{"report_id":"08bf0e68-2d29-4364-abfd-27b3bba94c59","version":6,"status":"done","tags":[],"date":"2025-12-18T23:31:02Z","url":{"schema":"http","addr":"ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","fqdn":"ekltersas.life","domain":"ekltersas.life","tld":"life"},"ip":{"addr":"104.21.41.77","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"ww17.bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK","fqdn":"ww17.bjjhhi.flirtooffer.com","domain":"flirtooffer.com","tld":"com"},"title":"ww17.bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK","dom":{"size":99646,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (13721)","md5":"640721e3fea0f73c3d14234c0936842a","sha1":"3b90952b5c8356f50129e25c13446efbb93f9549","sha256":"949b8f57376434f6434089cfa7655eb9fdbec70f5469284f518010c748369fa6","sha512":"05afc115042ae38a21db6980f55176feb34cd6590585516cc8795c644b8cfa76bba3e606a29a3d28b0acc5e15a70467a529d988f30e2f72a6f2e2e642254f381","ssdeep":"3072:x2hk7SH3MMpiAFQ9vfeAwfo7Y15TYJJuvdriA0wi:0hk7SH3MMpiAFQ9vfeAwfyYLYJJuL0N","tlshash":"34a35b8c7443b036573720a1b43f3acee6a9199ab24d4c40f2b1d7b5386cadb891797d","dom_hash":"domhash3dad8800ac34a2c78ec6825d43e5dab2","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","fqdn":"ekltersas.life","domain":"ekltersas.life","tld":"life"},"ip":{"addr":"104.21.41.77","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-22T23:31:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":28}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"addictedfastestgasp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"addictedfastestgasp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"pollingpayoff.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"pollingpayoff.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ww17.bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ww17.bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ww17.bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"penpineapple.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"s.yimg.com","ip":{"addr":"87.248.119.252","port":443,"asn":203220,"as":"Yahoo-UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"1997-05-14","domain_rank":4553,"first_seen":"2012-05-20T22:45:00Z","last_seen":"2025-12-15T01:07:38.953902Z","alert_count":0,"request_count":1,"received_data":13515,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"Apache Traffic Server","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"52.29.191.236","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-12-16T20:59:52.98779Z","alert_count":0,"request_count":2,"received_data":846,"sent_data":888,"comment":"","tags":null,"fingerprints":null},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-12-15T09:10:25.259934Z","alert_count":28,"request_count":7,"received_data":209428,"sent_data":11589,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"bjjhhi.flirtooffer.com","ip":{"addr":"103.224.182.208","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"domain_registered":"2024-11-06","domain_rank":0,"first_seen":"2025-02-20T17:59:50.225577Z","last_seen":"2025-12-17T16:55:35.076531Z","alert_count":3,"request_count":1,"received_data":9964,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"findresultsspot.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-02-14","domain_rank":0,"first_seen":"2025-02-27T03:50:01.297811Z","last_seen":"2025-12-18T05:16:42.194947Z","alert_count":0,"request_count":1,"received_data":68287,"sent_data":1317,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ringdisgustpostman.com","ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-12-03","domain_rank":0,"first_seen":"2025-12-18T08:43:45.472099Z","last_seen":"2025-12-18T08:43:45.472099Z","alert_count":12,"request_count":12,"received_data":111362,"sent_data":16936,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-12-17T17:02:40.749593Z","alert_count":3,"request_count":1,"received_data":377,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"wl12wbq.starflirt-thefever.com","ip":{"addr":"172.67.173.