":1614,"resource_available":true,"data":null}},"time_used":657,"timings":{"blocked":281,"dns":3,"connect":91,"send":0,"wait":96,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ICSW8FL2s4u9OpyXhoUfAR%2F64FaMTuBfnrlMZ29yPQZbzFOyi7J3RcTZeRhCtnm%2FsI%2B5oWJHYzENmHiEwzQM16GUyIlz4bWsILj008O4\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-3be\"\r\ncf-ray: 985d9b345d9eb512-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":958,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"89918681df9f363bb293cb027c2f1113","sha1":"cf7dca97b09ed3d03e821b407286539519a9f037","sha256":"6648e7501f858c8ffaf2b35736dbd37f2d22afb2c781ee552d7c113d77413b9e","sha512":"f8e40eb5727465e78b1f20b08e6d22f07be52165043b01566c12f1022bea70e63cda516588ea504c7e927a63c9680f439b014b72d9a88b518956e2dc5474be67","ssdeep":"","tlshash":"1a117a27156883f06257f027a1572adaea32029fe81a9717721c06cd0ec47b913fa6e7","first_seen":"2023-04-05T07:51:04Z","last_seen":"2026-04-13T14:10:23.8177Z","times_seen":1169,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/71/36/d9/7136d9d7eb7ce81a8bf8a865955ce95d/1680149780.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Sep 2025 02:32:56 GMT","end":"Sun, 07 Dec 2025 02:32:55 GMT"},"fingerprint":{"sha1":"F2:37:25:60:C4:34:06:EB:37:74:9F:D1:9C:FE:63:47:1F:30:4C:58","sha256":"AA:72:28:9B:C9:B7:77:AB:D7:89:4F:AC:CB:86:72:85:1D:1B:E5:15:4D:07:7B:D9:77:0F:D5:BE:92:06:8D:71"}}},"request":{"raw":"GET /si/71/36/d9/7136d9d7eb7ce81a8bf8a865955ce95d/1680149780.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 126360\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 30 Mar 2023 04:16:29 GMT\r\netag: \"64250d1d-1ed98\"\r\nexpires: Mon, 29 Sep 2025 20:03:46 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":126360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced","md5":"41f4b2ca195f511c887edd41139628b2","sha1":"e5d89c34cd328a03dff19ea3e4dac96d46dcccad","sha256":"68643d88434bb202c0a963a1330d3bfb7679fd3bc177f2f64d3ac76fded15eb7","sha512":"e852323c5190d9e721ebfdd687169ce71ed866085d0d2593fdfa73f63ecfa6a1cb038c210651628696ba48568e0084f375d7e5716525dd742337cd88c342a6a9","ssdeep":"3072:tdoVkGljQsodkkuIsC2tphyGTlIeSmV9x4/pY7LSCq0BLO:noSGF2dkzIsC2tpht+eSii/pWY","tlshash":"48c312cdf46973d54c29cdcc8b6e60a8dfeb9d81502c6d03992554c5e2bd8fea88078e","first_seen":"2023-06-24T15:48:47Z","last_seen":"2026-04-13T14:10:23.803263Z","times_seen":821,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":41,"dns":0,"connect":20,"send":0,"wait":67,"receive":39,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: application/octet-stream; charset=utf-8\r\ncontent-length: 77160\r\ncf-ray: 985d9b2a896c35a6-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\netag: \"5eb03e5f-12d68\"\r\nlast-modified: Mon, 04 May 2020 16:10:07 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 59039\r\nexpires: Thu, 17 Sep 2026 20:03:44 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=5Y8TfzwkoYv5K6gO%2F0Plq%2F2ScHRf7pbD8p5aWE85I5p52KSc6InJBcrocRaDsjojAV%2FKIGlIySIv2u25vYnjkNbcOF%2FoLVf3fkq0Ph%2B9AJaGir5IiYsMd6e6EP5Jm2Aemh3P4T2M\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"application/octet-stream; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-13T13:01:10.926253Z","times_seen":424618,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":11,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/pixel/sbs?c=1","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"heartilyscales.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 21:31:25 GMT","end":"Sun, 02 Nov 2025 21:31:24 GMT"},"fingerprint":{"sha1":"8C:BC:E6:45:99:A6:42:A8:C3:7C:33:7D:77:C5:9E:C7:70:2A:A9:6C","sha256":"44:0D:F2:B1:46:00:9E:72:AB:F2:58:53:DB:2A:6F:97:C8:DF:54:6F:43:D4:84:F7:D4:6A:D5:F7:8B:ED:15:C2"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: heartilyscales.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: uid_id2=f3a12137-4cd7-4f3a-b7df-bf497e3d0b2d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl15816950=1; sleca286902791a7f4c98bcb1e812322cd78=[3284458]; u_pl22675059=1; sleca032b4d33c8aea68a4f9b84235614bff=[4323736]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: heartilyscales.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"directlycascade.com/22/00/54/2200540f09f939738419313a1a090c32.js","fqdn":"directlycascade.com","domain":"directlycascade.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"directlycascade.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Sep 2025 11:12:27 GMT","end":"Tue, 09 Dec 2025 11:12:26 GMT"},"fingerprint":{"sha1":"76:17:4A:20:73:64:94:52:3B:6A:50:E2:7C:F7:F5:73:52:38:47:A4","sha256":"66:CD:95:7F:5E:D7:56:27:7A:6F:3B:80:CB:84:DC:89:A0:F0:BB:44:49:55:B4:81:76:24:2E:38:E3:FC:78:29"}}},"request":{"raw":"GET /22/00/54/2200540f09f939738419313a1a090c32.js HTTP/1.1\r\nHost: directlycascade.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 35756\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: directlycascade.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5c89fc4254c85c76449328468c3d746d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":97965,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"9707571ccac614022af56c1d55e06e9e","sha1":"04424a87332733f1cb6ed022d91da4d7bf1431f5","sha256":"53fb5ff7064391d69da3963ef817e8a2292e95f237d57980b865a5c315953963","sha512":"7688a7c2bdfe8238f3e7bef9f904b61b8b875594185d507eb236a958e7bbb5bc7755d41885a0f3603d09545652b4cb2d102e82f861076ba5b1a9765d5a959df8","ssdeep":"1536:l0xlYxhNnfI+veOOoJm+h1eE6eunK1lz2N9QeK22uLPmmrDfYpDkUeDCoxbp3pka:fxKoJSnxKI36WX","tlshash":"a9a3e9983b50f0bc02a674f9362f7906e064ce6160ccd668d507fca86b7975bf439e29","first_seen":"2025-09-26T15:59:14.087316Z","last_seen":"2025-10-03T01:45:29.140138Z","times_seen":22,"resource_available":true,"data":null}},"time_used":740,"timings":{"blocked":275,"dns":4,"connect":91,"send":0,"wait":95,"receive":90,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3430\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d784354945b93d7cfb0ed1627720797e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6293,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6293), with no line terminators","md5":"6062294451a7a581dc74178c7c5a1332","sha1":"c8e09f671561b72bdae9fd3cfeea799629430105","sha256":"c556ffdcc50d996a51234a1dec5ae85925ffa13c788b800be900dc5eb1344d79","sha512":"5b4bcb7d6530bfa8d33d4c769d0934938af4e7842a518556021ed900fad8a06bc39c2d35494586adf34e4d6fe19095b2d41c726b8214746527e04cec9e910594","ssdeep":"192:M/H3P83adOwGuABXfKOBPpzbo3j3rFuuV6:MP/83adOwWp0j3Buz","tlshash":"fbd1a8dc768070800be7e97f776f651ab06a58501c4fe491f003a9e83d6872ed63eac1","first_seen":"2025-09-26T11:10:49.483616Z","last_seen":"2025-10-14T12:32:44.197235Z","times_seen":1614,"resource_available":true,"data":null}},"time_used":671,"timings":{"blocked":287,"dns":4,"connect":91,"send":0,"wait":96,"receive":0,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"msdoj.com/hit","fqdn":"msdoj.com","domain":"msdoj.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"msdoj.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 00:32:12 GMT","end":"Fri, 28 Nov 2025 00:32:11 GMT"},"fingerprint":{"sha1":"A8:56:C4:4B:26:AD:D5:72:31:67:E8:75:28:D7:6C:F5:D6:A1:E2:B5","sha256":"65:DA:95:54:55:5B:C8:18:65:43:99:33:52:5B:EF:99:EF:5E:0F:AC:FB:6E:F7:6A:27:0B:3B:6A:69:3C:78:C7"}}},"request":{"raw":"POST /hit HTTP/1.1\r\nHost: msdoj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: multipart/form-data; boundary=---------------------------10980685821568999443898943683\r\nContent-Length: 1190\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 2\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: av_sw_hit=1; expires=Sun, 28 Sep 2025 20:03:44 GMT; secure; SameSite=None\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-13T13:13:41.491866Z","times_seen":266056,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/rtb/ab/1/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/notifications/rtb/ab/1/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 5982\r\nserver: cloudflare\r\nlast-modified: Mon, 02 Sep 2024 18:08:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"66d5ff2b-175e\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 2560441\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=purXlZwDuiQypG%2Bx6oXy65jGTq4tlHJIRYhZGc1PHMcxUUeJNh4kK8rQd5LF%2FognLuzVB1Z4TkqIPHwGdRGcZx4Mnv1dxpdwFuIY%2FI33\"}]}\r\ncf-ray: 985d9b320dcc56bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5982,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced","md5":"c489ce2c491a22ee37a55e26a92dfd73","sha1":"2fa588ab09e94dd902e5bd24b48f98ad1949c9d6","sha256":"1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd","sha512":"fe6a53296238283eac984b1912bfe7fbbdf5f0692f59f86e7e1ca989555a81be786ff29b9f8644443b2ace8137d412b6d9a92b0edf7f595ddf36058702a2d0d0","ssdeep":"96:FSDZ/I09Da01l+gmkyTt6Hk8nTbo5GZNKEBX97O+co2RF9JNssCgSSiiFr4uolec:FSDS0tKg9E05TAYwEBPwF9JNsTgSSL3C","tlshash":"80c1afeff8a058cf4566b7021c8e4080fbaa713d835536b4d4a092dc958be4a0fd7475","first_seen":"2023-04-05T23:50:36Z","last_seen":"2026-04-12T17:48:36.234091Z","times_seen":4076,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/favicon.ico","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ettv.twoproxy.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=67m7k645omgnejoshjhqth2uja; cf_clearance=ZeUv.gyvbVoSDwPAA69zTt3gl7E.pEO5kiNRUFjNeiw-1759003424-1.2.1.1-HlhW.vZVEHTajj3085u0f5Kuovp.UiP9XSP17rmezkrWDPkHoBlaZFrV3MPkBaitsKbjBEUys2dnpQXgxR2JugyolCso3ymI6SihS2EIA.1L7QcQ3oXXCrHX349ldq8j0Du15Wm.cxQdudPNBeeeA_l9BWVF8zRkGMTSU.k2XE9WKX1Pkd0WBYckfd5VHajeEeQ9h3XeKyiNWUHR9NRFztbRA1IVE8tLvDXNX0UnsqU; dom3ic8zudi28v8lr6fgphwffqoz0j6c=6dc2531a-6492-4f66-9579-6a294bdd60f8%3A1%3A1; sb_main_a286902791a7f4c98bcb1e812322cd78=1; sb_count_a286902791a7f4c98bcb1e812322cd78=1; sb_main_a032b4d33c8aea68a4f9b84235614bff=1; sb_count_a032b4d33c8aea68a4f9b84235614bff=2; pp_main_2200540f09f939738419313a1a090c32=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=heartilyscales.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GvzaE59LTJ1BlIPokU6muuXYnAVePsUjFY9EaogPZQqb7umfj%2Bm3wcqWjzGlTFT1xsiSXnQxp55UftxySXhnUiAYASes36nehf9GfYm73w%3D%3D\"}]}\r\nset-cookie: view=1; Max-Age=86400; Expires=Sun, 28 Sep 2025 20:03:46 GMT\r\ncontent-encoding: br\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 985d9b38694756c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel","md5":"9e69b011b020014ebe2719c27011c19f","sha1":"950ad4b2521715a8f1211f99761e6f27358c2932","sha256":"c9acc5ab458eefc1b1de99dbef72bc3c5ac28f910af7ca619abeec7478b2522e","sha512":"1a187ad04408af61d15fadf2f6b60de0e2e63b90d8bd76ae3fa34380cfe04d072755c61b8e2cdc75889badb230f1c627b06810b5e8f27e90e95531eab9cbae34","ssdeep":"","tlshash":"8f2148f0319b085fc2115e71b7809329cb8922836cb6df23395bbf0459914d47de14cc","first_seen":"2023-05-14T11:10:34Z","last_seen":"2026-04-08T13:46:00.692144Z","times_seen":219,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"172.67.170.115","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Tue, 29 Mar 2022 08:27:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Hhp0luz%2F5js%2BVgeswl4V%2FMQj%2BaldohoQ9eSJp3XwDyT%2FKEJ4IHIdpadZ8CluKxlVnBPXwa%2BOKPqokDVflDrkQjgQncczuc8vL%2FWXY9k%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 985d9b30fc44b4f3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1538,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"5a7df8dcac4cde2aeadb9f07a622d3fa","sha1":"4044f12fce935458c93ef71de58ac6bf97b28bba","sha256":"ccec003eccd7e299f825c7e48ba721d529f1c110bb5b60c60a18dca61cb6b45a","sha512":"4d075a467bec7bf6b68a5da10f2547cb101bf9ed75390e2d0629f7f35430a67b850253fb6b4c5381a1dfeaa642299088afce7a6d65e76ef173705c40a34fbc8f","ssdeep":"","tlshash":"6531055a2ee9c57701e35484bb342f2bed91aa83880a690173fc59a48f96dd1ce63407","first_seen":"2023-04-07T07:09:28Z","last_seen":"2026-04-13T14:10:23.798086Z","times_seen":1028,"resource_available":false,"data":null}},"time_used":412,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":412,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 22 Sep 2025 23:17:32 GMT\r\nexpires: Tue, 22 Sep 2026 23:17:32 GMT\r\ncache-control: public, max-age=31536000\r\nage: 420374\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-13T13:11:23.896471Z","times_seen":733997,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/b/?https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /b/?https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VsYcu7Mpr5hDZTTNdExlcLVx%2F0Wo4U1TqPrHzJy%2FTznVwu5RVsGRbwwKIPmUnaE3fHVYZJysM0lHWNOMctbpuKPe8g4sE4EC0xcHsgM%2FUX7i\"}]}\r\ncf-ray: 985d9b281e355ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":121200,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3430\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 79098cb63d502ae903db9b81f740c45a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6293,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6293), with no line terminators","md5":"6062294451a7a581dc74178c7c5a1332","sha1":"c8e09f671561b72bdae9fd3cfeea799629430105","sha256":"c556ffdcc50d996a51234a1dec5ae85925ffa13c788b800be900dc5eb1344d79","sha512":"5b4bcb7d6530bfa8d33d4c769d0934938af4e7842a518556021ed900fad8a06bc39c2d35494586adf34e4d6fe19095b2d41c726b8214746527e04cec9e910594","ssdeep":"192:M/H3P83adOwGuABXfKOBPpzbo3j3rFuuV6:MP/83adOwWp0j3Buz","tlshash":"fbd1a8dc768070800be7e97f776f651ab06a58501c4fe491f003a9e83d6872ed63eac1","first_seen":"2025-09-26T11:10:49.483616Z","last_seen":"2025-10-14T12:32:44.197235Z","times_seen":1614,"resource_available":true,"data":null}},"time_used":370,"timings":{"blocked":-1,"dns":0,"connect":91,"send":0,"wait":93,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Frtb%2Fab%2F1%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=485","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Frtb%2Fab%2F1%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=485 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3tcimX8JFGmsiHAL1q2qrotyl4Cp44OGy1Sz2jaqbHb7hu6XyeQJ6fQx2iqb50skb6ax2lzCjlLHQxdtwnfTigmESfn9%2BH7pkjS7WioLQgY%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 60084\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-1499c\"\r\ncf-ray: 985d9b343e50783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84380,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-13T12:39:33.538378Z","times_seen":16268,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=peZvSWqD0BBxpsiAkXbzkwYyC89dPLl1oWzA8YZsC%2FJxF9HiDWvY3Ppc2Xufro77YlQ5KU8ZMVvvdZ1GpTlfMLETbRJEGAIISaYyxv8A\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\netag: W/\"65aa84fe-3be\"\r\ncf-ray: 985d9b345d9db512-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":958,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"89918681df9f363bb293cb027c2f1113","sha1":"cf7dca97b09ed3d03e821b407286539519a9f037","sha256":"6648e7501f858c8ffaf2b35736dbd37f2d22afb2c781ee552d7c113d77413b9e","sha512":"f8e40eb5727465e78b1f20b08e6d22f07be52165043b01566c12f1022bea70e63cda516588ea504c7e927a63c9680f439b014b72d9a88b518956e2dc5474be67","ssdeep":"","tlshash":"1a117a27156883f06257f027a1572adaea32029fe81a9717721c06cd0ec47b913fa6e7","first_seen":"2023-04-05T07:51:04Z","last_seen":"2026-04-13T14:10:23.8177Z","times_seen":1169,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3d6cb814af1d591957736f74a00e33dc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":26,"send":0,"wait":28,"receive":25,"ssl":52},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fstyle.css\u0026l=4143\u0026fd=411","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fstyle.css\u0026l=4143\u0026fd=411 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/media/images/x.png","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /media/images/x.png HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\ncf-cache-status: BYPASS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lO9wNYN%2BjaYwLEyexcLo2fXrK5njTBfUb5xD7cb9Sx0xOY5KAe85aKxwCe8%2BMTc9yIx7k%2FSVcuihoanoU321kWbP4fGkOsBnArNfxmaM0T4u\"}]}\r\nset-cookie: view=1; Max-Age=86400; Expires=Sun, 28 Sep 2025 20:03:44 GMT\nPHPSESSID=d7ljbvgk4022ncf86ecbrml3mo; Path=/\r\ncf-ray: 985d9b281e485ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":804,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 25 x 25, 8-bit gray+alpha, non-interlaced","md5":"60d38c4ea5be98dee2053ba707427ad3","sha1":"ff72df3f7d789283808f7e2bbfb9f8502ddd1372","sha256":"ca71b8d565fe287ae18198cf7d4e2a81f78293d590e9bc666471bb0d2e471595","sha512":"1a4f1392618ff3fccb310ca065ff25dd39b7310cf55a3ed5fe1cd56be8cae3ac31a4658d34ce7fdfaf06a25e41d77c328c41a2857ae1e6391fabbcf8c40d5c06","ssdeep":"","tlshash":"cd0175c87c81eb5dc54e204296572341bf33afe7063b2a30740fe599bd082985a55bbd","first_seen":"2023-05-14T11:10:34Z","last_seen":"2026-03-29T19:26:08.564437Z","times_seen":28,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/impr.gif?sid=H4sIAAAAAAAC_1RSzWskRRSvnhUVFEQPHvyAEfagYCb9lflwD8t-anTNLLsri-xBqrqqJ2W6u9qq7unJeAkGZPHi7G2Pnd8kG9Qc9A8QZCKCBMVtL5uDQfDkXRQvIjMZzPqg3ntVv1eP3_tVfbyVHxEPOT28-rYayiiii0sNu_7yTZlwVZj6yo26YzfsM_WbMmn6Z-qDqdP91xzPb9iv1F8XwZpadG3Hth3bqV-WWoRqsDhDIdO9ttPoLDXaTsPp-Bjo_-9NbsFQC7x_RJ6B5NVTv4W3IIMJkvjLi8KsZSp99VKcRzRTGn2--06ylqgiQXyShtpCmOzOq6FMRcjdGlSyO58Aqr89nQBMVqT27C9gye6cJlh_55gpiyASMP4Eiv4EIppA0gkCtQnJ7xMg4FjpIonvrShd0PVjlE7Rijz6x--QRUUef4Egife657vX691UJCsiwyAsIQcTyN4Eab6PbFiDLPYRZB9B8h_J4p9XkMTbXRMpSH54OvSo4zpea8EPeGvBDz26wFo8XGCh32kJj9vM5TOBZDgBNRby6ZIW8rCGPK0h5od1lwfCabmizcJms9W0207Tafoub7ucu52OjzyYMh8hS0cIohECvYFUb2BN3rlvPwedfwOzWsJwCyYj6PMShSAoDEFBCQpJUGQERb_c4ZFxTXmPRyZnzjy68-iVY5X1tuiOynoiIaB6BM3LbZl-YDYRZNZ4GBoyVlNHWVaOKePlVnpEnp7qar37j8GaOKxT23OZzz0vaFNBm23qhx3W9l1vqen4LAxhZAlpajM9hrIirep7pLIi5NMHYHQfJtpHIE-B5i-CFiXoaolhsselTrUarDcCFYOrEmn2CLJ1ays6Is_PXvbc33chgoOzP3szQ6BLpLrE-_Jbgl50e3xNFWT7mioM-aqbZjKWQ5pJlVzPaCZOff6WWC-U5ssXzeizc8EUmKZ7N4TJrtCEy6RnyBfnJedCX1Y6EOTrZXNTsKu5WT2f6yRPr1y9cHk5TrUwRqpkAiorYn34AwJZkSffvDT70aeXP4HUE-i8RJwfkLkhSDdg0hPuRhHo6ARnqYUiL8faZf8djjULTyoiWZE3bv2KSByc_e6x9_Lrf_0EykoY8VAX8dBlOm1HZbllbqOnLdBsE0lcoq9L9KMSNBrB5KfGWapPeLHIGrNIW9ss0tGdY82NPKwHbIkKP2i6bWq3fZ95dqtpU98WYYs57SUHmalWH1x46d8AAAD__6JSSfHABAAA","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"heartilyscales.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 21:31:25 GMT","end":"Sun, 02 Nov 2025 21:31:24 GMT"},"fingerprint":{"sha1":"8C:BC:E6:45:99:A6:42:A8:C3:7C:33:7D:77:C5:9E:C7:70:2A:A9:6C","sha256":"44:0D:F2:B1:46:00:9E:72:AB:F2:58:53:DB:2A:6F:97:C8:DF:54:6F:43:D4:84:F7:D4:6A:D5:F7:8B:ED:15:C2"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSzWskRRSvnhUVFEQPHvyAEfagYCb9lflwD8t-anTNLLsri-xBqrqqJ2W6u9qq7unJeAkGZPHi7G2Pnd8kG9Qc9A8QZCKCBMVtL5uDQfDkXRQvIjMZzPqg3ntVv1eP3_tVfbyVHxEPOT28-rYayiiii0sNu_7yTZlwVZj6yo26YzfsM_WbMmn6Z-qDqdP91xzPb9iv1F8XwZpadG3Hth3bqV-WWoRqsDhDIdO9ttPoLDXaTsPp-Bjo_-9NbsFQC7x_RJ6B5NVTv4W3IIMJkvjLi8KsZSp99VKcRzRTGn2--06ylqgiQXyShtpCmOzOq6FMRcjdGlSyO58Aqr89nQBMVqT27C9gye6cJlh_55gpiyASMP4Eiv4EIppA0gkCtQnJ7xMg4FjpIonvrShd0PVjlE7Rijz6x--QRUUef4Egife657vX691UJCsiwyAsIQcTyN4Eab6PbFiDLPYRZB9B8h_J4p9XkMTbXRMpSH54OvSo4zpea8EPeGvBDz26wFo8XGCh32kJj9vM5TOBZDgBNRby6ZIW8rCGPK0h5od1lwfCabmizcJms9W0207Tafoub7ucu52OjzyYMh8hS0cIohECvYFUb2BN3rlvPwedfwOzWsJwCyYj6PMShSAoDEFBCQpJUGQERb_c4ZFxTXmPRyZnzjy68-iVY5X1tuiOynoiIaB6BM3LbZl-YDYRZNZ4GBoyVlNHWVaOKePlVnpEnp7qar37j8GaOKxT23OZzz0vaFNBm23qhx3W9l1vqen4LAxhZAlpajM9hrIirep7pLIi5NMHYHQfJtpHIE-B5i-CFiXoaolhsselTrUarDcCFYOrEmn2CLJ1ays6Is_PXvbc33chgoOzP3szQ6BLpLrE-_Jbgl50e3xNFWT7mioM-aqbZjKWQ5pJlVzPaCZOff6WWC-U5ssXzeizc8EUmKZ7N4TJrtCEy6RnyBfnJedCX1Y6EOTrZXNTsKu5WT2f6yRPr1y9cHk5TrUwRqpkAiorYn34AwJZkSffvDT70aeXP4HUE-i8RJwfkLkhSDdg0hPuRhHo6ARnqYUiL8faZf8djjULTyoiWZE3bv2KSByc_e6x9_Lrf_0EykoY8VAX8dBlOm1HZbllbqOnLdBsE0lcoq9L9KMSNBrB5KfGWapPeLHIGrNIW9ss0tGdY82NPKwHbIkKP2i6bWq3fZ95dqtpU98WYYs57SUHmalWH1x46d8AAAD__6JSSfHABAAA HTTP/1.1\r\nHost: heartilyscales.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: uid_id2=f3a12137-4cd7-4f3a-b7df-bf497e3d0b2d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl15816950=1; sleca286902791a7f4c98bcb1e812322cd78=[3284458]; u_pl22675059=1; sleca032b4d33c8aea68a4f9b84235614bff=[4323736]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+428c3ee92dc99b5b4a0da7a1d276f630=4323736; expires=Sun, 28 Sep 2025 20:03:46 GMT; path=/; secure; SameSite=None\niprc_l:4323736=1; expires=Sun, 28 Sep 2025 20:03:46 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 5\r\nHost: heartilyscales.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c34489a173785fc0dd348fb7b4bd5dd4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/themes/superAwesome/darkOverride.css?v=1640879548","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /themes/superAwesome/darkOverride.css?v=1640879548 HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ettv.twoproxy.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/css;charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 27 Sep 2025 20:03:44 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mZqw%2F4sfJugBOaajw8Xs4xd446Igy5Hn9pqO6VR0vaoysKEWgs5j84PTO00pwv0ksifnVABLvTd9n0ArxYQa6yLgZZa5g0AhIX8LJnPI7E6i\"}]}\r\ncontent-encoding: br\r\ncf-ray: 985d9b28f83f5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1092,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"21b47d2b1f870fa74d53a67204852127","sha1":"a3a1f1bdfd5f226a3682672dcb735afb0b947021","sha256":"43319a5858ba1c6230deef1f55f36a6017e2b0d897ebca649ca22e51b007a67a","sha512":"75a2e3366cb747e91b0ea93d829e30527cfae2a5c4a95ac2957ecf9c592afc4bc02c385465ca2141fbeab1775e9559fae196748a62b76d078cc90f532dca20d2","ssdeep":"","tlshash":"4b11e114d3f24e9b301f516846bee600733f60c7891d8f7d3b6ab1a05f1d290b8ba996","first_seen":"2025-06-07T13:21:09.727422Z","last_seen":"2026-03-29T19:26:08.541437Z","times_seen":26,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"directlycascade.com/sbar.json?key=a032b4d33c8aea68a4f9b84235614bff\u0026uuid=6dc2531a-6492-4f66-9579-6a294bdd60f8%3A1%3A1","fqdn":"directlycascade.com","domain":"directlycascade.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"directlycascade.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Sep 2025 11:12:27 GMT","end":"Tue, 09 Dec 2025 11:12:26 GMT"},"fingerprint":{"sha1":"76:17:4A:20:73:64:94:52:3B:6A:50:E2:7C:F7:F5:73:52:38:47:A4","sha256":"66:CD:95:7F:5E:D7:56:27:7A:6F:3B:80:CB:84:DC:89:A0:F0:BB:44:49:55:B4:81:76:24:2E:38:E3:FC:78:29"}}},"request":{"raw":"GET /sbar.json?key=a032b4d33c8aea68a4f9b84235614bff\u0026uuid=6dc2531a-6492-4f66-9579-6a294bdd60f8%3A1%3A1 HTTP/1.1\r\nHost: directlycascade.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4918\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ettv.twoproxy.net\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=6dc2531a-6492-4f66-9579-6a294bdd60f8:1:1; expires=Sat, 04 Oct 2025 20:03:45 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nu_pl22675059=1; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nsleca032b4d33c8aea68a4f9b84235614bff=[4323736]; expires=Sat, 27 Sep 2025 20:03:50 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 225\r\nHost: directlycascade.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c02407539b9e85f25f5b1a4788cff0fd\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6310,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"5110daef532c90091e72a582ae2e5dda","sha1":"1f74f19e18b4d37ff5aa57d655692b5ba22fa870","sha256":"bba5528015533f1444b1dd52d4cf1047afa6969440fc35e8d846c03c1f21c6c0","sha512":"466bf5547ec343559da2cb1143500539981550c59bb81a20deabbdbcfbc21e52fc7f568ab869e796eceddb1aec2277daf8bc08a2e21985fe5a395c7fd22ccd56","ssdeep":"192:9zJ5lF4Aoi5A4isfc2ZXSSqMnxlt5ARw7puKy/RfXp:9zhF4viCE02ZiSqMv3ppuK6RfXp","tlshash":"4ed17e3f3a093a3b8f888d59a5af2cf61de01d1b3951b68d41f3c2ee9021c95935c854","first_seen":"2025-09-27T20:04:10.534267Z","last_seen":"2025-09-27T20:04:10.534267Z","times_seen":1,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":317,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/ren.gif?sid=H4sIAAAAAAAC_1RSzWskRRSvnhUVFEQPHvyAEfagYCb9lflwD8t-anTNLLsri-xBqrqqJ2W6u9qq7unJeAkGZPHi7G2Pnd8kG9Qc9A8QZCKCBMVtL5uDQfDkXRQvIjMZzPqg3ntVv1eP3_tVfbyVHxEPOT28-rYayiiii0sNu_7yTZlwVZj6yo26YzfsM_WbMmn6Z-qDqdP91xzPb9iv1F8XwZpadG3Hth3bqV-WWoRqsDhDIdO9ttPoLDXaTsPp-Bjo_-9NbsFQC7x_RJ6B5NVTv4W3IIMJkvjLi8KsZSp99VKcRzRTGn2--06ylqgiQXyShtpCmOzOq6FMRcjdGlSyO58Aqr89nQBMVqT27C9gye6cJlh_55gpiyASMP4Eiv4EIppA0gkCtQnJ7xMg4FjpIonvrShd0PVjlE7Rijz6x--QRUUef4Egife657vX691UJCsiwyAsIQcTyN4Eab6PbFiDLPYRZB9B8h_J4p9XkMTbXRMpSH54OvSo4zpea8EPeGvBDz26wFo8XGCh32kJj9vM5TOBZDgBNRby6ZIW8rCGPK0h5od1lwfCabmizcJms9W0207Tafoub7ucu52OjzyYMh8hS0cIohECvYFUb2BN3rlvPwedfwOzWsJwCyYj6PMShSAoDEFBCQpJUGQERb_c4ZFxTXmPRyZnzjy68-iVY5X1tuiOynoiIaB6BM3LbZl-YDYRZNZ4GBoyVlNHWVaOKePlVnpEnp7qar37j8GaOKxT23OZzz0vaFNBm23qhx3W9l1vqen4LAxhZAlpajM9hrIirep7pLIi5NMHYHQfJtpHIE-B5i-CFiXoaolhsselTrUarDcCFYOrEmn2CLJ1ays6Is_PXvbc33chgoOzP3szQ6BLpLrE-_Jbgl50e3xNFWT7mioM-aqbZjKWQ5pJlVzPaCZOff6WWC-U5ssXzeizc8EUmKZ7N4TJrtCEy6RnyBfnJedCX1Y6EOTrZXNTsKu5WT2f6yRPr1y9cHk5TrUwRqpkAiorYn34AwJZkSffvDT70aeXP4HUE-i8RJwfkLkhSDdg0hPuRhHo6ARnqYUiL8faZf8djjULTyoiWZE3bv2KSByc_e6x9_Lrf_0EykoY8VAX8dBlOm1HZbllbqOnLdBsE0lcoq9L9KMSNBrB5KfGWapPeLHIGrNIW9ss0tGdY82NPKw7vtvkLcf2edh0wqXQ9UI7FHaTct8OOA-RmWr1wYWX_g0AAP__C_sIPsAEAAA=","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"heartilyscales.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 21:31:25 GMT","end":"Sun, 02 Nov 2025 21:31:24 GMT"},"fingerprint":{"sha1":"8C:BC:E6:45:99:A6:42:A8:C3:7C:33:7D:77:C5:9E:C7:70:2A:A9:6C","sha256":"44:0D:F2:B1:46:00:9E:72:AB:F2:58:53:DB:2A:6F:97:C8:DF:54:6F:43:D4:84:F7:D4:6A:D5:F7:8B:ED:15:C2"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSzWskRRSvnhUVFEQPHvyAEfagYCb9lflwD8t-anTNLLsri-xBqrqqJ2W6u9qq7unJeAkGZPHi7G2Pnd8kG9Qc9A8QZCKCBMVtL5uDQfDkXRQvIjMZzPqg3ntVv1eP3_tVfbyVHxEPOT28-rYayiiii0sNu_7yTZlwVZj6yo26YzfsM_WbMmn6Z-qDqdP91xzPb9iv1F8XwZpadG3Hth3bqV-WWoRqsDhDIdO9ttPoLDXaTsPp-Bjo_-9NbsFQC7x_RJ6B5NVTv4W3IIMJkvjLi8KsZSp99VKcRzRTGn2--06ylqgiQXyShtpCmOzOq6FMRcjdGlSyO58Aqr89nQBMVqT27C9gye6cJlh_55gpiyASMP4Eiv4EIppA0gkCtQnJ7xMg4FjpIonvrShd0PVjlE7Rijz6x--QRUUef4Egife657vX691UJCsiwyAsIQcTyN4Eab6PbFiDLPYRZB9B8h_J4p9XkMTbXRMpSH54OvSo4zpea8EPeGvBDz26wFo8XGCh32kJj9vM5TOBZDgBNRby6ZIW8rCGPK0h5od1lwfCabmizcJms9W0207Tafoub7ucu52OjzyYMh8hS0cIohECvYFUb2BN3rlvPwedfwOzWsJwCyYj6PMShSAoDEFBCQpJUGQERb_c4ZFxTXmPRyZnzjy68-iVY5X1tuiOynoiIaB6BM3LbZl-YDYRZNZ4GBoyVlNHWVaOKePlVnpEnp7qar37j8GaOKxT23OZzz0vaFNBm23qhx3W9l1vqen4LAxhZAlpajM9hrIirep7pLIi5NMHYHQfJtpHIE-B5i-CFiXoaolhsselTrUarDcCFYOrEmn2CLJ1ays6Is_PXvbc33chgoOzP3szQ6BLpLrE-_Jbgl50e3xNFWT7mioM-aqbZjKWQ5pJlVzPaCZOff6WWC-U5ssXzeizc8EUmKZ7N4TJrtCEy6RnyBfnJedCX1Y6EOTrZXNTsKu5WT2f6yRPr1y9cHk5TrUwRqpkAiorYn34AwJZkSffvDT70aeXP4HUE-i8RJwfkLkhSDdg0hPuRhHo6ARnqYUiL8faZf8djjULTyoiWZE3bv2KSByc_e6x9_Lrf_0EykoY8VAX8dBlOm1HZbllbqOnLdBsE0lcoq9L9KMSNBrB5KfGWapPeLHIGrNIW9ss0tGdY82NPKw7vtvkLcf2edh0wqXQ9UI7FHaTct8OOA-RmWr1wYWX_g0AAP__C_sIPsAEAAA= HTTP/1.1\r\nHost: heartilyscales.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: uid_id2=f3a12137-4cd7-4f3a-b7df-bf497e3d0b2d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl15816950=1; sleca286902791a7f4c98bcb1e812322cd78=[3284458]; u_pl22675059=1; sleca032b4d33c8aea68a4f9b84235614bff=[4323736]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: heartilyscales.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 71f5811232a1a7cab49833b7cea8a5a5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js\u0026l=958\u0026fd=114","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fjs%2Fscript.js\u0026l=958\u0026fd=114 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"directlycascade.com/pixel/sbs?c=1","fqdn":"directlycascade.com","domain":"directlycascade.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"directlycascade.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Sep 2025 11:12:27 GMT","end":"Tue, 09 Dec 2025 11:12:26 GMT"},"fingerprint":{"sha1":"76:17:4A:20:73:64:94:52:3B:6A:50:E2:7C:F7:F5:73:52:38:47:A4","sha256":"66:CD:95:7F:5E:D7:56:27:7A:6F:3B:80:CB:84:DC:89:A0:F0:BB:44:49:55:B4:81:76:24:2E:38:E3:FC:78:29"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: directlycascade.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: uid_id2=6dc2531a-6492-4f66-9579-6a294bdd60f8:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl22675059=1; sleca032b4d33c8aea68a4f9b84235614bff=[4323736]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: directlycascade.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"directlycascade.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js","fqdn":"directlycascade.com","domain":"directlycascade.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"directlycascade.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Sep 2025 11:12:27 GMT","end":"Tue, 09 Dec 2025 11:12:26 GMT"},"fingerprint":{"sha1":"76:17:4A:20:73:64:94:52:3B:6A:50:E2:7C:F7:F5:73:52:38:47:A4","sha256":"66:CD:95:7F:5E:D7:56:27:7A:6F:3B:80:CB:84:DC:89:A0:F0:BB:44:49:55:B4:81:76:24:2E:38:E3:FC:78:29"}}},"request":{"raw":"GET /a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js HTTP/1.1\r\nHost: directlycascade.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 29938\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: directlycascade.