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-16","domain_rank":0,"first_seen":"2025-11-10T17:06:43.816582Z","last_seen":"2025-12-16T06:48:17.273116Z","alert_count":0,"request_count":1,"received_data":10392,"sent_data":583,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"penpineapple.com","ip":{"addr":"52.57.11.42","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-12-01","domain_rank":0,"first_seen":"2025-12-18T14:47:49.206773Z","last_seen":"2025-12-18T14:47:49.206774Z","alert_count":1,"request_count":1,"received_data":485,"sent_data":496,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-12-15T06:43:45.023171Z","alert_count":0,"request_count":5,"received_data":348811,"sent_data":2446,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ekltersas.life","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-12-18T23:31:03.291613Z","last_seen":"2025-12-18T23:31:03.291613Z","alert_count":0,"request_count":3,"received_data":17748,"sent_data":2457,"comment":"","tags":null,"fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pollingpayoff.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-11-02","domain_rank":0,"first_seen":"2025-11-07T00:20:55.979413Z","last_seen":"2025-12-13T13:09:24.57806Z","alert_count":2,"request_count":1,"received_data":47218,"sent_data":447,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.google.no","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2001-02-26","domain_rank":92680,"first_seen":"2012-06-26T23:22:08Z","last_seen":"2025-12-14T22:19:24.295945Z","alert_count":0,"request_count":1,"received_data":580,"sent_data":773,"comment":"","tags":null,"fingerprints":null},{"fqdn":"l.cdn-fileserver.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-08","domain_rank":962880,"first_seen":"2025-04-11T15:28:22.753596Z","last_seen":"2025-12-15T00:44:30.876048Z","alert_count":9,"request_count":3,"received_data":2637,"sent_data":8554,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"region1.analytics.google.com","ip":{"addr":"216.239.34.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22257,"first_seen":"2022-03-17T11:26:33Z","last_seen":"2025-12-14T22:22:25.061209Z","alert_count":0,"request_count":1,"received_data":848,"sent_data":1032,"comment":"","tags":null,"fingerprints":null},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-12-17T16:26:46.156091Z","alert_count":9,"request_count":3,"received_data":257868,"sent_data":1236,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"s.cdn-fileserver.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-08","domain_rank":1473336,"first_seen":"2025-04-11T18:11:28.393379Z","last_seen":"2025-12-15T01:07:38.96305Z","alert_count":9,"request_count":3,"received_data":45365,"sent_data":1498,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ww17.bjjhhi.flirtooffer.com","ip":{"addr":"199.191.50.246","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2024-11-06","domain_rank":0,"first_seen":"2025-12-09T18:23:21.939831Z","last_seen":"2025-12-17T16:55:35.145987Z","alert_count":6,"request_count":2,"received_data":10360,"sent_data":845,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.72","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-12-14T22:17:32.87103Z","alert_count":0,"request_count":1,"received_data":449892,"sent_data":435,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"addictedfastestgasp.