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6518383a9969e411f352aca245b079bd\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76300,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"beb769c30296ba9c3490d882cdd34510","sha1":"f0c3adef7aec2ff8ec5ffc0df2530d0f505bb4f8","sha256":"a0d7a843abcdfba86dada09bfc13775ed0b33183b05f5f27e9c604bbcc291a6d","sha512":"4401f7251c21812ab854226c54d67e5a1df1fd1a6b0a4ddf97b07d909feb8cb7046d3288e26f9744bb55f33105513c1d6b077111d91da527a3e74927eca3a72f","ssdeep":"768:fpCxicwKzukjCm/hYE4JoYC3ouzBcX2nVrHpSFXcdDqxv1l2qo0uw7T3SPGw65XW:fppUCQ37rVT0Rcd+9keSPjijlI","tlshash":"b273ea4c3f95f1ad43a26073222f941bf12a1d51b06cf8c8d253e8bc6eb9769b536b14","first_seen":"2025-09-26T15:59:14.106227Z","last_seen":"2025-10-08T07:50:28.638049Z","times_seen":62,"resource_available":true,"data":null}},"time_used":885,"timings":{"blocked":327,"dns":4,"connect":108,"send":0,"wait":118,"receive":108,"ssl":219},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.123.144.251","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://ettv.twoproxy.net\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=bee30187-ba18-47d0-afa9-4c4e7dfc1847:3:1; expires=Tue, 25 Sep 2035 20:03:44 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"75d4a5496b2097b8de6cad7d49cd630e","sha1":"1f0ad8182f8bc46d69ec706c9ff875828b3ea156","sha256":"5e896e1c11da8c39b95784133c998f0c01d6bd356f35a71e389d0bf1cbc75f29","sha512":"0bc9fcb890096c1eda5b1c261e8776f4855ecb7e1af55a17822ecbd9f4589128adfde1d37cb5d21cfd9755de6dd3ad5dc9d75f70ffd56eb9a005839943c7ff07","ssdeep":"","tlshash":"d8900415411574d1fd1d14141c000015c3510071033174743f54f10131553053540c51","first_seen":"2025-09-27T20:04:10.537391Z","last_seen":"2025-09-27T20:04:10.537391Z","times_seen":1,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":24,"send":0,"wait":24,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=6dc2531a-6492-4f66-9579-6a294bdd60f8\u0026eb=bcc2bf15b54b9ef4041d8328a3a75221\u0026te=cb12021f3311658dba63bcdbf4a88a26\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=a286902791a7f4c98bcb1e812322cd78\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=20","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 21:53:17 GMT","end":"Fri, 28 Nov 2025 21:53:16 GMT"},"fingerprint":{"sha1":"AA:2A:FC:C2:EE:01:8F:55:3F:19:46:84:4A:C8:A0:95:62:50:5C:A3","sha256":"3D:8C:1A:2E:1F:32:30:D4:D8:4F:D2:FB:CC:99:F1:9C:05:E5:7B:D8:9D:7D:24:86:AD:C5:1E:62:55:44:A4:CA"}}},"request":{"raw":"GET /pxf.gif?uuid=6dc2531a-6492-4f66-9579-6a294bdd60f8\u0026eb=bcc2bf15b54b9ef4041d8328a3a75221\u0026te=cb12021f3311658dba63bcdbf4a88a26\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=a286902791a7f4c98bcb1e812322cd78\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=20 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d7335bbe4ec87ce4da2617da06c318cc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":648,"timings":{"blocked":276,"dns":0,"connect":91,"send":0,"wait":96,"receive":0,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Frtb%2Fab%2F1%2Findex.html\u0026l=1453\u0026fd=165","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.501Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Frtb%2Fab%2F1%2Findex.html\u0026l=1453\u0026fd=165 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"origunix.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8","fqdn":"origunix.com","domain":"origunix.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"origunix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Sep 2025 00:54:40 GMT","end":"Mon, 15 Dec 2025 00:54:39 GMT"},"fingerprint":{"sha1":"EA:4D:52:7B:A7:DC:EC:8E:C0:40:42:81:FA:8B:F0:41:1A:8A:06:B9","sha256":"D2:C4:BB:C0:BC:07:5E:9C:EA:13:D3:33:59:AD:22:BA:79:E4:4D:F0:C5:B5:9E:48:3B:85:95:0C:1F:60:60:82"}}},"request":{"raw":"GET /sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1\r\nHost: origunix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nLocation: https://msdoj.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64136,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":42,"connect":25,"send":0,"wait":25,"receive":0,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1435\u0026rd=1435\u0026fd=480\u0026bv=25.9.7989\u0026tmpl=70","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:00:34 GMT","end":"Tue, 25 Nov 2025 22:00:33 GMT"},"fingerprint":{"sha1":"FC:5B:24:E2:ED:A9:65:69:CA:97:74:44:F8:E9:93:1A:50:E7:73:C1","sha256":"26:1B:F8:72:30:B2:C4:49:6A:2E:E7:A5:FC:26:35:74:02:CB:56:D1:F7:7E:A5:5E:89:65:A9:B4:1F:1F:DB:8F"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1435\u0026rd=1435\u0026fd=480\u0026bv=25.9.7989\u0026tmpl=70 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":672,"timings":{"blocked":276,"dns":0,"connect":92,"send":0,"wait":121,"receive":0,"ssl":183},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js? HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=67m7k645omgnejoshjhqth2uja\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\nserver: cloudflare\r\ncf-ray: 985d9b2c18ea56c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10078,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10078), with no line terminators","md5":"57242f2cf2f3a5e25dbb36a683719e1c","sha1":"0bdc1595207a11b200c8fb4cb9fbe011a2a96f13","sha256":"960cf8b4930d22457b83b9922d67d652b00793b3ee11ec6e4659769974017df9","sha512":"de5bdd6f1594e50f85bb8bb3131900ced5c293aa363af31ea76618ccc05b0da485287795ae13f213579349e9f08f9ae74dc883f990b0110e04f3d6f2b6a53193","ssdeep":"192:3lFW2j5Xtgh+9mFPkKvK6cJPk6wHaqDWTpXdmZox3SPti9s1xeqci5sqbNz:7f5XtghmfKi6cJPkL6EWFXUSSlCHZqV","tlshash":"2a22facbfd4eb07426712de71417b5cda4068ea320d49c1b6120d7d8be21bb4ba86e9d","first_seen":"2025-09-27T20:04:10.538976Z","last_seen":"2025-09-27T20:09:55.745574Z","times_seen":2,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 22 Sep 2025 23:17:32 GMT\r\nexpires: Tue, 22 Sep 2026 23:17:32 GMT\r\ncache-control: public, max-age=31536000\r\nage: 420374\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-13T13:11:23.896471Z","times_seen":733997,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/71/36/d9/7136d9d7eb7ce81a8bf8a865955ce95d/1680149780.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Sep 2025 02:32:56 GMT","end":"Sun, 07 Dec 2025 02:32:55 GMT"},"fingerprint":{"sha1":"F2:37:25:60:C4:34:06:EB:37:74:9F:D1:9C:FE:63:47:1F:30:4C:58","sha256":"AA:72:28:9B:C9:B7:77:AB:D7:89:4F:AC:CB:86:72:85:1D:1B:E5:15:4D:07:7B:D9:77:0F:D5:BE:92:06:8D:71"}}},"request":{"raw":"GET /si/71/36/d9/7136d9d7eb7ce81a8bf8a865955ce95d/1680149780.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 126360\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 30 Mar 2023 04:16:29 GMT\r\netag: \"64250d1d-1ed98\"\r\nexpires: Mon, 29 Sep 2025 20:03:46 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":126360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced","md5":"41f4b2ca195f511c887edd41139628b2","sha1":"e5d89c34cd328a03dff19ea3e4dac96d46dcccad","sha256":"68643d88434bb202c0a963a1330d3bfb7679fd3bc177f2f64d3ac76fded15eb7","sha512":"e852323c5190d9e721ebfdd687169ce71ed866085d0d2593fdfa73f63ecfa6a1cb038c210651628696ba48568e0084f375d7e5716525dd742337cd88c342a6a9","ssdeep":"3072:tdoVkGljQsodkkuIsC2tphyGTlIeSmV9x4/pY7LSCq0BLO:noSGF2dkzIsC2tpht+eSii/pWY","tlshash":"48c312cdf46973d54c29cdcc8b6e60a8dfeb9d81502c6d03992554c5e2bd8fea88078e","first_seen":"2023-06-24T15:48:47Z","last_seen":"2026-04-13T14:10:23.803263Z","times_seen":821,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":51,"dns":3,"connect":20,"send":0,"wait":68,"receive":35,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=6dc2531a-6492-4f66-9579-6a294bdd60f8\u0026eb=bcc2bf15b54b9ef4041d8328a3a75221\u0026te=cb12021f3311658dba63bcdbf4a88a26\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=a032b4d33c8aea68a4f9b84235614bff\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=20","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 21:53:17 GMT","end":"Fri, 28 Nov 2025 21:53:16 GMT"},"fingerprint":{"sha1":"AA:2A:FC:C2:EE:01:8F:55:3F:19:46:84:4A:C8:A0:95:62:50:5C:A3","sha256":"3D:8C:1A:2E:1F:32:30:D4:D8:4F:D2:FB:CC:99:F1:9C:05:E5:7B:D8:9D:7D:24:86:AD:C5:1E:62:55:44:A4:CA"}}},"request":{"raw":"GET /pxf.gif?uuid=6dc2531a-6492-4f66-9579-6a294bdd60f8\u0026eb=bcc2bf15b54b9ef4041d8328a3a75221\u0026te=cb12021f3311658dba63bcdbf4a88a26\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=a032b4d33c8aea68a4f9b84235614bff\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=20 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 2\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5615a560d03b17e9cd09e41406ce218d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":769,"timings":{"blocked":329,"dns":0,"connect":108,"send":0,"wait":111,"receive":0,"ssl":219},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/rtb/ab/1/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/notifications/rtb/ab/1/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Mon, 02 Sep 2024 18:08:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"66d5ff28-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nLqzJSHSRGcm3YXFD9UilRcvY7Ubyu8U6H4iV8nk9orHLHM0dXhZe%2B1A55xIK8agrEKi0e%2Bj1QlW7j%2B8WgWwhsRGkW4BQc9jRdoX2l51\"}]}\r\ncf-ray: 985d9b31ad7256bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-04-13T11:02:30.984508Z","times_seen":5619,"resource_available":false,"data":null}},"time_used":525,"timings":{"blocked":45,"dns":4,"connect":2,"send":0,"wait":435,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"172.67.170.115","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Tue, 29 Mar 2022 08:27:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SP3gLhDY6GJG7b%2B3F1ECDN7pGOAk2ndYB1Lv%2BPp%2BoiQnTglAuLhQGhhfBZKGMPn4aVAmDSEXt95YhSZyFGeP0nM4RMVDHP7KWDmq35M%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 985d9b30ec2cb4f3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1538,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"5a7df8dcac4cde2aeadb9f07a622d3fa","sha1":"4044f12fce935458c93ef71de58ac6bf97b28bba","sha256":"ccec003eccd7e299f825c7e48ba721d529f1c110bb5b60c60a18dca61cb6b45a","sha512":"4d075a467bec7bf6b68a5da10f2547cb101bf9ed75390e2d0629f7f35430a67b850253fb6b4c5381a1dfeaa642299088afce7a6d65e76ef173705c40a34fbc8f","ssdeep":"","tlshash":"6531055a2ee9c57701e35484bb342f2bed91aa83880a690173fc59a48f96dd1ce63407","first_seen":"2023-04-07T07:09:28Z","last_seen":"2026-04-13T14:10:23.798086Z","times_seen":1028,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":415,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn4.mndx1.com/icon_113558195553538_889.png","fqdn":"cdn4.mndx1.com","domain":"mndx1.com","tld":"com"},"ip":{"addr":"79.127.216.112","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn4.mndx1.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 Aug 2025 20:09:53 GMT","end":"Sat, 22 Nov 2025 20:09:52 GMT"},"fingerprint":{"sha1":"41:B1:B8:7C:FC:26:FD:00:1B:6C:9C:07:E4:BD:85:A7:66:4E:67:5E","sha256":"0F:BE:EC:B3:7F:1D:68:24:65:8D:1F:0D:86:A2:7D:68:9F:19:41:2E:9A:0B:CB:21:F7:59:98:1A:50:7B:32:49"}}},"request":{"raw":"GET /icon_113558195553538_889.png HTTP/1.1\r\nHost: cdn4.mndx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 53793\r\nserver: BunnyCDN-DE1-755\r\ncdn-pullzone: 1050139\r\ncdn-uid: 5ceed8e7-cd08-4fa9-9fd5-2c309512d291\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=3600\r\nlast-modified: Mon, 20 Jan 2025 08:43:02 GMT\r\nx-rgw-object-type: Normal\r\nx-amz-meta-mtime: 1729161369\r\ncdn-proxyver: 1.34\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 206\r\ncdn-cachedat: 09/20/2025 04:58:26\r\ncdn-edgestorageid: 1333\r\ncdn-requestid: 668cf38f56cfa0a26c481d1466b66001\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":53793,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 384 x 384, 8-bit colormap, non-interlaced","md5":"e38fcc433f437fc5aa969fb673a691f6","sha1":"e4531f3e89beaed3cf3dac47a0fd29e7b3c05c35","sha256":"4b05985b9ea6e0fd03110300c0b4e5baff3a35f62621acb04703720c0ffb3469","sha512":"85f7af4cd92bb0257d06f04d08504caebc50351fb54be1c0584634673d00c9e309f82ec0bbb4e18d7276da2dadfb7be60e3bd656f5c754291c3d144c4bc871fe","ssdeep":"1536:zQr0kSPA0/Z3/9myzGEmeHRnMKcj+NOAu5l1Mth:60zdZAyiYu+0lKth","tlshash":"2733025d4968fd1f4fb8aff0294ee76460b1562a23f44370222a49ef08f953059d3c87","first_seen":"2025-09-26T17:15:33.088773Z","last_seen":"2025-10-02T13:48:28.727017Z","times_seen":16,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":71,"dns":11,"connect":28,"send":0,"wait":29,"receive":50,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-27T20:03:43.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:43 GMT\r\ncontent-type: text/html;charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E2MHc8m1u0S0RpJz1evJhB70eySMk%2BlhbgTOYiS8UVseOBmJsYcHUcgopnyeItYtWKT%2BVxbjfrlxjs6IwrkH6JTIIzM%2BciByjHcNJFy5j7dU\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 985d9b26fb9f5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}],"data":{"size":20480,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (5316), with CRLF, LF line terminators","md5":"73ff92926ca5baeabfd0ca913d2071da","sha1":"62727d00665fc4315caa56359095f5d2502b7b09","sha256":"2aaadf6d63790141e71a807d71cfdd9622ccb7e0bfcdc2c289b77749cb5cd36c","sha512":"79b70d92385e9ce44d62f4c8a541c753f75a1def5f7cd90d15e72184660fef56da34956770f4d1a9e0bfce0e4768e7a389812b542a375670c792e19b235095af","ssdeep":"384:GVn+qkfy3Zcq6mhM9mBMPWnD0gq1CdPqTOTpBuEue3nx/Y:Gtmy3lh9BUF6qqTpBuEPXx/Y","tlshash":"0192b723a6d1052242334681b476bb3efd726407d7064e3871ac3bb7dfebe865913a85","first_seen":"2025-09-27T20:04:10.54212Z","last_seen":"2025-09-27T20:04:10.54212Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1690,"timings":{"blocked":777,"dns":0,"connect":2,"send":0,"wait":136,"receive":0,"ssl":775},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/b/?https://ettv.twoproxy.net/themes/superAwesome/custom-24.css?v=179","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /b/?https://ettv.twoproxy.net/themes/superAwesome/custom-24.css?v=179 HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://ettv.twoproxy.net/themes/superAwesome/custom-24.css?v=179\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0hg33T4a%2FvlhkqYoGQVmJ9MGG7GZKA4DRxtTD3K5K5yOOenzJ1IVXa%2Fuxl%2FjpoxCFY1NzdJVKJB4oyYElmKt%2Fn7Mmhbin6qq%2FuA%2FIHRBS1oA\"}]}\r\ncf-ray: 985d9b281e385ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38628,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.ibb.co/pyC2VvJ/alert-xxl.png","fqdn":"i.ibb.co","domain":"ibb.co","tld":"co"},"ip":{"addr":"45.43.142.2","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ibb.co","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 Aug 2025 07:17:47 GMT","end":"Sun, 16 Nov 2025 07:17:46 GMT"},"fingerprint":{"sha1":"30:62:E2:16:F0:8D:8F:C4:30:EF:67:44:60:2F:45:29:D1:5B:AF:94","sha256":"EE:AB:93:C9:6B:44:94:94:F6:EE:CA:98:DE:CE:BF:A6:25:9F:C8:76:A5:43:59:77:38:DD:D2:23:F7:9C:B1:70"}}},"request":{"raw":"GET /pyC2VvJ/alert-xxl.png HTTP/1.1\r\nHost: i.ibb.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 5554\r\nlast-modified: Mon, 07 Aug 2023 04:09:39 GMT\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5554,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced","md5":"8d0eed07b450044fdca282d1daf8a58c","sha1":"794e1284cdf81fd60154955c1805282ae21240cd","sha256":"baac89456a2d4dfdcdc14244fbe50a04ade7a401c82de605938a92e16f35c1af","sha512":"d1aab3205c8b00f207ea21f0996cbcfae1c9816fb73e749a4a85daf6eed19d5e40f90240c212bbe2ec17346b6e56132e467cb33c22aaf884efa910c482c304f3","ssdeep":"96:Pj88irwxhMv5KVO4+lcN+egT9cxF2gvPMdj80d7PJjOjSscgZ:PoWeGulq+eaSvUdXPFkc0","tlshash":"84b19e259de1cfcc6f774669d28af3f450520d90439276c83fdd8e710852288bc42724","first_seen":"2023-08-08T02:54:42Z","last_seen":"2026-04-12T17:48:36.28217Z","times_seen":3359,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":56,"dns":0,"connect":29,"send":0,"wait":29,"receive":273,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"heartilyscales.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 21:31:25 GMT","end":"Sun, 02 Nov 2025 21:31:24 GMT"},"fingerprint":{"sha1":"8C:BC:E6:45:99:A6:42:A8:C3:7C:33:7D:77:C5:9E:C7:70:2A:A9:6C","sha256":"44:0D:F2:B1:46:00:9E:72:AB:F2:58:53:DB:2A:6F:97:C8:DF:54:6F:43:D4:84:F7:D4:6A:D5:F7:8B:ED:15:C2"}}},"request":{"raw":"GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1\r\nHost: heartilyscales.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 29954\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: heartilyscales.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d03658f941dd702c24a6d8c6962ac7e5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":76311,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e3437160cac08c1807ac0b014553d033","sha1":"d0aed84dc666216fe48b3db526dc573a4484bf5b","sha256":"ceeb37b24e93e8d2de4a1c154b5ccbb6975dd5ac5f5d86c055ed4c6ce9174632","sha512":"66a7c1039dba101f03b9f508214391aa6fa59303000643d3c5e45387470b3147827ee835a5f3e43af0c750b57914b594448915ca5c5810a977e51b037e60658b","ssdeep":"768:fpCxicwKzukjCm/hYE4JoYC3ouzBGXDnwrHpSFXcdDqxv1l2qo0uw7T3SPGw6SXo:fppUCQ37swT0Rcd+9keSPjhj7Y","tlshash":"7573ea4c3f95f1ad43a26073222f941bf12a1d51b06cf8c8d253e8bc6eb9769b536b14","first_seen":"2025-09-26T16:35:49.554198Z","last_seen":"2025-10-08T05:41:54.469148Z","times_seen":41,"resource_available":true,"data":null}},"time_used":785,"timings":{"blocked":297,"dns":27,"connect":91,"send":0,"wait":96,"receive":90,"ssl":183},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/notifications/rtb/ab/1/index.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"172.67.170.115","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/notifications/rtb/ab/1/index.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Mon, 09 Jun 2025 19:55:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gwuF%2FkOpVt5veMSSOcBq5U%2F%2FhZ%2FGGIujzmYhUXQ8TMZwDggbRNEn3lU3qkYeygYZSRr7mUYWc8CjU%2FuuZnd6%2FF1TYq5YRdmOgMDE32s%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 985d9b309bffb4f3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1453,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"55be131919e3fd9110a3a281581437d6","sha1":"d098be60a423b62eaef83323897522f80bb0d51f","sha256":"a33d374524c5943cb392ed9638716ae8dff8c0ef09340e27edab07709dda13fd","sha512":"4f32ad7e07568c73fdbacde54d7dcf0f425dbe64e7b018e9ab2e8689e370cdc66cf25ea2ba3832566de0bf29fef2df048e7c84cc6d423a2a4e85fbaa0757c133","ssdeep":"","tlshash":"7e31345a2df8d2731182a0967b303f6beca2e54b5c4e56407bfc45a0cf9ad91ca5780b","first_seen":"2025-06-11T18:18:27.759407Z","last_seen":"2026-03-08T11:20:38.984218Z","times_seen":238,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":46,"dns":4,"connect":1,"send":0,"wait":116,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"directlycascade.com/ren.gif?sid=H4sIAAAAAAAC_1RSz2skRRSunhUVFEQPHvwBLexBwUy6e3o6M-5h2Z8ajZmwWQmyB6nuqp6U6e5qq7qnJ-MlGJDFi7O3PXa-STaoOegfIMhEBAmK2142B4PgybsoXkRmMpj1Qb33qr5Xj-99VR_v5CekgZwer7wtByKK6Hyzbpkvr4mEyUKbyzdN26pbF8w1kXjuBbM_car3mt1w69Yr5us82JDzjmVblm3Z5nWheCj781MUIj1o2fV2s96y63bbRV_9f69zA5oaYL0T8gwEq576LbwFEYyRxF9e5Xojk-mr1-I8oplU6LH9d5KNRBYJ4rM0VAbCZH9WDakrQu7WIJP92QSQvd3JBPBFRWrP_gI_2Z_RhN_bO2XqR-AJfPYEit4YPBpD0DECuQ3B7hMgYFjuIInvLUtV0M1TlE7Qijz6x-8QRUUef4EgiQ86lzurZiflyTLP0A9LiP4YojtGmh8iG9QgikME2UcQ7Ecy_-cSkni3oyMJwY7Peyxwmg2bznlu25lzQ8-bazcX2nMeddquz5hnha2pQCIcg2oD-WQJA3lYQ57WELNj02EBtxcc3vJDz1vwrJbt2Z7rsJbDmNNuu8iDCfMhsnSIIBoiUFtI1RY2xJ371nNQ-TfQ6yU0M6Azgh4rUXCCQhMUlKAQBEVGUPTKPRZpR5f3WKRz355FZxYb5Uhm3R26J7MuTwioGkKxclekH-htBJkxGoSajOTEUT8rR9Rn5U56Qp6e6Gq8-4_GBj82qdVwfJc1GkGLcuq1qBu2_ZbrNJqe7fphCC1KCF2b6jEQFVmovkcqKkI-fQCfHkJHhwjEOdD8RdCiBF0vMUgOmFCpkv3NeiBjMFkizR5BtmnsRCfk-enLXvr7LnhwdPHnxtQQqBKpKvG--JagG90e3ZAF2b0hC02-6qSZiMWAZkImqxnN-LnP3-KbhVRs8aoefnYpmACT9OAm19kSTZhIupp8cVkwxtV1qQJOvl7Ua9xfyfX65Vwlebq0cuX6YpwqrrWQyRhUVMT48AcEoiJPvnlt-qPPL34CocZQeYk4PyIzQ5BuQadn3LUkUNEZ7qcGirwcKcf_73Ck_PCsIhIVeePWr4j40cXvHnsvX_3rJ1C_hOYPdeEPXaaTdlSUO_o2usoAzbaRxCV6qkQvKkGjIXR-bpSl6oyXHxkjP1LGrh-p6M6p5locm7breGzBtlwWenbYDJ1GaIXc8ihzrYCxEJmu1h9ceenfAAAA__-RIBevwAQAAA==","fqdn":"directlycascade.com","domain":"directlycascade.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"directlycascade.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Sep 2025 11:12:27 GMT","end":"Tue, 09 Dec 2025 11:12:26 GMT"},"fingerprint":{"sha1":"76:17:4A:20:73:64:94:52:3B:6A:50:E2:7C:F7:F5:73:52:38:47:A4","sha256":"66:CD:95:7F:5E:D7:56:27:7A:6F:3B:80:CB:84:DC:89:A0:F0:BB:44:49:55:B4:81:76:24:2E:38:E3:FC:78:29"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz2skRRSunhUVFEQPHvwBLexBwUy6e3o6M-5h2Z8ajZmwWQmyB6nuqp6U6e5qq7qnJ-MlGJDFi7O3PXa-STaoOegfIMhEBAmK2142B4PgybsoXkRmMpj1Qb33qr5Xj-99VR_v5CekgZwer7wtByKK6Hyzbpkvr4mEyUKbyzdN26pbF8w1kXjuBbM_car3mt1w69Yr5us82JDzjmVblm3Z5nWheCj781MUIj1o2fV2s96y63bbRV_9f69zA5oaYL0T8gwEq576LbwFEYyRxF9e5Xojk-mr1-I8oplU6LH9d5KNRBYJ4rM0VAbCZH9WDakrQu7WIJP92QSQvd3JBPBFRWrP_gI_2Z_RhN_bO2XqR-AJfPYEit4YPBpD0DECuQ3B7hMgYFjuIInvLUtV0M1TlE7Qijz6x-8QRUUef4EgiQ86lzurZiflyTLP0A9LiP4YojtGmh8iG9QgikME2UcQ7Ecy_-cSkni3oyMJwY7Peyxwmg2bznlu25lzQ8-bazcX2nMeddquz5hnha2pQCIcg2oD-WQJA3lYQ57WELNj02EBtxcc3vJDz1vwrJbt2Z7rsJbDmNNuu8iDCfMhsnSIIBoiUFtI1RY2xJ371nNQ-TfQ6yU0M6Azgh4rUXCCQhMUlKAQBEVGUPTKPRZpR5f3WKRz355FZxYb5Uhm3R26J7MuTwioGkKxclekH-htBJkxGoSajOTEUT8rR9Rn5U56Qp6e6Gq8-4_GBj82qdVwfJc1GkGLcuq1qBu2_ZbrNJqe7fphCC1KCF2b6jEQFVmovkcqKkI-fQCfHkJHhwjEOdD8RdCiBF0vMUgOmFCpkv3NeiBjMFkizR5BtmnsRCfk-enLXvr7LnhwdPHnxtQQqBKpKvG--JagG90e3ZAF2b0hC02-6qSZiMWAZkImqxnN-LnP3-KbhVRs8aoefnYpmACT9OAm19kSTZhIupp8cVkwxtV1qQJOvl7Ua9xfyfX65Vwlebq0cuX6YpwqrrWQyRhUVMT48AcEoiJPvnlt-qPPL34CocZQeYk4PyIzQ5BuQadn3LUkUNEZ7qcGirwcKcf_73Ck_PCsIhIVeePWr4j40cXvHnsvX_3rJ1C_hOYPdeEPXaaTdlSUO_o2usoAzbaRxCV6qkQvKkGjIXR-bpSl6oyXHxkjP1LGrh-p6M6p5locm7breGzBtlwWenbYDJ1GaIXc8ihzrYCxEJmu1h9ceenfAAAA__-RIBevwAQAAA== HTTP/1.1\r\nHost: directlycascade.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: uid_id2=6dc2531a-6492-4f66-9579-6a294bdd60f8:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl22675059=1; sleca032b4d33c8aea68a4f9b84235614bff=[4323736]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: directlycascade.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9862261f9b443c62c18c7142eea4845d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/pixel/sbs?c=1","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"heartilyscales.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 21:31:25 GMT","end":"Sun, 02 Nov 2025 21:31:24 GMT"},"fingerprint":{"sha1":"8C:BC:E6:45:99:A6:42:A8:C3:7C:33:7D:77:C5:9E:C7:70:2A:A9:6C","sha256":"44:0D:F2:B1:46:00:9E:72:AB:F2:58:53:DB:2A:6F:97:C8:DF:54:6F:43:D4:84:F7:D4:6A:D5:F7:8B:ED:15:C2"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: heartilyscales.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: uid_id2=f3a12137-4cd7-4f3a-b7df-bf497e3d0b2d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl15816950=1; sleca286902791a7f4c98bcb1e812322cd78=[3284458]; u_pl22675059=1; sleca032b4d33c8aea68a4f9b84235614bff=[4323736]; iprc_l+428c3ee92dc99b5b4a0da7a1d276f630=4323736; iprc_l:4323736=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: heartilyscales.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":115,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vmuid.com/uid/send","fqdn":"vmuid.com","domain":"vmuid.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vmuid.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Sep 2025 01:59:37 GMT","end":"Mon, 15 Dec 2025 01:59:36 GMT"},"fingerprint":{"sha1":"84:BD:C5:EF:9D:1D:34:8C:A0:22:2D:D2:FB:A2:D3:F5:74:5F:7A:90","sha256":"30:7E:44:EB:16:94:91:A3:8A:D6:C1:32:D3:2D:D0:B9:A7:40:77:14:44:AB:8F:B5:EE:45:E6:8B:43:50:B5:55"}}},"request":{"raw":"POST /uid/send HTTP/1.1\r\nHost: vmuid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ettv.twoproxy.net/\r\nContent-Type: multipart/form-data; boundary=---------------------------424265966627214279323387797839\r\nContent-Length: 323\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/json\r\nContent-Length: 65\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version\r\nAccess-Control-Allow-Origin: https://ettv.twoproxy.net\r\nAccess-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, set-cookie, Cookie\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: guid=70fe37cc-2533-443a-87ce-229e0995f669; expires=Wed, 31 Dec 2025 00:00:00 GMT; domain=vmuid.com; path=/; secure; SameSite=None\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b588db3cbba9e6fc959872f0f8b5cef5","sha1":"b0dade971e9972f4274a745816975057df444934","sha256":"8fbeca30542d39eacee18417b0149eb767edf2a30e71cd8871c21783b779e943","sha512":"0470fef7746887b0e7171494c2bde38b6486b14ce5de27757f66b87ba50546b59e476a093a167b94c120a15f96cd4f4e0d78e83f063637d94d59bf3571bed893","ssdeep":"","tlshash":"f4a02280222200b308e0303002300cc00832a03cc23c022ce002008b332800322c0208","first_seen":"2025-09-27T20:04:10.545739Z","last_seen":"2025-09-27T20:04:10.545739Z","times_seen":1,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":13,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 27 Sep 2025 20:03:45 GMT\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"a90fc2bf15e304ef3fa4e7f75b6a8608","sha1":"0f8c2853b49a7c206d75af99117482d80a60f869","sha256":"6e10be4b6befecf6f3d1ae34b727939e6da334a1f2d815fd325ba9c455520772","sha512":"0d1a14e11c436dadf51cc489592867eaff3cae2c4a95748d2a25614c984560ad3588fb95e2aaafd4060d4954594951d09e71ab36e9859fb8590198811f156fc4","ssdeep":"384:pwf5wgwPwrwyUw/qY4+w4wYwpwfMw1wWw6wyhw/qY4XwNwtw4wfdwkwDw3wyQw/P:pc70afUQRptmJKBLfhQE8YTYHw+fQQVl","tlshash":"b472ed91041700009b835ce223cebf35fe5f92117141d0b9abfd9b6badcbc6652693ad","first_seen":"2025-09-08T23:24:40.129975Z","last_seen":"2025-11-18T23:33:55.863403Z","times_seen":3582,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 22 Sep 2025 23:17:32 GMT\r\nexpires: Tue, 22 Sep 2026 23:17:32 GMT\r\ncache-control: public, max-age=31536000\r\nage: 420374\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-13T13:11:23.896471Z","times_seen":733997,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F48%2F48%2Feb%2F4848ebd6f7295875a5d388ec2488aba3%2F1648542421.html\u0026l=1538\u0026fd=416","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F48%2F48%2Feb%2F4848ebd6f7295875a5d388ec2488aba3%2F1648542421.html\u0026l=1538\u0026fd=416 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ec970241cb1b24468d5afa0b490fe0ca\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":77,"dns":0,"connect":26,"send":0,"wait":31,"receive":26,"ssl":51},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 28 Aug 2025 13:14:02 GMT","end":"Wed, 26 Nov 2025 14:13:48 GMT"},"fingerprint":{"sha1":"7A:B2:21:7F:72:E3:39:3E:95:5D:FB:ED:BB:1C:7E:88:C4:7A:B1:B3","sha256":"FB:1D:6D:AF:DA:57:8D:9A:8B:B2:CC:FF:A2:55:C8:F3:71:3D:49:77:06:FC:4D:6F:16:91:61:6F:89:1C:A3:CB"}}},"request":{"raw":"GET /gid.js HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: https://ettv.twoproxy.net\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=0802514b8b3740c3e01162d0ac9e0668; expires=Sun, 27 Sep 2026 20:03:44 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 985d9b2cbffc56c9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"f6c04f114168aef3bb1bd48fe686c728","sha1":"96470e76cc36de94095993f6ed7f652ef7a14d1e","sha256":"26a25fe6610522719127cbce649681ef58ef2df5eaffc60bec6f896fde053e5e","sha512":"ef6ad6b7f75999d6d4f6539922cbc8ff7fc0c343b1ba1f8d0eab83757585e8d7c3357d295231f7894305fd9596b067ca8c4bc548527a0c1da29868ad508e2aa1","ssdeep":"","tlshash":"c4a002b5041846cd44d97565be57c76b50410342645d772f42f98182219779d4add268","first_seen":"2025-09-27T20:04:10.547907Z","last_seen":"2025-09-27T20:04:10.547907Z","times_seen":1,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":41,"dns":0,"connect":2,"send":0,"wait":32,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/sbar.json?key=a032b4d33c8aea68a4f9b84235614bff\u0026uuid=f3a12137-4cd7-4f3a-b7df-bf497e3d0b2d%3A1%3A1","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"heartilyscales.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 21:31:25 GMT","end":"Sun, 02 Nov 2025 21:31:24 GMT"},"fingerprint":{"sha1":"8C:BC:E6:45:99:A6:42:A8:C3:7C:33:7D:77:C5:9E:C7:70:2A:A9:6C","sha256":"44:0D:F2:B1:46:00:9E:72:AB:F2:58:53:DB:2A:6F:97:C8:DF:54:6F:43:D4:84:F7:D4:6A:D5:F7:8B:ED:15:C2"}}},"request":{"raw":"GET /sbar.json?key=a032b4d33c8aea68a4f9b84235614bff\u0026uuid=f3a12137-4cd7-4f3a-b7df-bf497e3d0b2d%3A1%3A1 HTTP/1.1\r\nHost: heartilyscales.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 3807\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ettv.twoproxy.net\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=f3a12137-4cd7-4f3a-b7df-bf497e3d0b2d:1:1; expires=Sat, 04 Oct 2025 20:03:45 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nu_pl22675059=1; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nsleca032b4d33c8aea68a4f9b84235614bff=[4323736]; expires=Sat, 27 Sep 2025 20:03:50 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 216\r\nHost: heartilyscales.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 62c958fed3d3cf88372c90bf9426c939\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6298,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"cad9b497a598b1af37e2e3b38a752dcf","sha1":"c9c383d851bcb8d89a6b66700ea4fc1f2229608f","sha256":"bab679dfd0a359ef571264dd6b7db1792607e3d46fddb3df50b749541af0376c","sha512":"5e4de6da1fd4d9487f804a509ff7ea1b88248e2e2b27689928bd816b5f45151e31549651a70834271e207a37c5544c3ca5c9635a80fdeecaa58f95b9b4c528a6","ssdeep":"96:9z0BzYtlT1mxfa/3Wl142Z0UFi69BzYtlT1mxfaxSLcuAXCcmx5w5lykcjRzLX35:9z0BI5Gj42Z0UU69BIiLcdCAyNRfXp","tlshash":"b8d15bff715d35f70ada44b6a8162fbe1cd094db6281a0ccd942a97f8c2ec052e6b114","first_seen":"2025-09-27T20:04:10.54951Z","last_seen":"2025-09-27T20:04:10.54951Z","times_seen":1,"resource_available":false,"data":null}},"time_used":333,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":333,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 22 Sep 2025 23:17:32 GMT\r\nexpires: Tue, 22 Sep 2026 23:17:32 GMT\r\ncache-control: public, max-age=31536000\r\nage: 420374\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-13T13:11:23.896471Z","times_seen":733997,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":25,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 22 Sep 2025 23:17:32 GMT\r\nexpires: Tue, 22 Sep 2026 23:17:32 GMT\r\ncache-control: public, max-age=31536000\r\nage: 420374\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-13T13:11:23.896471Z","times_seen":733997,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":15,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/app/apx19.js","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /app/apx19.js HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 12 Sep 2025 19:15:20 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iVcwuEEvzmXaKs6vVcArZAsof3aCydkvJkBgcBXlWA2LZUjOxyCKRm7kISyktQI%2FYh9IUY3na6N7P9DtIgcwLTCVDnG68iC1R%2BTNu7xr%2Bibt\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"68c47148-23df\"\r\ncontent-encoding: br\r\ncf-ray: 985d9b281e4c5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9183,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (9183), with no line terminators","md5":"2344c3f05f624d595f6fb920e4d74ded","sha1":"eb4d1404ac2d5eecd307f4588aeeab5c8ef463f1","sha256":"3a28fe59e4a2af96d8edeeb12d7040c574cf71fa88fccb5cf49e9c0a1d4e4c7a","sha512":"b1660b062c77332a119e159c5c69d3f75d375915a33f141503232f424c4fdd990998a883c271efb94e8eb909f7837d235354ecae15b58fc23ab9d1908170e831","ssdeep":"192:yfBLCNsvzXnQQuWYQVN6nYaRB5c5FM/MR6Adpf04u7w2Br:4gNYXnrYtBONxpf05r","tlshash":"62126cc87ac7f00b53ed8a53ae1a66b8117b946362a47907d3bcf6cd15e920bc179cc4","first_seen":"2023-03-07T12:40:02Z","last_seen":"2026-04-12T17:48:36.261661Z","times_seen":3518,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.118Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ettv.twoproxy.