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-06-18","domain_rank":0,"first_seen":"2025-09-25T13:32:44.861019Z","last_seen":"2025-12-12T17:47:21.242056Z","alert_count":2,"request_count":1,"received_data":44709,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"msadsscale.microsoft.com","ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"1991-05-02","domain_rank":241518,"first_seen":"2025-01-13T10:51:37Z","last_seen":"2025-12-15T12:51:40.317534Z","alert_count":0,"request_count":1,"received_data":73333,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"3a1c94b65aa56f27038171c25929db84","sha1":"5bc22d9ef32cb0e5e190b5d1027c24fb033535a5","sha256":"c32175ac738a4e2279c3ee3da12bc9d6d3b9127c451e0b5400179df2a255767d","sha512":"f751513a5a358eed2f59f8fd7b301092565dad11b9ee615e000b4a42190e51a2e597edd51af071c0f2ccd3a25d7fcbc9c4e5c0b1ee24874e6404efa4a9ed123f","ssdeep":"","tlshash":"ea31d77fc3eb478d2aec90c91a362c4c1d35ea2ae542e9190d0749c89172a758d62d36","size":1530,"data":"","first_seen":"2025-12-18T23:31:11.679803Z","last_seen":"2025-12-18T23:31:11.679803Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww17.bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK","fqdn":"ww17.bjjhhi.flirtooffer.com","domain":"flirtooffer.com","tld":"com"},"ip":{"addr":"199.191.50.246","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"dc3f106f6e1b1d67b9fe4b776daf54bd","sha1":"93faa8fd593d60a2d0209b5acef355e36bd0a3e3","sha256":"d8f63c23ca8206bf7d4774c8c861faaa8236a3a60ee837af5ccd86fe4ff15c25","sha512":"3b32ff7577c964d334dd52388645caf3cfb4e426f518deeb87728c2aad6d58f3532a6c889f10d5ed61764b17eff64e7983fce042adc8e8264c6c1c4f44ad01e4","ssdeep":"192:FTH7KR5v6rYvxmh0GKLGAvzTH7KR5v6rYvxmh0GmaVAj:s8+yAvG8j6","tlshash":"2e02e7b611b694108dcf24a2df3eefdea1ed1e1bec5d680d85988650312d72b8d41bf2","size":8699,"data":"","first_seen":"2025-12-18T23:31:11.681237Z","last_seen":"2025-12-18T23:31:11.681237Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","fqdn":"findresultsspot.com","domain":"findresultsspot.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fe43622b86a9293f7d94436142bdfdc6","sha1":"01ef22d8f3292bea2b0cfa63e49be5ee758899eb","sha256":"f06061820c8cc9e6d88231bddef898d9ce4a8326f6e00e30e0aca3f924ad3dd4","sha512":"a8cf2feaa0a396472300a52b5d37f123be2249d274c947da255ba4f99a644139d92e010b65461b9575a4e63cddb1e717a085282c435d182186b0e51885f654d5","ssdeep":"","tlshash":"3e70008880202a0000e0080c030323b0238080a88cc28000822ea0033080e030288a8a","size":24,"data":"","first_seen":"2025-03-08T00:25:13.703666Z","last_seen":"2026-05-10T16:29:28.452921Z","times_seen":171633,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","fqdn":"findresultsspot.com","domain":"findresultsspot.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ab967f8b5617abdaf74dc9c426b0232d","sha1":"9ea1d32555e71241601d69c6f50206585b1ad347","sha256":"e9eb8e58e9d25faae096f3f7f8b750a56195abc87542ae29c48b06578f630bd8","sha512":"f03e79d3017a34a8f27a331ce5460f8448243c0592350168e3bcdd23cd396424d48b53cb2c350a1ddbe876e6e84015eef33c61afd0f28f05b91a4eddbfffa2e9","ssdeep":"192:FCrrqlH73BzOBceDiG1xn2tvj+jfpGqi6k6OLSH3MMpiAFQ9vfeAlObfoWE0:crrqxNzO/CjOf0Ik6KSH3MMpiAFQ9vfA","tlshash":"c3d1e9499469c672052e21fa7c3c7e8e78d8384df6cc385fce91ec88896fa769d4414c","size":6599,"data":"","first_seen":"2025-12-18T23:31:11.683216Z","last_seen":"2025-12-18T23:31:11.683216Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","fqdn":"findresultsspot.com","domain":"findresultsspot.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f2e254918ddc417ed1088ac88f4391ce","sha1":"a7c5984c91d9248a133abf1d93d856df80d979ec","sha256":"b32a3ea5c4937a2baed62b99177b9cb20735030bfb54a6b8b3342140d0240196","sha512":"e13edbc8b497640ea222df3b559f23889e1489f851f3838cf578056477b89aff7ddb47a29980575e8abfc716f4d6e51d3406b84fdccd406c8115e8a863d14084","ssdeep":"","tlshash":"71f0e97d8fd710502a65510f625ff2c4b098a09737a3c449f5ec92444f45a6e96b92fc","size":505,"data":"","first_seen":"2025-12-08T23:38:23.114575Z","last_seen":"2025-12-26T21:13:25.1668Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","fqdn":"ekltersas.life","domain":"ekltersas.life","tld":"life"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"aefc72f37530cc82a8fee73d9ad13745","sha1":"e86a87cae9594bd070a8fbbcdf439cf4b362074a","sha256":"9a425c983fb637c2d52668899eb2f2b2a3fda12398b4a47e266d8d647d926850","sha512":"e4c17a3168aff7ccda6d40e2828070f825a88c2dac9d89f2f06f7a045815a93c641fdd942f09d1687a5f1d5d8762d46392074633af58fcfb85620f25749f9e85","ssdeep":"","tlshash":"15c02b8c210a0c7085ff27008f3fb704f002332895d069314f4963448d30f07f744810","size":153,"data":"","