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 5631\r\ncf-ray: 985d9b28cc835687-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03e5f-7918\"\r\nlast-modified: Mon, 04 May 2020 16:10:07 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 292805\r\nexpires: Thu, 17 Sep 2026 20:03:44 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=UoUztFI7Ifrl60EW62EQAS8VmAppIKf2s7vyPIXFz85rzjU3ljkBGTDcHO7xwpBs2QWVJ3XTjGPZFGWRBmIjOOplV1QxvRXzBS%2Ftlo63zEd%2FZa34NqCDq%2Fg3vcaaNokifqHUyi05\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31000,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-04-13T13:13:26.433136Z","times_seen":242239,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":7,"dns":0,"connect":1,"send":0,"wait":14,"receive":0,"ssl":5},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-102f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0ph5vd6%2B6n6HgxGC0TUFfYVMEMYfAGx7cz2Q8H6bzrvezbNEVROT4mNp%2FX1yeKjgbAAh68egC1JBrVWkgjdlbi27Dq26Po8x%2Bv9XHhGB\"}]}\r\ncf-ray: 985d9b338f3656bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4143,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"42edbe7ea0d50c15a58bcf3cd1f43df2","sha1":"5a96da3c26cc968e5d1e60959aaaf5bad7e69e0c","sha256":"e12dbbf55a5eca972392177c56db92c2d803a1f3d3052caed3fb8d48a1eb45ae","sha512":"3fedfc13ddece3079276d608e54e48e96cf1111800c0c3a89e7ada26676ece61e6454103e8f00d573f6853ee34fec799e4c2211f3d2361b9cedc9a3611d020d4","ssdeep":"96:iTMXPnMbz7yHP/qmJxMX5fivTMXEtsBxkTMG2bCIbkOWfQbkOWfAbkO3oYQD9ytP:IMXUXg3JxMX5oMXEt+x/nbP3T3D3jV","tlshash":"7381315367230e40b506c9a63fa57b4323284523864be9793fc1674c8fca69dd2d238f","first_seen":"2024-03-15T10:41:13Z","last_seen":"2026-04-13T14:10:23.815413Z","times_seen":815,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":419,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:00:34 GMT","end":"Tue, 25 Nov 2025 22:00:33 GMT"},"fingerprint":{"sha1":"FC:5B:24:E2:ED:A9:65:69:CA:97:74:44:F8:E9:93:1A:50:E7:73:C1","sha256":"26:1B:F8:72:30:B2:C4:49:6A:2E:E7:A5:FC:26:35:74:02:CB:56:D1:F7:7E:A5:5E:89:65:A9:B4:1F:1F:DB:8F"}}},"request":{"raw":"GET /9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3430\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 72aa5452bf20a88bc3786b899797d97e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6293,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6293), with no line terminators","md5":"6062294451a7a581dc74178c7c5a1332","sha1":"c8e09f671561b72bdae9fd3cfeea799629430105","sha256":"c556ffdcc50d996a51234a1dec5ae85925ffa13c788b800be900dc5eb1344d79","sha512":"5b4bcb7d6530bfa8d33d4c769d0934938af4e7842a518556021ed900fad8a06bc39c2d35494586adf34e4d6fe19095b2d41c726b8214746527e04cec9e910594","ssdeep":"192:M/H3P83adOwGuABXfKOBPpzbo3j3rFuuV6:MP/83adOwWp0j3Buz","tlshash":"fbd1a8dc768070800be7e97f776f651ab06a58501c4fe491f003a9e83d6872ed63eac1","first_seen":"2025-09-26T11:10:49.483616Z","last_seen":"2025-10-14T12:32:44.197235Z","times_seen":1614,"resource_available":true,"data":null}},"time_used":654,"timings":{"blocked":279,"dns":0,"connect":91,"send":0,"wait":95,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/sbar.json?key=a286902791a7f4c98bcb1e812322cd78\u0026uuid=791296aa-012b-43b3-888d-22d9e5ec171f%3A3%3A1","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"heartilyscales.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 21:31:25 GMT","end":"Sun, 02 Nov 2025 21:31:24 GMT"},"fingerprint":{"sha1":"8C:BC:E6:45:99:A6:42:A8:C3:7C:33:7D:77:C5:9E:C7:70:2A:A9:6C","sha256":"44:0D:F2:B1:46:00:9E:72:AB:F2:58:53:DB:2A:6F:97:C8:DF:54:6F:43:D4:84:F7:D4:6A:D5:F7:8B:ED:15:C2"}}},"request":{"raw":"GET /sbar.json?key=a286902791a7f4c98bcb1e812322cd78\u0026uuid=791296aa-012b-43b3-888d-22d9e5ec171f%3A3%3A1 HTTP/1.1\r\nHost: heartilyscales.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 7883\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ettv.twoproxy.net\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=791296aa-012b-43b3-888d-22d9e5ec171f:3:1; expires=Sat, 04 Oct 2025 20:03:45 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nu_pl15816950=1; expires=Sun, 28 Sep 2025 20:03:45 GMT; path=/; secure; SameSite=None\nsleca286902791a7f4c98bcb1e812322cd78=[3284458]; expires=Sat, 27 Sep 2025 20:03:50 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 215\r\nHost: heartilyscales.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 87360ccab06f452cce06d6aef32055f6\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":7858,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"729d222188900cdc925edb5c79e93bc9","sha1":"5bed0122b1f183e6342a3a7c5561c1cd7d137878","sha256":"53c281e1b3f0b7f8f061c659060b1432c24269ed8a8d8b8fa1f36b0ac49c58fa","sha512":"a3f1bff7ddee44a6ebb633fb65c2be8b70d70847517dfc82015662995af19eef322e081cfccb018037930206bf9375b56382eff4f9bf1be226ad3e7b7232a95d","ssdeep":"192:9zR12NQkcUKR6PbtierpqKz0SI6X3im1s76xCfuNaag:9zfy2RKRierLIIsTjJ","tlshash":"bcf1b0be2b1b2a520396574b32360ca8582b40845e760bded1ddcbed8254f056f8057c","first_seen":"2025-09-27T20:04:10.553268Z","last_seen":"2025-09-27T20:04:10.553268Z","times_seen":1,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":307,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/ren.gif?sid=H4sIAAAAAAAC_6RTS2wcSxWtcRCKYIEACYlPRJGJEEiZme6enk8nCytx7GgSx7ZsoyAhBNVd1ePKdFc1VdXTtsUiIihKVrF3wIb2HTsmwVJg5w0omsluJKQMLDILvGED7IJQ9BZv8TS285InvV3u4t7bOkdX5xx13d9Jj1AVUjJeuiU3eRSRSq1s4R_c5oLKTOOFVWxbZesyvs1F3b2M1ydNdS_ZVbds_RBfZ0FHVhzLtizbsvEcVyyU65VjFHhy0LTLXq3ctMu258K6-uy3TgugSQFo9wh9DTgdfeVf4U-AB30Q8Z-uMd0xMrk4G6cRMVJBl-7_SHSEzATE79ZQFSAU-6dskHqE0G-mQIr9Uwcgu7sTB-DzEZr6xj_BF_unMsHv7p0o9SNgAnz6Zci6fWBRHzjpQyDvAacvEUBAYWERRPx4QaqMbJygZIKO0Bf__x_g2Qid_Q4CER8sXl1cwYsJEwvMwHqYA1_vA2_3IUkHYDangGcDCMyvgNO_ocqbeRDx7qKOJHA6vtDwbMerE1KybMcvuVW_Wmo2m7TkONRjNRbYDTs8DoiHfSD6DKS6ACkvQBpOQZpMQUzH2KEBsxsOa_phvd6oW027btddhzYdSh3PcyENJsq3wCRbEERbEKi7kKi70OHbL61vgUqfg17LQdMCaIOgS3PIGIJMI8gIgowjyAyCrJvv0Ug7On9MI5369ul0Tmc170nT3iF70rSZQEDUFiia7_LkF_oeBKbQ2ww16slJI77Je8Sn-U5yhL56nOvrH7-BDhtj4jTrnuU0PJs0Qjfwmn7g26xpO1XHCWijCZrnwPUUEF2ATT5ChfwIEj5C6NEr8MkAdDSAgJ8Hkp4DkuVA1nLYFAep8CMZdBgtcwpU5pCYL4DZKOxER-jbxwqcc_8FFgynn6l__O_3f80gUDkkKoc7_AWCdvSgtywztLssM43-vJgYHvNNYrgUK4YYhp7eZBuZVLR1TW89uRJMgMl6sMq0mSeCctHW6I9XOaVMzUkVMPSXlr7N_KVUr11NlUiT-aWZuVacKKY1l6IPhL8MPoaAj9DZh186_p-_-aIFXA1ApePWmjGJvlSpaNUtU1P2Y0HXy4GMK12n4jatiu14QdX1ayXPp7Rk26FVIlbNKZF61Q7coObVSbNiV4II4nQ4va0Pf44QgiD59bNi8drsysxya2m1tbhQLI4f3UhFZ4MoipnCTGBtZGRwxLpMEUEHhwqTLtZGMWYyRlSpEw0eK8zxglSUiTKe40LgcHCotGGdiGjNND7hyDa-I9ttpjsSh4pgyrA2J0QcM9Vhgl3E_mCPMpwM9rBgxmDZflYszl9Zvj77s9atK9dni8XxzbdZ8Ji02YekweM_FIutmWPbNz69GkjxQUeDJ8Xiamt1fqL10srgMElYlEyCwL_EN-8MDpP30vucZN5aB50Mpw8-evXd0eunoCUCFQ3RaYGfFCBL855y_OF0fP_8i6XvP-wpPxxOb6-p5xNGxEfop__-OkRsOP3kt5P6HRA_B83eu_Ju7ymSji8Q32WNuuWU7CprllzPJSWfsrDkWY2aRz3fbnhuTxGe7-gH0FYFIOYeiDiHrsqhG-VAoi3Q6ZmeSdRw-u_V4wI_KvT8SBV2_UhF2ycvT_Mxtl2nThu25dKwboe10KmGVsisOqGuFVAagtGjtVcz3_skAAD___TP8_7GBgAA","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"heartilyscales.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 21:31:25 GMT","end":"Sun, 02 Nov 2025 21:31:24 GMT"},"fingerprint":{"sha1":"8C:BC:E6:45:99:A6:42:A8:C3:7C:33:7D:77:C5:9E:C7:70:2A:A9:6C","sha256":"44:0D:F2:B1:46:00:9E:72:AB:F2:58:53:DB:2A:6F:97:C8:DF:54:6F:43:D4:84:F7:D4:6A:D5:F7:8B:ED:15:C2"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_6RTS2wcSxWtcRCKYIEACYlPRJGJEEiZme6enk8nCytx7GgSx7ZsoyAhBNVd1ePKdFc1VdXTtsUiIihKVrF3wIb2HTsmwVJg5w0omsluJKQMLDILvGED7IJQ9BZv8TS285InvV3u4t7bOkdX5xx13d9Jj1AVUjJeuiU3eRSRSq1s4R_c5oLKTOOFVWxbZesyvs1F3b2M1ydNdS_ZVbds_RBfZ0FHVhzLtizbsvEcVyyU65VjFHhy0LTLXq3ctMu258K6-uy3TgugSQFo9wh9DTgdfeVf4U-AB30Q8Z-uMd0xMrk4G6cRMVJBl-7_SHSEzATE79ZQFSAU-6dskHqE0G-mQIr9Uwcgu7sTB-DzEZr6xj_BF_unMsHv7p0o9SNgAnz6Zci6fWBRHzjpQyDvAacvEUBAYWERRPx4QaqMbJygZIKO0Bf__x_g2Qid_Q4CER8sXl1cwYsJEwvMwHqYA1_vA2_3IUkHYDangGcDCMyvgNO_ocqbeRDx7qKOJHA6vtDwbMerE1KybMcvuVW_Wmo2m7TkONRjNRbYDTs8DoiHfSD6DKS6ACkvQBpOQZpMQUzH2KEBsxsOa_phvd6oW027btddhzYdSh3PcyENJsq3wCRbEERbEKi7kKi70OHbL61vgUqfg17LQdMCaIOgS3PIGIJMI8gIgowjyAyCrJvv0Ug7On9MI5369ul0Tmc170nT3iF70rSZQEDUFiia7_LkF_oeBKbQ2ww16slJI77Je8Sn-U5yhL56nOvrH7-BDhtj4jTrnuU0PJs0Qjfwmn7g26xpO1XHCWijCZrnwPUUEF2ATT5ChfwIEj5C6NEr8MkAdDSAgJ8Hkp4DkuVA1nLYFAep8CMZdBgtcwpU5pCYL4DZKOxER-jbxwqcc_8FFgynn6l__O_3f80gUDkkKoc7_AWCdvSgtywztLssM43-vJgYHvNNYrgUK4YYhp7eZBuZVLR1TW89uRJMgMl6sMq0mSeCctHW6I9XOaVMzUkVMPSXlr7N_KVUr11NlUiT-aWZuVacKKY1l6IPhL8MPoaAj9DZh186_p-_-aIFXA1ApePWmjGJvlSpaNUtU1P2Y0HXy4GMK12n4jatiu14QdX1ayXPp7Rk26FVIlbNKZF61Q7coObVSbNiV4II4nQ4va0Pf44QgiD59bNi8drsysxya2m1tbhQLI4f3UhFZ4MoipnCTGBtZGRwxLpMEUEHhwqTLtZGMWYyRlSpEw0eK8zxglSUiTKe40LgcHCotGGdiGjNND7hyDa-I9ttpjsSh4pgyrA2J0QcM9Vhgl3E_mCPMpwM9rBgxmDZflYszl9Zvj77s9atK9dni8XxzbdZ8Ji02YekweM_FIutmWPbNz69GkjxQUeDJ8Xiamt1fqL10srgMElYlEyCwL_EN-8MDpP30vucZN5aB50Mpw8-evXd0eunoCUCFQ3RaYGfFCBL855y_OF0fP_8i6XvP-wpPxxOb6-p5xNGxEfop__-OkRsOP3kt5P6HRA_B83eu_Ju7ymSji8Q32WNuuWU7CprllzPJSWfsrDkWY2aRz3fbnhuTxGe7-gH0FYFIOYeiDiHrsqhG-VAoi3Q6ZmeSdRw-u_V4wI_KvT8SBV2_UhF2ycvT_Mxtl2nThu25dKwboe10KmGVsisOqGuFVAagtGjtVcz3_skAAD___TP8_7GBgAA HTTP/1.1\r\nHost: heartilyscales.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: uid_id2=791296aa-012b-43b3-888d-22d9e5ec171f:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl15816950=1; sleca286902791a7f4c98bcb1e812322cd78=[3284458]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: heartilyscales.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 680f6164f56c93ac33f7b82581749f63\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-13365\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BFSCcOq2q4fSACr0RlWfrGjoeLjhN9iECZiWyrVMzb7RYTjtNp5WwZ1GgvclJzzgS5saau6uO7rmZ7ADaoM2Q8nrVNlvBnt4G4a%2BHfnu\"}]}\r\ncf-ray: 985d9b339d80b512-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78693,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"5982c5377696d20476871062646b253f","sha1":"8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242","sha256":"4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4","sha512":"92592dac2a817293e8ec1d94bf99df639626a90d524420b01a12210398927c0650cc26fa8e730300096b29961563aa02efb707478c6d51ac8616bb1bde5a0cb2","ssdeep":"384:jvuAuF81dghu3uFlZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uhu7uNKwZiMUL6Vpaj7F","tlshash":"1d731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-02-12T20:28:38Z","last_seen":"2026-04-13T12:30:49.468141Z","times_seen":6480,"resource_available":false,"data":null}},"time_used":412,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":412,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 591\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa84fe-24f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 312201\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K%2BydHsgMZRAZaffZw72Cxzc48w76FKpRHabgWn2ytoJTjH1EBdcoMKDWGAycN02GHWkfyiO53YuWGJ6ZOhoA4Hi37gGGYYsM4UBMsWbKwCI%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 985d9b344e51783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced","md5":"9fd5bcb6103d86e317bd1eb019bcbe71","sha1":"6b5a52ea669dcb74946f2bed4bdd7ec985026113","sha256":"0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae","sha512":"e244a8842c009fa83e8d9d1088ec5b76ca2a42660568b7886e01724977b9ebd4e43690e0c651e25287c64dcc4826391b34cae6a106e2148139450dd05fc5a562","ssdeep":"","tlshash":"b0f0414e7c5903a1874caf3b18dd00119c27898077c82e0db689eed20e008e215471da","first_seen":"2023-04-11T11:09:41Z","last_seen":"2026-04-13T12:39:33.553105Z","times_seen":4780,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 317b7f9195630f4c4664112421eb5f86\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":88,"dns":0,"connect":0,"send":0,"wait":27,"receive":25,"ssl":55},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6BrnP7etD4nI50fjWMaLerMH%2BwyVUMaAza4Ecsf9IbF3CRSeo%2BHbnbbX9kOF0%2B1FF4J0xlzAftgGO%2FnRTLBuqviIdeDWrkBDUZ6XmWSM0ms%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 60084\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-1499c\"\r\ncf-ray: 985d9b344e52783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84380,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-13T12:39:33.538378Z","times_seen":16268,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"directlycascade.com/impr.gif?sid=H4sIAAAAAAAC_1RSz4scRRSu3ogKCqIHD_6AEXJQcGe7e3p6eswh5Keuxp2QRILkIFVd1bPldne1Vd3Ts-MlGJDgxcktx95vNlnUPegfIMisCBIU016yBxfBk3dRvIjM7ODGB_Xeq_pePb73VX28VRyQFgq6f_FtNZJxTFfaTbvx8lWZclWaxtqVhmM37RONqzL1vRON4czpwWtOy2varzReF-GGWnFtx7Yd22mcl1pEargyRyGz3cBpdtvNwGk6XQ9D_f-9KSwYaoEPDsgzkLx-6rfoGmQ4RZp8eVaYjVxlr55LipjmSmPAd95JN1JVpkiO0khbiNKdRTWUqQm5vQSV7iwmgBpszyYAkzVZevYXsHRnQRNscOeQKYshUjD-BMrBFCKeQtIpQnUDkt8nQMix1kOa3F1TuqSbhyidoTV59I_fIcuaPP4CQZrs9k73Ljd6mUjXRI5hVEEOp5D9KbJiD_loCbLcQ5h_BMl_JCt_XkCabPdMrCD5_nGfh2675dBl3-u6y17k-8vddqe77FO36zHOfTsK5gLJaApqLBSzJS0U0RKKbAkJ32-4PBROxxUBi3y_49uB4zu-5_LA5dztdj0U4Yz5GHk2RhiPEerryPR1bMhb9-3noItvYNYrGG7B5AQDXqEUBKUhKClBKQnKnKAcVHd4bFxT3eWxKZiziO4itqqJyvtb9I7K-yIloHoMzattmX1gbiDMrckoMmSiZo6yvJpQxqut7IA8PdPVevcfgw2x36B2y2Ueb7XCgArqB9SLuizw3FbbdzwWRTCygjRLcz1Gsiad-ntksibk0wdgdA8m3kMoj4EWL4KWFeh6hVG6y6XOtBpuNkOVgKsKWf4I8k1rKz4gz89f9tTftyHCeyd_bs0Noa6Q6Qrvy28J-vHNySVVku1LqjTkq16Wy0SOaC5VejmnuTj2-Vtis1Sar541489OhTNglu5eESa_QFMu074hX5yWnAt9XulQkK9XzVXBLhZm_XSh0yK7cPHM-dUk08IYqdIpqKyJ9eEPCGVNnnzz3PxHH1_9BFJPoYsKSXGPLAxhdh0mO-JuFIGOj3CWWSiLaqJd9t_hRLPoqCKWNXnj2q-Ixb2T3z32XnH5r59AWQUjHuoiHrpMZ-2orLbMTfS1BZrfQJpUGOgKg7gCjccwxbFJnukjXiy2JizW1jaLdXzrUHMj9xsha1Phhb4bUDvwPNayO75NPVtEHeYEbQe5qdcfnHnp3wAAAP__OIlWYMAEAAA=","fqdn":"directlycascade.com","domain":"directlycascade.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"directlycascade.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 10 Sep 2025 11:12:27 GMT","end":"Tue, 09 Dec 2025 11:12:26 GMT"},"fingerprint":{"sha1":"76:17:4A:20:73:64:94:52:3B:6A:50:E2:7C:F7:F5:73:52:38:47:A4","sha256":"66:CD:95:7F:5E:D7:56:27:7A:6F:3B:80:CB:84:DC:89:A0:F0:BB:44:49:55:B4:81:76:24:2E:38:E3:FC:78:29"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSz4scRRSu3ogKCqIHD_6AEXJQcGe7e3p6eswh5Keuxp2QRILkIFVd1bPldne1Vd3Ts-MlGJDgxcktx95vNlnUPegfIMisCBIU016yBxfBk3dRvIjM7ODGB_Xeq_pePb73VX28VRyQFgq6f_FtNZJxTFfaTbvx8lWZclWaxtqVhmM37RONqzL1vRON4czpwWtOy2varzReF-GGWnFtx7Yd22mcl1pEargyRyGz3cBpdtvNwGk6XQ9D_f-9KSwYaoEPDsgzkLx-6rfoGmQ4RZp8eVaYjVxlr55LipjmSmPAd95JN1JVpkiO0khbiNKdRTWUqQm5vQSV7iwmgBpszyYAkzVZevYXsHRnQRNscOeQKYshUjD-BMrBFCKeQtIpQnUDkt8nQMix1kOa3F1TuqSbhyidoTV59I_fIcuaPP4CQZrs9k73Ljd6mUjXRI5hVEEOp5D9KbJiD_loCbLcQ5h_BMl_JCt_XkCabPdMrCD5_nGfh2675dBl3-u6y17k-8vddqe77FO36zHOfTsK5gLJaApqLBSzJS0U0RKKbAkJ32-4PBROxxUBi3y_49uB4zu-5_LA5dztdj0U4Yz5GHk2RhiPEerryPR1bMhb9-3noItvYNYrGG7B5AQDXqEUBKUhKClBKQnKnKAcVHd4bFxT3eWxKZiziO4itqqJyvtb9I7K-yIloHoMzattmX1gbiDMrckoMmSiZo6yvJpQxqut7IA8PdPVevcfgw2x36B2y2Ueb7XCgArqB9SLuizw3FbbdzwWRTCygjRLcz1Gsiad-ntksibk0wdgdA8m3kMoj4EWL4KWFeh6hVG6y6XOtBpuNkOVgKsKWf4I8k1rKz4gz89f9tTftyHCeyd_bs0Noa6Q6Qrvy28J-vHNySVVku1LqjTkq16Wy0SOaC5VejmnuTj2-Vtis1Sar541489OhTNglu5eESa_QFMu074hX5yWnAt9XulQkK9XzVXBLhZm_XSh0yK7cPHM-dUk08IYqdIpqKyJ9eEPCGVNnnzz3PxHH1_9BFJPoYsKSXGPLAxhdh0mO-JuFIGOj3CWWSiLaqJd9t_hRLPoqCKWNXnj2q-Ixb2T3z32XnH5r59AWQUjHuoiHrpMZ-2orLbMTfS1BZrfQJpUGOgKg7gCjccwxbFJnukjXiy2JizW1jaLdXzrUHMj9xsha1Phhb4bUDvwPNayO75NPVtEHeYEbQe5qdcfnHnp3wAAAP__OIlWYMAEAAA= HTTP/1.1\r\nHost: directlycascade.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: uid_id2=6dc2531a-6492-4f66-9579-6a294bdd60f8:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl22675059=1; sleca032b4d33c8aea68a4f9b84235614bff=[4323736]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+428c3ee92dc99b5b4a0da7a1d276f630=4323736; expires=Sun, 28 Sep 2025 20:03:46 GMT; path=/; secure; SameSite=None\niprc_l:4323736=1; expires=Sun, 28 Sep 2025 20:03:46 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: directlycascade.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 21ef9ace5c59accd9e54cf13dcb7fa52\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"directlycascade.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"heartilyscales.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 21:31:25 GMT","end":"Sun, 02 Nov 2025 21:31:24 GMT"},"fingerprint":{"sha1":"8C:BC:E6:45:99:A6:42:A8:C3:7C:33:7D:77:C5:9E:C7:70:2A:A9:6C","sha256":"44:0D:F2:B1:46:00:9E:72:AB:F2:58:53:DB:2A:6F:97:C8:DF:54:6F:43:D4:84:F7:D4:6A:D5:F7:8B:ED:15:C2"}}},"request":{"raw":"GET /a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js HTTP/1.1\r\nHost: heartilyscales.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 29927\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: heartilyscales.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e1c40014cc7f2108b261cb74071d5d32\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76303,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"91910be319384c903db3ed58a2c0304b","sha1":"ccf435e479c8da816a0068390abe8599eb06bebb","sha256":"4595582071c01bb311992420e944b745d14ca6d81bf575a354adc55203154e90","sha512":"2b1714ce8b373ccc79a715ce6db36f420b32af41e549bc50d409f966e432c380dc05a0217ac21fd90ce782b7cd9c3f5db4e70af6866ee68396fae91dc4b06150","ssdeep":"768:YpCxicwKzukjCm/hYE4JoYC3ouzBcX2nVrHpSFXcdDqxv1l2qo0uw7T3SPGw6eXt:YppUCQ37rVT0Rcd+9keSPjLYI","tlshash":"8073ea4c3f95f1ad43a26073222f941bf12a1d51b06cf8c8d253e8bc6eb9769b536b14","first_seen":"2025-09-27T05:12:44.346088Z","last_seen":"2025-10-08T06:55:15.870522Z","times_seen":31,"resource_available":true,"data":null}},"time_used":925,"timings":{"blocked":348,"dns":27,"connect":108,"send":0,"wait":116,"receive":108,"ssl":217},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:23:24 GMT","end":"Mon, 08 Dec 2025 04:23:14 GMT"},"fingerprint":{"sha1":"2D:94:96:D6:08:54:E8:A2:4A:A9:D7:90:E4:75:91:6B:AC:CB:AA:24","sha256":"24:50:0C:86:73:A4:E6:6C:AD:20:57:80:86:4E:19:B1:E9:76:7F:2A:BE:CC:E9:75:B2:07:67:62:FA:9B:E7:8D"}}},"request":{"raw":"GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1\r\nHost: maxcdn.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ettv.twoproxy.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncf-ray: 985d9b294f48783d-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"ec3bb52a00e176a7181d454dffaea219\"\r\nlast-modified: Mon, 25 Jan 2021 22:03:59 GMT\r\ncdn-cachedat: 02/25/2025 23:55:13\r\ncdn-proxyver: 1.19\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1077\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 3d6d3e43a53f02c8432187205f960146\r\ncdn-cache: HIT\r\nage: 265770\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":121200,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65371)","md5":"ec3bb52a00e176a7181d454dffaea219","sha1":"6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68","sha256":"f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c","sha512":"e8c5daf01eae68ed7c1e277a6e544c7ad108a0fa877fb531d6d9f2210769b7da88e4e002c7b0be3b72154ebf7cbf01a795c8342ce2dad368bd6351e956195f8b","ssdeep":"768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh","tlshash":"2cc3c7a0f21031ea7333c55a75d0ed872219a153e56a4fb7f22f25d88f845ca1673f1a","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-04-13T13:20:41.112884Z","times_seen":58056,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":40,"dns":0,"connect":2,"send":0,"wait":13,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.123.144.251","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://ettv.twoproxy.net\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=f3a12137-4cd7-4f3a-b7df-bf497e3d0b2d:1:1; expires=Tue, 25 Sep 2035 20:03:44 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"f51e5430479d6622abbf06ccad2c85aa","sha1":"23db5830d7443059bb155dcfb5dde21e4bc3ad61","sha256":"bcf237e67c90834ddfdc4367685beda2fcb63ebeb89901d20ca84d79ad273773","sha512":"7a5a28043e0689887410fb1dd4e138c0e011adfaaa4608b57a75a8e130c880db73570d02a8a5e28a78541023b76fec12dfda71cfb7908c70e811ced085305c6f","ssdeep":"","tlshash":"5490041001054530f4f450001711d4405070d354311751307131c554500050fc4fd535","first_seen":"2025-09-27T20:04:10.558124Z","last_seen":"2025-09-27T20:04:10.558124Z","times_seen":1,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":82,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":50},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.123.144.251","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://ettv.twoproxy.net\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=6dc2531a-6492-4f66-9579-6a294bdd60f8:1:1; expires=Tue, 25 Sep 2035 20:03:44 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"f70d3669e158e63e60de0969b6830e02","sha1":"8f030abc3835f5e9bb8fd48e18fa4e3c6adcfb5d","sha256":"56b12731f58cf13b62c08fa0c9eec1a4f2292b5a1dd483b907d4398ea1ba94c3","sha512":"6c7cc77b1427f3735c7a9a295acc42b0eb0c094876cae9472208434cc201424491b5402d86f59cd17953fc88588d15c3fb7fb6b2edfee8e7a76a87319134a1ff","ssdeep":"","tlshash":"459004754517c1dfd353373fcd1c40141c31d04375043d10c311cc5155414015174010","first_seen":"2025-09-27T20:04:10.559713Z","last_seen":"2025-09-27T20:04:10.559713Z","times_seen":1,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":24,"send":0,"wait":24,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bvtpk.com/tag.min.js","fqdn":"bvtpk.com","domain":"bvtpk.com","tld":"com"},"ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bvtpk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 16:15:33 GMT","end":"Mon, 08 Dec 2025 17:13:51 GMT"},"fingerprint":{"sha1":"57:53:1B:12:8D:B5:A7:B6:96:E2:B4:FE:90:A1:D8:FA:24:94:9A:B9","sha256":"4E:2A:10:4F:06:F6:4E:34:B3:5A:E6:9B:A2:C7:FC:B2:A4:7D:55:44:3D:06:2B:38:35:A7:52:1D:F2:4E:80:5E"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: bvtpk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-trace-id: ea6c145b5530625a613ef841af260cc3\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 357\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 27 Sep 2025 19:57:46 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D0oRkoWTxVnDfXR18kPjldxxlWMbYPDapB2eCpYdTGSoT8Fz9kvYKZ7px%2F0Y%2BLbCopOSGYlEdxAHO0H9hOlp7edjujCgQWo%3D\"}]}\r\ncf-ray: 985d9b2c4ba4b4ff-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":109903,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"59a5f86b0896f3b179053de2d9ad97bd","sha1":"cfefb6dc560a50701ba8a97a39c79c267b630061","sha256":"cafbe60713779c1b07efd752cccb2fd6a6c33555b268d9bd2aa1135e5d71f6f9","sha512":"009f00c38e04e88946cf5a23a1c59b8da97b3caaa2583517a371de96e8684125f11a1f7d3981d49e8f1df99eddc94635c7e50b3cf89feaceaad1c187c24d60f3","ssdeep":"1536:KORV5n7I9pN5MStR8L6Ru5HjQdXog6wTEDtr0r0:KORVd4n+qvXoRGEhr0r0","tlshash":"4eb31a9c625734711d7a9129785fc44daeeaef80048e89e4d0daac732653071d3bbfe8","first_seen":"2025-09-26T05:58:13.470734Z","last_seen":"2025-09-29T04:18:53.816115Z","times_seen":92,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":0,"dns":3,"connect":2,"send":0,"wait":8,"receive":0,"ssl":65},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/b/?https://ettv.twoproxy.net/themes/superAwesome/darkOverride.css?v=1640879548","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /b/?https://ettv.twoproxy.net/themes/superAwesome/darkOverride.css?v=1640879548 HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://ettv.twoproxy.net/themes/superAwesome/darkOverride.css?v=1640879548\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nnSYk79eBs3N23iQv55ZjV8U2iNClwkUOuwZi7VL7I8%2FsoMgt69nnaaZ5yQBSXSl6s%2F89oZ4qPLyOOPB6Rr5t3rL%2B4P2ep%2FQnE7tzVfYfmCc\"}]}\r\ncf-ray: 985d9b281e3b5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1092,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@400\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css2?family=Roboto:wght@400\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 27 Sep 2025 20:03:44 GMT\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5746,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"017672004526d49c616a83a1885ca6cb","sha1":"317c4a759af5149d1777a5c195c2030c842d4b70","sha256":"6ad67efe8c01a7f843a39344a43ca877e30726dd0cae6db3ce719a22a63bbc70","sha512":"f1dbb144b98e0a05fcaefd0367bb48be095ce28add6c7e8e8ac4d6b4b31dd76e2a7edaa4587bb78841aac8d679c53ba06e7a98775e9c6eaeee11c18c4f251ed7","ssdeep":"96:1OEbaNllOEbaNsFZKOEbaNWOEbaNVTOEbaNVy+aZjzBrgOEbaNIubqGIFuV4yOE6:2NlmNMNVNVkNVqbNfbqGIwV4BNdNzwNY","tlshash":"9bc1fd91041704409b835cd227ce7f34fe1f92116544d0b9abfc9b6beddbda6426836e","first_seen":"2025-09-08T23:56:02.073922Z","last_seen":"2026-03-05T16:22:21.514891Z","times_seen":5277,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":70,"dns":0,"connect":15,"send":0,"wait":33,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.123.144.251","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://ettv.twoproxy.net\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=791296aa-012b-43b3-888d-22d9e5ec171f:3:1; expires=Tue, 25 Sep 2035 20:03:44 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"4cd18d2a55026a4251157186c243d3c6","sha1":"b5bec044cf3b0863b215b2850385518bbf168111","sha256":"6eb86c2d619521a94225b5c4be84277dc30ff19def69676c942d7ea29eec460b","sha512":"54138dcff94e2358d3729927a2c6ad4a3e7bbaffc2ad02fc601e4ee459478fb554f8f2b78087b0c036276a566d9f1f4c6ca962370b8ac4e6cb836539df5d358c","ssdeep":"","tlshash":"0a9004157047053c041504dc7f15f141450c3411cc1d00435413f0df47c030c71000c7","first_seen":"2025-09-27T20:04:10.563106Z","last_seen":"2025-09-27T20:04:10.563106Z","times_seen":1,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":119,"dns":4,"connect":24,"send":0,"wait":25,"receive":0,"ssl":91},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icon.dt.bmndx.com/v2/480/129c34b5-9bdd-11f0-a052-a631c4c596a8/1/ic","fqdn":"icon.dt.bmndx.com","domain":"bmndx.com","tld":"com"},"ip":{"addr":"185.111.111.159","port":443,"asn":212238,"as":"Datacamp Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"icon.dt.bmndx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 00:12:36 GMT","end":"Thu, 27 Nov 2025 00:12:35 GMT"},"fingerprint":{"sha1":"9A:25:B4:19:00:80:B1:57:2B:CC:6C:0C:10:6F:77:E6:30:3B:8D:4D","sha256":"11:A7:F7:84:06:37:39:04:E0:4B:FE:8B:56:E9:63:5C:10:AA:06:7D:73:6E:04:86:7A:E7:61:B4:30:32:84:DB"}}},"request":{"raw":"GET /v2/480/129c34b5-9bdd-11f0-a052-a631c4c596a8/1/ic HTTP/1.1\r\nHost: icon.dt.bmndx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-length: 0\r\nlocation: https://cdn4.mndx1.com/icon_113558195553538_889.png\r\nserver: BunnyCDN-DE1-1333\r\ncdn-pullzone: 1365464\r\ncdn-uid: 5ceed8e7-cd08-4fa9-9fd5-2c309512d291\r\ncdn-requestcountrycode: NO\r\ncache-control: no-store, must-revalidate, no-cache, max-age=0\r\npragma: no-cache\r\ncdn-proxyver: 1.34\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 302\r\ncdn-cachedat: 09/27/2025 20:03:45\r\ncdn-edgestorageid: 1077\r\ncdn-requestid: 4c60542624b6cd3464695e31c5b897be\r\ncdn-cache: MISS\r\ncdn-status: 302\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":53793,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":68,"dns":5,"connect":28,"send":0,"wait":133,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-13365\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EdGv2J1HirxJD5%2BEu%2BXSOeqI8DGL%2BhNpFAA9mYDUCmBs%2BAFepj3iKc8CHCH6qPOo%2FnglVqhmz5bHQleCUxLDg8l9BDbTLSBpZutDOKPm\"}]}\r\ncf-ray: 985d9b338f3456bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78693,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"5982c5377696d20476871062646b253f","sha1":"8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242","sha256":"4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4","sha512":"92592dac2a817293e8ec1d94bf99df639626a90d524420b01a12210398927c0650cc26fa8e730300096b29961563aa02efb707478c6d51ac8616bb1bde5a0cb2","ssdeep":"384:jvuAuF81dghu3uFlZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uhu7uNKwZiMUL6Vpaj7F","tlshash":"1d731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-02-12T20:28:38Z","last_seen":"2026-04-13T12:30:49.468141Z","times_seen":6480,"resource_available":false,"data":null}},"time_used":421,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":420,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vmuid.com/script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8","fqdn":"vmuid.com","domain":"vmuid.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vmuid.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Sep 2025 01:59:37 GMT","end":"Mon, 15 Dec 2025 01:59:36 GMT"},"fingerprint":{"sha1":"84:BD:C5:EF:9D:1D:34:8C:A0:22:2D:D2:FB:A2:D3:F5:74:5F:7A:90","sha256":"30:7E:44:EB:16:94:91:A3:8A:D6:C1:32:D3:2D:D0:B9:A7:40:77:14:44:AB:8F:B5:EE:45:E6:8B:43:50:B5:55"}}},"request":{"raw":"GET /script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1\r\nHost: vmuid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: text/javascript\r\nContent-Length: 10178\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10178,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (10178), with no line terminators","md5":"dedd352338543b137f608adc8d0d4aa8","sha1":"100edb4e8fef9b6da043d51135077e68d2a61b22","sha256":"b338a91ba1d2ab7c3a7a0dd659426f5ffa4cd699be38e2bed5075c4d3e773a48","sha512":"e2fab4d95d5baa013a7c248945156524478341282dcffc462fb2de318f55ba29dcafba0db3abcfb6399c6164f6f630f06d48a7323b73f8ea05d5978cd60a4c5c","ssdeep":"192:ATn+ip4qxJ/gzuvu3fo8idwqnOqgStYc1qRP44+PHlCXXZE7904AxF:YbRJYz3oe+3tYGGx+NGXZCAn","tlshash":"2b22b5c9b2d2f06443d77161942f2007f23b2869b54dc498eb66e8d3bcb045ea227f79","first_seen":"2024-01-26T05:18:07Z","last_seen":"2025-12-29T12:17:25.567723Z","times_seen":3656,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":3,"connect":24,"send":0,"wait":25,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/rtb/ab/1/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/notifications/rtb/ab/1/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Mon, 02 Sep 2024 18:08:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"66d5ff28-10a2\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o43sUBiDYHvua38VjNdiP29ypPv90HKyigN57IQlRq3kjaly70DdyrHcmBzZQvgv069ykMy6o%2FwHNVo6zwseSsUGI8oUkCy%2BCJG3gQGF\"}]}\r\ncf-ray: 985d9b31edaa56bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4258,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"fe87ecce09725eec64e5e8d614dc8573","sha1":"414b921d47d4466b6557e399e97b575c70160e49","sha256":"e3f1528a311ff9bbcf8eb03a4e92e6f3bfc7512581a6f2d7d6af491f6c730e52","sha512":"95730a0eb390aac2c9c33506fdf9707faf34fcbbf7f98e126b605bc93f6a0980ace587121839bb7116e4cdb33bd4321be0d64d440ae256b24120604ccd1593bd","ssdeep":"96:17vTMXkGMT4Rq4kHhvevIiQBMXNmJxMX5eiN70QHjbmYIazFw3IGANH:VMXysRZkHh2vyMX4JxMX5vQGjbrlzFkm","tlshash":"be91f2562a771a04b507d46a2f662707272940179b4fe9283fc277488fca69cd1e37cf","first_seen":"2025-06-11T18:18:27.745117Z","last_seen":"2026-03-08T11:20:39.006235Z","times_seen":218,"resource_available":false,"data":null}},"time_used":596,"timings":{"blocked":81,"dns":3,"connect":3,"send":0,"wait":434,"receive":0,"ssl":73},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/rtb/ab/1/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/notifications/rtb/ab/1/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Mon, 02 Sep 2024 18:08:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=66Gj4vmGqVbjBTxvRunttCiYeukUjlDVmhzgutBjoWZZsMcqDLHIaVv4FDiXVM103oC6RvIcFW8JVYOEBK%2FEqrSDAaoxWiXXE%2B%2B5tMj1\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"66d5ff2e-175\"\r\ncontent-encoding: br\r\ncf-ray: 985d9b31bd7d56bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":373,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"6325b79d4d99fef731815edb75b001fb","sha1":"39e12236b659ac6b168acd6d36d6f03d381abf91","sha256":"d3f390f0e5ee797dbba93ea6c3b74c2a4d0ccfc52687a2b37db6929993501eb4","sha512":"8e7cdc34c522673f3fe8e2133cdce8f937f6b7a2ec4c6536a41dce91531a15bd462277b139b3b857dbf61742a6e74b1d4a15d49161dd965e9d00630091a011a8","ssdeep":"","tlshash":"e6e0613422354270c7f7d19262cb27df1730465ed00a021e701c435f1ce1f6222c1e9b","first_seen":"2023-04-13T11:01:35Z","last_seen":"2026-03-08T11:20:38.907247Z","times_seen":324,"resource_available":false,"data":null}},"time_used":537,"timings":{"blocked":45,"dns":3,"connect":3,"send":0,"wait":445,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Frtb%2Fab%2F1%2Fjs%2Fscript.js\u0026l=373\u0026fd=495","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Frtb%2Fab%2F1%2Fjs%2Fscript.js\u0026l=373\u0026fd=495 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/themes/superAwesome/images/logo.png","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /themes/superAwesome/images/logo.png HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Sat, 27 Sep 2025 20:03:44 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b5cWF1NU8qFitEtFT8vyqmL%2FDagLlmcw03lvbtRGL63QzjW7yRcNUAAIddANIAlVxkZvf2JDZjkpvcyXs0X5n6tHF3nB9Q%2F9zfnjDU%2BzZsJv\"}]}\r\ncf-ray: 985d9b281e415ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40724,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 191 x 53, 8-bit/color RGBA, non-interlaced","md5":"64193fda5c4ae1350235912b9a2a9865","sha1":"b0de796c7449471d610bfa34d5535774e77f5ced","sha256":"c9567f61d9c03e950d9339d27231f91a69381608c79ab23a95746d257380a490","sha512":"aaab71fc76dfdf750f452a302505c45397009e29f3dd47d0473ee713c6c3778b936aca02bc1c69ca56420174437560fd970f1f40dd5e0b6551c3945319a8e514","ssdeep":"384:V+7nmAOAQrbGvprF9KNIeTfu8mJVjK5KyhlEQp/bqgMubCMQxGJuvbB0PJyhdEl3:o7maNHmIeTzN8C/bvMcC7ftDhdXq3","tlshash":"41036a1177e2aa12e05492388f91e7741322fc8c9737831b76d1ae9b3e9db935d162f0","first_seen":"2023-05-14T11:10:34Z","last_seen":"2026-03-29T19:26:08.547669Z","times_seen":29,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/images/categories/site_graphics/tagline.png","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /images/categories/site_graphics/tagline.png HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\ncf-cache-status: BYPASS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YvnzgLzMkOPryismW32yAMFfzsoAk5vybl54HZf3SBpOQwPFttIr4pa6JD7D0sUsY6Vp%2FP5GUO0Z5Bx%2F5xq5GEOb7NIg9zurC%2BVTt4wlP%2BTN\"}]}\r\nset-cookie: view=1; Max-Age=86400; Expires=Sun, 28 Sep 2025 20:03:44 GMT\nPHPSESSID=7fgmnt1g4ibqnctajeb2ke1qtt; Path=/\r\ncf-ray: 985d9b281e455ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8586,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 191 x 50, 8-bit/color RGBA, non-interlaced","md5":"d9ec97d1c738cc560e3598c18d4279c7","sha1":"f7cae498c0fd509ea1254a2a7fa40ba4adfe3025","sha256":"0e212631d2943a0c8ab48b2843df539085c89bf23d10e96be3789ef384e0f77b","sha512":"8c43a02f26b600480e22b3b8839202ee0d828734f3d21ac52e87f2d1b86e2a74a05b0edd0866ebb34d7a51ae7283515eb89c498bf298c62d0a20c507cddfcd82","ssdeep":"192:VSC3n+bh79Qv+chRGR+qYnpRVv2f61vZ/nTC2fr6PLWX6FYx:0L79QXh8R+jnJeovZO2T6iX6o","tlshash":"1602a0dc2f93263f10620c08f0ad06d8802f5bad7fda3b04a6559c3da43a5d60879b77","first_seen":"2023-05-14T11:10:34Z","last_seen":"2026-03-29T19:26:08.566104Z","times_seen":29,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/2f/d2/30/2fd230184f9add96378a4e3b877096dc/1680149814.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Sep 2025 02:32:56 GMT","end":"Sun, 07 Dec 2025 02:32:55 GMT"},"fingerprint":{"sha1":"F2:37:25:60:C4:34:06:EB:37:74:9F:D1:9C:FE:63:47:1F:30:4C:58","sha256":"AA:72:28:9B:C9:B7:77:AB:D7:89:4F:AC:CB:86:72:85:1D:1B:E5:15:4D:07:7B:D9:77:0F:D5:BE:92:06:8D:71"}}},"request":{"raw":"GET /si/2f/d2/30/2fd230184f9add96378a4e3b877096dc/1680149814.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 90423\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 30 Mar 2023 04:17:03 GMT\r\netag: \"64250d3f-16137\"\r\nexpires: Mon, 29 Sep 2025 20:03:46 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":90423,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"b94ddc39cf647a5388cb1de541a2a069","sha1":"8e26ee8b4f0524f8aed42f40c6f1b27bcb4b1f14","sha256":"44086e75b8415c02b421630e1d39698d72dbc015718f499f0e1bfeab9fd79d91","sha512":"1ccd5d961861bf7daf5abade81061240677585a1829d45e6d67dcbb3bd1193efdadabb5298f703417c41d54aebb2da69656cf3e02d27bde74512a6ccac73250e","ssdeep":"1536:88M4ztR5y8kYp5nIe2/gWF0LVXxdO9kdaZjvYALzjhPvPB8hnRJ3lEViCbcZb83j:bI8kze2hFCBA9k0hvYoFPhCT3aAqcZoT","tlshash":"17931233ac1f149a437881a55a0975d2cc9c72f80b6b898f531cecb5bcb279c5178376","first_seen":"2023-06-24T15:48:47Z","last_seen":"2026-04-13T14:10:23.816781Z","times_seen":824,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":35,"dns":0,"connect":0,"send":0,"wait":73,"receive":32,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fanimate.css\u0026l=78693\u0026fd=423","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fanimate.css\u0026l=78693\u0026fd=423 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":206,"timings":{"blocked":84,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/b/?https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /b/?https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9mvJDyD2ycEeIbi3%2BDpWDHkIYOtOWADCoQ46zAYAbrpuzm9OjcQE%2FQl3Ra2xGvOwZRSEb36CL4pu2GsP8bo%2FQ6IcDTMMepstIcQZcDwPabcL\"}]}\r\ncf-ray: 985d9b281e3e5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31000,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"msdoj.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8","fqdn":"msdoj.com","domain":"msdoj.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"msdoj.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 00:32:12 GMT","end":"Fri, 28 Nov 2025 00:32:11 GMT"},"fingerprint":{"sha1":"A8:56:C4:4B:26:AD:D5:72:31:67:E8:75:28:D7:6C:F5:D6:A1:E2:B5","sha256":"65:DA:95:54:55:5B:C8:18:65:43:99:33:52:5B:EF:99:EF:5E:0F:AC:FB:6E:F7:6A:27:0B:3B:6A:69:3C:78:C7"}}},"request":{"raw":"GET /sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1\r\nHost: msdoj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ettv.twoproxy.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: text/javascript\r\nContent-Length: 64136\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64136,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (64136), with no line terminators","md5":"60c97fea9bdf1e9f554c1636479bc30a","sha1":"dad886a6d18aa54b67983fccc2a8673e97f0f245","sha256":"2c11638b4024cd61524eb315ebed3af3a6326ab872750235f5200a93c2f4ac16","sha512":"cb8b33d91adcae6beba8ccff75c82c61887ff94544bccba8c34981e5ae40870076f3727f8aeb515e057cedc70cec40048eb0b37421d12a3e455d881906a2c851","ssdeep":"768:hCflSCRC850RCX+4D+R8WyX+86wA6C8CflJu4sTJ+zaXeXgtA9zk4sTJ+HXJpZ6I:qvV50gPowAzJfTqIF","tlshash":"4053d698b5d2f1a102c370b8543f6106b2366929248dc098f7b5ded5ad78d6ea633f3c","first_seen":"2025-09-27T20:04:10.570575Z","last_seen":"2025-09-27T20:04:10.570575Z","times_seen":1,"resource_available":true,"data":null}},"time_used":226,"timings":{"blocked":77,"dns":0,"connect":24,"send":0,"wait":48,"receive":24,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:07:02 GMT","end":"Sat, 29 Nov 2025 00:07:01 GMT"},"fingerprint":{"sha1":"AD:4F:15:9E:60:62:A7:16:BA:4B:37:64:C6:01:6B:2B:99:47:89:BE","sha256":"44:74:EA:98:35:48:9C:28:63:20:61:17:18:F6:2B:0A:57:68:36:F4:EF:B0:67:1E:C0:7C:41:30:13:2C:02:F1"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 17ddecb1069ca0e97e92f15d0b808b28\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":115,"timings":{"blocked":0,"dns":0,"connect":28,"send":0,"wait":25,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=6dc2531a-6492-4f66-9579-6a294bdd60f8\u0026eb=bcc2bf15b54b9ef4041d8328a3a75221\u0026te=cb12021f3311658dba63bcdbf4a88a26\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=2200540f09f939738419313a1a090c32\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=20","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 21:53:17 GMT","end":"Fri, 28 Nov 2025 21:53:16 GMT"},"fingerprint":{"sha1":"AA:2A:FC:C2:EE:01:8F:55:3F:19:46:84:4A:C8:A0:95:62:50:5C:A3","sha256":"3D:8C:1A:2E:1F:32:30:D4:D8:4F:D2:FB:CC:99:F1:9C:05:E5:7B:D8:9D:7D:24:86:AD:C5:1E:62:55:44:A4:CA"}}},"request":{"raw":"GET /pxf.gif?uuid=6dc2531a-6492-4f66-9579-6a294bdd60f8\u0026eb=bcc2bf15b54b9ef4041d8328a3a75221\u0026te=cb12021f3311658dba63bcdbf4a88a26\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=2200540f09f939738419313a1a090c32\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=20 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:45 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 66ac3fa6e1e1c1c5c95ce3cd3c9967aa\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":765,"timings":{"blocked":327,"dns":0,"connect":108,"send":0,"wait":110,"receive":0,"ssl":219},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/2f/d2/30/2fd230184f9add96378a4e3b877096dc/1680149814.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Sep 2025 02:32:56 GMT","end":"Sun, 07 Dec 2025 02:32:55 GMT"},"fingerprint":{"sha1":"F2:37:25:60:C4:34:06:EB:37:74:9F:D1:9C:FE:63:47:1F:30:4C:58","sha256":"AA:72:28:9B:C9:B7:77:AB:D7:89:4F:AC:CB:86:72:85:1D:1B:E5:15:4D:07:7B:D9:77:0F:D5:BE:92:06:8D:71"}}},"request":{"raw":"GET /si/2f/d2/30/2fd230184f9add96378a4e3b877096dc/1680149814.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 90423\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 30 Mar 2023 04:17:03 GMT\r\netag: \"64250d3f-16137\"\r\nexpires: Mon, 29 Sep 2025 20:03:46 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":90423,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"b94ddc39cf647a5388cb1de541a2a069","sha1":"8e26ee8b4f0524f8aed42f40c6f1b27bcb4b1f14","sha256":"44086e75b8415c02b421630e1d39698d72dbc015718f499f0e1bfeab9fd79d91","sha512":"1ccd5d961861bf7daf5abade81061240677585a1829d45e6d67dcbb3bd1193efdadabb5298f703417c41d54aebb2da69656cf3e02d27bde74512a6ccac73250e","ssdeep":"1536:88M4ztR5y8kYp5nIe2/gWF0LVXxdO9kdaZjvYALzjhPvPB8hnRJ3lEViCbcZb83j:bI8kze2hFCBA9k0hvYoFPhCT3aAqcZoT","tlshash":"17931233ac1f149a437881a55a0975d2cc9c72f80b6b898f531cecb5bcb279c5178376","first_seen":"2023-06-24T15:48:47Z","last_seen":"2026-04-13T14:10:23.816781Z","times_seen":824,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":46,"dns":4,"connect":20,"send":0,"wait":19,"receive":55,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Frtb%2Fab%2F1%2Fcss%2Fstyle.css\u0026l=4258\u0026fd=520","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Frtb%2Fab%2F1%2Fcss%2Fstyle.css\u0026l=4258\u0026fd=520 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":149,"timings":{"blocked":57,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"heartilyscales.com/impr.gif?sid=H4sIAAAAAAAC_6STTYgkSRXHo3pFFj2ICoIfi-HWIgpbVZlZWVWZs4dmvqmd3u5mpmUEEY2vrI6pzIg0IrKyp_GwOLLsnrbnpl7MftU946wNo7e-KEvV3AqEKT1MHeyLF_W2IosHD1Ld7e4K3uYdIl7yf_zf7z0y3tovTlAbCrLYfEPvyjQlrU7Tw9-6LRXXpcXrW9j3mt5r-LZU3fA1vLM8zOiC3w6b3rfxdcGGuhV4vuf5no-vSSMSvdM6VUHmR5HfjDvNyG_6cQg75n-_bVEDS2rARyfoCyD5_HN_Sb4Hkk1AZb-5IuzQ6fzVq1mREqcNjPjD76ih0qWC7OM0MTVI1MPzatB2jtDPVkCrh-cTgB4dLCcAKudo5Ut_BqoenmMCHR2ekdIUhALKPwvlaAIinYAkE2D6Hkj-FAEwDusboLIH69qU5O6ZSpbqHH36n38DWc7Ri19DoLKjjUsbt_BGLtS6cLCTVCB3JiAHE8iLKbjdFZDlFJj7CUj-B9T6cA1UdrBhUw2SL17pxX4QdwlpeH5AG2GbthtRFPFGEPBYdATze35yuiCZTIDYF6CwNShkDYpkBYp8BTK-wAFnwu8FIqJJt9vrepHf9bthwKOA8yCOQyjYknwPXL4HLN0DZt6E3LwJQ3n_qfcVMMX7YLcrsLwG1iEY8QpKgaC0CEqCoJQISoegHFWHPLWBrR7w1BbUP7-D87tdjbUb7JND7QZCISBmDwyvDmT-I3sPmKuNdxOLxnp5EOqqMaG82s9P0OdP9_rBdz-EoVhgEkTd2At6sU96ScjiiDLqi8gP2kHAeC8CKyuQdgWIrcGunKNadQK5nCP07jOgZAo2nQKTLwMpXgJSVkC2K9hVR4WiqWZDwZuSA9cV5O5T4O7W9tMT9NVTguClv4Ngs9XH5k__-OXvS2CmgtxUcEc-QTBI3x7f1CU6uKlLi367kTuZyV3ipFa3HHECvXdD3C214f0rdu_RRbYUlunRlrBujSgu1cCiX1-SnAtzTRsm0O_69ragm4XdvlQYVeRrm5ev9bPcCGulVhMg8in7NzA5Ry--85nT__nLT_ogzRRMsehvO5fbC62WNaMmd02aKb7TZDprjYJWGHktP4hZO6SdRkw5b_h-4jWI1wkapNv2Wcg6cZdELb_FUsiK2ep9e_xDhBCw_KeP6_W1izevX_1B_42L16_W64sb_20lMzIQz9NMZr-q1_uXN9br9cXrH7kyrZ7LlD2q17f6W2tL1gu3psd5LtI8JdbiH-Mbd6bHObbOCOFKQQweptMHBusBvqMHA2GHGufTQ6yEc4_r9StXb12-2d_c6p8Svvt6oYZ3ieFYGCwUtk6nDqdiJAxRfHpsMBl9wrpxZi3xujZcqCa-JpXCyfTYWCeGSx5h_0_7xBDMBbburBBnwgyFEq9iOj3k4iM6rAdg89nq0b-efX3-wXtgNQKTztB5AM1rUBbV2AR0tpq99fKTzW--MzY0ma3e3zbvLytSOUff_-sXIRWz1Uc_X8YvgNAKrPiEy8f52JBi8Qqhoeh1vaDht0XUCOOQNCgXSSP2ep2Yx9TvxeHYEFnt27dhYGpA3D1QWQUjU8EorYCke2CLF8YuN7PVP7ZPA2haG9PU1A5oatL7Zy_PygVmtENEyLpBRLwoDGnb63U9Enoi6VE_6vjg7Hz72eVv_CcAAP__A0gsa8YGAAA=","fqdn":"heartilyscales.com","domain":"heartilyscales.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"heartilyscales.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 21:31:25 GMT","end":"Sun, 02 Nov 2025 21:31:24 GMT"},"fingerprint":{"sha1":"8C:BC:E6:45:99:A6:42:A8:C3:7C:33:7D:77:C5:9E:C7:70:2A:A9:6C","sha256":"44:0D:F2:B1:46:00:9E:72:AB:F2:58:53:DB:2A:6F:97:C8:DF:54:6F:43:D4:84:F7:D4:6A:D5:F7:8B:ED:15:C2"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_6STTYgkSRXHo3pFFj2ICoIfi-HWIgpbVZlZWVWZs4dmvqmd3u5mpmUEEY2vrI6pzIg0IrKyp_GwOLLsnrbnpl7MftU946wNo7e-KEvV3AqEKT1MHeyLF_W2IosHD1Ld7e4K3uYdIl7yf_zf7z0y3tovTlAbCrLYfEPvyjQlrU7Tw9-6LRXXpcXrW9j3mt5r-LZU3fA1vLM8zOiC3w6b3rfxdcGGuhV4vuf5no-vSSMSvdM6VUHmR5HfjDvNyG_6cQg75n-_bVEDS2rARyfoCyD5_HN_Sb4Hkk1AZb-5IuzQ6fzVq1mREqcNjPjD76ih0qWC7OM0MTVI1MPzatB2jtDPVkCrh-cTgB4dLCcAKudo5Ut_BqoenmMCHR2ekdIUhALKPwvlaAIinYAkE2D6Hkj-FAEwDusboLIH69qU5O6ZSpbqHH36n38DWc7Ri19DoLKjjUsbt_BGLtS6cLCTVCB3JiAHE8iLKbjdFZDlFJj7CUj-B9T6cA1UdrBhUw2SL17pxX4QdwlpeH5AG2GbthtRFPFGEPBYdATze35yuiCZTIDYF6CwNShkDYpkBYp8BTK-wAFnwu8FIqJJt9vrepHf9bthwKOA8yCOQyjYknwPXL4HLN0DZt6E3LwJQ3n_qfcVMMX7YLcrsLwG1iEY8QpKgaC0CEqCoJQISoegHFWHPLWBrR7w1BbUP7-D87tdjbUb7JND7QZCISBmDwyvDmT-I3sPmKuNdxOLxnp5EOqqMaG82s9P0OdP9_rBdz-EoVhgEkTd2At6sU96ScjiiDLqi8gP2kHAeC8CKyuQdgWIrcGunKNadQK5nCP07jOgZAo2nQKTLwMpXgJSVkC2K9hVR4WiqWZDwZuSA9cV5O5T4O7W9tMT9NVTguClv4Ngs9XH5k__-OXvS2CmgtxUcEc-QTBI3x7f1CU6uKlLi367kTuZyV3ipFa3HHECvXdD3C214f0rdu_RRbYUlunRlrBujSgu1cCiX1-SnAtzTRsm0O_69ragm4XdvlQYVeRrm5ev9bPcCGulVhMg8in7NzA5Ry--85nT__nLT_ogzRRMsehvO5fbC62WNaMmd02aKb7TZDprjYJWGHktP4hZO6SdRkw5b_h-4jWI1wkapNv2Wcg6cZdELb_FUsiK2ep9e_xDhBCw_KeP6_W1izevX_1B_42L16_W64sb_20lMzIQz9NMZr-q1_uXN9br9cXrH7kyrZ7LlD2q17f6W2tL1gu3psd5LtI8JdbiH-Mbd6bHObbOCOFKQQweptMHBusBvqMHA2GHGufTQ6yEc4_r9StXb12-2d_c6p8Svvt6oYZ3ieFYGCwUtk6nDqdiJAxRfHpsMBl9wrpxZi3xujZcqCa-JpXCyfTYWCeGSx5h_0_7xBDMBbburBBnwgyFEq9iOj3k4iM6rAdg89nq0b-efX3-wXtgNQKTztB5AM1rUBbV2AR0tpq99fKTzW--MzY0ma3e3zbvLytSOUff_-sXIRWz1Uc_X8YvgNAKrPiEy8f52JBi8Qqhoeh1vaDht0XUCOOQNCgXSSP2ep2Yx9TvxeHYEFnt27dhYGpA3D1QWQUjU8EorYCke2CLF8YuN7PVP7ZPA2haG9PU1A5oatL7Zy_PygVmtENEyLpBRLwoDGnb63U9Enoi6VE_6vjg7Hz72eVv_CcAAP__A0gsa8YGAAA= HTTP/1.1\r\nHost: heartilyscales.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: uid_id2=f3a12137-4cd7-4f3a-b7df-bf497e3d0b2d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl15816950=1; sleca286902791a7f4c98bcb1e812322cd78=[3284458]; u_pl22675059=1; sleca032b4d33c8aea68a4f9b84235614bff=[4323736]; iprc_l+428c3ee92dc99b5b4a0da7a1d276f630=4323736; iprc_l:4323736=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+aa2b963b0e22e3540fa7a56f740faca7=3284458; expires=Sun, 28 Sep 2025 20:03:46 GMT; path=/; secure; SameSite=None\niprc_l:3284458=1; expires=Sun, 28 Sep 2025 20:03:46 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 4\r\nHost: heartilyscales.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 20af2d273578b865977ca323ea01c1b6\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"heartilyscales.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 22 Sep 2025 23:17:32 GMT\r\nexpires: Tue, 22 Sep 2026 23:17:32 GMT\r\ncache-control: public, max-age=31536000\r\nage: 420374\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-13T13:11:23.896471Z","times_seen":733997,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":15,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/b/?https://ettv.twoproxy.net/favicon.ico","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /b/?https://ettv.twoproxy.net/favicon.ico HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: PHPSESSID=67m7k645omgnejoshjhqth2uja; cf_clearance=ZeUv.gyvbVoSDwPAA69zTt3gl7E.pEO5kiNRUFjNeiw-1759003424-1.2.1.1-HlhW.vZVEHTajj3085u0f5Kuovp.UiP9XSP17rmezkrWDPkHoBlaZFrV3MPkBaitsKbjBEUys2dnpQXgxR2JugyolCso3ymI6SihS2EIA.1L7QcQ3oXXCrHX349ldq8j0Du15Wm.cxQdudPNBeeeA_l9BWVF8zRkGMTSU.k2XE9WKX1Pkd0WBYckfd5VHajeEeQ9h3XeKyiNWUHR9NRFztbRA1IVE8tLvDXNX0UnsqU; dom3ic8zudi28v8lr6fgphwffqoz0j6c=6dc2531a-6492-4f66-9579-6a294bdd60f8%3A1%3A1; sb_main_a286902791a7f4c98bcb1e812322cd78=1; sb_count_a286902791a7f4c98bcb1e812322cd78=1; sb_main_a032b4d33c8aea68a4f9b84235614bff=1; sb_count_a032b4d33c8aea68a4f9b84235614bff=2; pp_main_2200540f09f939738419313a1a090c32=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=heartilyscales.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\nserver: cloudflare\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlocation: https://ettv.twoproxy.net/favicon.ico\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rQhzDCOcVBSVJW15zOkwz%2BMOHagNkspq4sjGDIJQNap%2F5lriuEjSri7fNGiQvLyP1tLZZHK8fW42qf7fv0%2F7L3isYVbBHnjI6G3hKam%2Bjw%3D%3D\"}]}\r\ncf-ray: 985d9b37894056c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:44 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 92399f3ef61e7ae0241bcdfec2f105e0\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":26,"send":0,"wait":26,"receive":25,"ssl":54},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"x3os.com/5/9914495/?oo=1\u0026js_build=iclick-v1.1578.0\u0026userId=0802514b8b3740c3e01162d0ac9e0668\u0026dmn=bvtpk.com\u0026tt=2\u0026ix=0","fqdn":"x3os.com","domain":"x3os.com","tld":"com"},"ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"x3os.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Jul 2025 05:11:12 GMT","end":"Thu, 09 Oct 2025 05:11:11 GMT"},"fingerprint":{"sha1":"C3:E5:15:D4:B8:A1:30:A0:FB:97:52:5D:74:50:39:2F:59:1E:83:34","sha256":"A4:E9:4B:9F:89:07:AD:91:43:31:0E:8E:CC:2D:6B:B1:98:D4:72:7B:81:BE:78:81:F5:E2:AC:32:8D:C9:A3:6B"}}},"request":{"raw":"POST /5/9914495/?oo=1\u0026js_build=iclick-v1.1578.0\u0026userId=0802514b8b3740c3e01162d0ac9e0668\u0026dmn=bvtpk.com\u0026tt=2\u0026ix=0 HTTP/1.1\r\nHost: x3os.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2578\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://ettv.twoproxy.net\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":204,"timings":{"blocked":85,"dns":2,"connect":26,"send":0,"wait":34,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"x3os.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 27 Sep 2025 20:03:45 GMT\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"a90fc2bf15e304ef3fa4e7f75b6a8608","sha1":"0f8c2853b49a7c206d75af99117482d80a60f869","sha256":"6e10be4b6befecf6f3d1ae34b727939e6da334a1f2d815fd325ba9c455520772","sha512":"0d1a14e11c436dadf51cc489592867eaff3cae2c4a95748d2a25614c984560ad3588fb95e2aaafd4060d4954594951d09e71ab36e9859fb8590198811f156fc4","ssdeep":"384:pwf5wgwPwrwyUw/qY4+w4wYwpwfMw1wWw6wyhw/qY4XwNwtw4wfdwkwDw3wyQw/P:pc70afUQRptmJKBLfhQE8YTYHw+fQQVl","tlshash":"b472ed91041700009b835ce223cebf35fe5f92117141d0b9abfd9b6badcbc6652693ad","first_seen":"2025-09-08T23:24:40.129975Z","last_seen":"2025-11-18T23:33:55.863403Z","times_seen":3582,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 27 Sep 2025 20:03:46 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-102f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HCwc7LnleTHmpw28fnJgCLTU1%2BP%2B7I7Ena%2BrE0d26lH%2B6jxVJmslMhcB7dfKhDLs73rGgYzwWbM9QCbLj8vO8zOtGQJvVkLjrnI%2B9JBb\"}]}\r\ncf-ray: 985d9b339d81b512-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4143,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"42edbe7ea0d50c15a58bcf3cd1f43df2","sha1":"5a96da3c26cc968e5d1e60959aaaf5bad7e69e0c","sha256":"e12dbbf55a5eca972392177c56db92c2d803a1f3d3052caed3fb8d48a1eb45ae","sha512":"3fedfc13ddece3079276d608e54e48e96cf1111800c0c3a89e7ada26676ece61e6454103e8f00d573f6853ee34fec799e4c2211f3d2361b9cedc9a3611d020d4","ssdeep":"96:iTMXPnMbz7yHP/qmJxMX5fivTMXEtsBxkTMG2bCIbkOWfQbkOWfAbkO3oYQD9ytP:IMXUXg3JxMX5oMXEt+x/nbP3T3D3jV","tlshash":"7381315367230e40b506c9a63fa57b4323284523864be9793fc1674c8fca69dd2d238f","first_seen":"2024-03-15T10:41:13Z","last_seen":"2026-04-13T14:10:23.815413Z","times_seen":815,"resource_available":false,"data":null}},"time_used":409,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":409,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/big1/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:45.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 27 Sep 2025 20:03:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 591\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa84fe-24f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 312201\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bbe5jJcB4Lt07nTe%2BKkRF%2Fxfi28p4X2LQ4KUBdFOCVyb6aVDoyhvZUNl0nJRrNWeOr%2BZYdHsIILHLVC6FehRQQFPphizt%2BSPTisoU0eFFrY%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 985d9b342e4f783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced","md5":"9fd5bcb6103d86e317bd1eb019bcbe71","sha1":"6b5a52ea669dcb74946f2bed4bdd7ec985026113","sha256":"0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae","sha512":"e244a8842c009fa83e8d9d1088ec5b76ca2a42660568b7886e01724977b9ebd4e43690e0c651e25287c64dcc4826391b34cae6a106e2148139450dd05fc5a562","ssdeep":"","tlshash":"b0f0414e7c5903a1874caf3b18dd00119c27898077c82e0db689eed20e008e215471da","first_seen":"2023-04-11T11:09:41Z","last_seen":"2026-04-13T12:39:33.553105Z","times_seen":4780,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fstyle.css\u0026l=4143\u0026fd=422","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:46.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fbig1%2Fcss%2Fstyle.css\u0026l=4143\u0026fd=422 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 27 Sep 2025 20:03:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"matomo.hellohi.me/matomo.js","fqdn":"matomo.hellohi.me","domain":"hellohi.me","tld":"me"},"ip":{"addr":"172.67.219.82","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hellohi.me","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Sep 2025 02:30:09 GMT","end":"Wed, 10 Dec 2025 03:27:45 GMT"},"fingerprint":{"sha1":"77:E9:73:0D:B1:FF:D8:33:D2:70:E5:D7:AC:43:15:25:3B:5E:8E:B7","sha256":"1F:E0:AF:A2:3A:69:98:87:C5:49:EF:0B:41:08:52:24:C5:3A:2B:56:AD:92:AD:93:7F:5C:00:22:3F:66:FE:4E"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: matomo.hellohi.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=44hpOAf5zLz%2FbFmCjmTF6U4ULtk2ZfKVTxo6oDfpnCrSq8e1HHR7vTAfdwCGOhZkMOJZDQT1z78HWGBRalZWG4CQdIHRKXMDcJpX646pEg%3D%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 985d9b2b9f4f5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":449,"timings":{"blocked":177,"dns":6,"connect":2,"send":0,"wait":95,"receive":0,"ssl":169},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/cdn-cgi/challenge-platform/h/b/jsd/r/0.8146186665931267:1759001928:MBLtO7rJIZckLCCPl4YMGwiZ-TG9-tTNJwMAsAAHEek/985d9b26fb9f5ebd","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.8146186665931267:1759001928:MBLtO7rJIZckLCCPl4YMGwiZ-TG9-tTNJwMAsAAHEek/985d9b26fb9f5ebd HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12098\r\nOrigin: https://ettv.twoproxy.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ettv.twoproxy.net/\r\nCookie: PHPSESSID=67m7k645omgnejoshjhqth2uja\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-length: 0\r\nset-cookie: cf_clearance=ZeUv.gyvbVoSDwPAA69zTt3gl7E.pEO5kiNRUFjNeiw-1759003424-1.2.1.1-HlhW.vZVEHTajj3085u0f5Kuovp.UiP9XSP17rmezkrWDPkHoBlaZFrV3MPkBaitsKbjBEUys2dnpQXgxR2JugyolCso3ymI6SihS2EIA.1L7QcQ3oXXCrHX349ldq8j0Du15Wm.cxQdudPNBeeeA_l9BWVF8zRkGMTSU.k2XE9WKX1Pkd0WBYckfd5VHajeEeQ9h3XeKyiNWUHR9NRFztbRA1IVE8tLvDXNX0UnsqU; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=twoproxy.net; Expires=Sun, 27 Sep 2026 20:03:44 GMT\r\nserver: cloudflare\r\ncf-ray: 985d9b2c68ec56c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/themes/superAwesome/custom-24.css?v=179","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /themes/superAwesome/custom-24.css?v=179 HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ettv.twoproxy.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=7fgmnt1g4ibqnctajeb2ke1qtt\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\ncontent-type: text/css;charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\ncf-cache-status: BYPASS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Gz5N4UlUpOxypwx3BVkFCrmEcGbVcV4aG%2FOb8HiJ%2Fh8hl47yOSdJA1wcqyPCHxWzLQLcal5vp%2F6r56ePNBCsZHFJ7uB8GOWQrEKwW2V45NzQ\"}]}\r\ncontent-encoding: br\r\nset-cookie: view=1; Max-Age=86400; Expires=Sun, 28 Sep 2025 20:03:44 GMT\r\ncf-ray: 985d9b2908695ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38628,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (1934)","md5":"1953d142b16039582aaf7c6afd8db95d","sha1":"22a5cdd7c4dbc9cdb640a5b3ee2037b53df32621","sha256":"511c1e2cb3afcb05e06b6a39bf4d343119f13e1aa59010ae8448bead8d1a3b46","sha512":"cee83681a6346cdca752d3568698de23515b2bb616e85715de2567ce28712a07c3e89125b45e3bfb5f2f85e06bd0054991895bd294a58ee5027e96355b347ae4","ssdeep":"768:p2Fa0QYkjf0n5CupFJFEFrFYnXFEFJWtMFfuEH+FEvQYFatLhfHO4oiNRwuegzrr:p2Q0QYkjf0n5Cupned6nXC7WtM5uEH+X","tlshash":"0e03614a96831d16b20790f46fbee76973694043914ace6ebaae31c8cf055ccd363b0d","first_seen":"2023-05-14T11:10:34Z","last_seen":"2026-03-29T19:26:08.565116Z","times_seen":29,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":201,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ettv.twoproxy.net/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"ettv.twoproxy.net","domain":"twoproxy.net","tld":"net"},"ip":{"addr":"104.21.59.228","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ettv.twoproxy.net/","date":"2025-09-27T20:03:44.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"twoproxy.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Sep 2025 16:53:58 GMT","end":"Mon, 15 Dec 2025 17:52:25 GMT"},"fingerprint":{"sha1":"73:A9:9E:94:43:51:C5:DF:F2:12:95:A2:B5:22:06:EA:11:F3:0B:47","sha256":"50:50:91:0D:8C:E1:CC:F2:93:70:2E:DF:DB:FC:27:26:F9:6B:77:80:0F:C5:E4:04:B9:9C:AF:58:BB:8A:37:87"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: ettv.twoproxy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=67m7k645omgnejoshjhqth2uja\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\nlocation: /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\ncontent-length: 0\r\ndate: Sat, 27 Sep 2025 20:03:44 GMT\r\nserver: cloudflare\r\ncf-ray: 985d9b2be8e856c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10078,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-13T14:12:10.579597Z","times_seen":13706848,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-27","alert":"Sinkholed","trigger":"ettv.twoproxy.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}