first_seen":"2025-07-22T09:27:33.671147Z","last_seen":"2026-05-09T18:31:14.13687Z","times_seen":3111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-KJ4T538TS5","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.72","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c6f2166610cfd82dfa698fced78d9a9","sha1":"5e40b88d1d4cf2c56eef5e7ce2698046cbf1f5fa","sha256":"25ff88384f28b06a63ee095e2489b433c4838c3c067a83ffc93acc689348585b","sha512":"8d6a7506a8c54f6955fc0aac170b73013b2c19648f56fd6a85008822d1e04eda16a31927f2b0351792e0db693e48dab7fb629331aa8079d26832e5462ca2f530","ssdeep":"6144:PZIe7ma2bulKY/1u99xHDmHYmyBFzvnsy/O6yWoNPad4FpCpbr:iC8bu7/1mbrnsyByWbMpC","tlshash":"b9a4098e73c67426939ae078502f11cba97b29e2b45cc896f1c9cce01d7469a4277f7c","size":449288,"data":"","first_seen":"2025-12-18T15:03:30.903461Z","last_seen":"2025-12-19T05:29:52.904382Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"addictedfastestgasp.com/4ee2db58adb8afc709a6004b40577412/invoke.js","fqdn":"addictedfastestgasp.com","domain":"addictedfastestgasp.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce54b56622095db01a3f4ca53ceef7f5","sha1":"34fbc4a648eeed50673c7b203c7570d2e187fcd6","sha256":"f24ee0d432521724d3076ff256c8d83a2db58c558f2b3e27a6a1e9f4175bcdba","sha512":"1c1b6856b0f67c099327f634054104ed5e7ddd361584f0a70028855abb600cc761a7b9a16fba9b06afac7fe7f21ba38c41d28bac3a0637b3bd6563f4e39b85a4","ssdeep":"768:pLFPQVpOg0DGmXN43uQxjCoMSZR/IuVpPtyw4cLeJEOlhPs7YUMIwSQX:pQ0DR6fCoM4R/Zyw4UcUMIm","tlshash":"0213e79a7f91b5ac0376b47b143f922ef6399d0260c8c9acd103e8952f9ca48c53db59","size":43860,"data":"","first_seen":"2025-12-18T15:03:30.923837Z","last_seen":"2025-12-18T23:31:11.648351Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/38/08/95/380895734ef7979b147f5e53b15686f8.js","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6cb5965fb2620a4fe29fc1f4d73f2844","sha1":"44cb19a3d596369bc0728feccb083d3ecbc844af","sha256":"c512d654942622780cd02123a55d072215d86a130b85da4aa7418adb75e33f70","sha512":"fa6108222bcdcd8a2d3eb21e2f877422b1916e5ccdfa44c855f1fd9ae58636b1cd6323112bac97b97f6fb130e87d423219d843eed251bc4ee14f2ef56616bc2f","ssdeep":"1536:H9yUBg8XFOUGcAVTesz3WArOwlNyBv77NzxpQ2jFFwTnjII:H3B91c3pUhxpJwXII","tlshash":"a57309487f42b16b5352a073627fd047f0256f1261ecd498d123e6a86f6c33af636b98","size":78852,"data":"","first_seen":"2025-12-18T15:03:30.926664Z","last_seen":"2025-12-18T23:31:11.660144Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-10T16:36:43.095517Z","times_seen":15813,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"4585f298c8aa9f589567e55755365902","sha1":"b02979d048256ba5a2091284db6ad6da461a7057","sha256":"5ac1786fa5e20472321d6db0897bf46d1b87311ecf123ce7228636a0fa413dba","sha512":"8c509e6c07bfbeab7db5dd9b0caeb74db472ff636779a6dd5befed8eef4f080d647119a686db49491b1204b46d555f656024ebc7f1e173a8f31d5fb7442252d9","ssdeep":"96:Rozn+Vpi5GZZwDZ8Ik/ohO+vL8tG7e1jDeCfMEDaH:OzUpiWwDlk4jkUCveCkCaH","tlshash":"0e914c3f9edb22384dee709b113a69482c22e10b6800dd427c0ed9401f747fa0ca8e76","size":4562,"data":"","first_seen":"2025-12-18T23:31:11.68578Z","last_seen":"2025-12-18T23:31:11.68578Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-10T16:36:43.095517Z","times_seen":15813,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"02db11d9431b810807d10a49568e35a1","sha1":"3723d40ba6a9014001244020b75b7981d5b54d79","sha256":"310fb162b7f7f63f1516c67ed5207db3a31462cf2cc3995c5658fb9fbf817cdb","sha512":"595ce9d91442a0d487e4e6e7064e0502225007b3efae4e6ed6138526d3aa4e5fdad0a3584f2c2e3b83f3565d770276f9bfdb1903970d8e5a2a551fa4c837de50","ssdeep":"","tlshash":"4631f773b58b39358efea3a3100db6d85ee3e9099c5086826422491024b90ef1148e7b","size":1800,"data":"","first_seen":"2025-12-18T23:31:11.687133Z","last_seen":"2025-12-18T23:31:11.687133Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/e8/5f/1b/e85f1b4e5c463e0f1e77e1a97dfbf10c.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d04a5502cbf7ead6461654ac64b1d0d7","sha1":"c006f1a3aadf180cc64122f8c0cdbaac11e1e7ca","sha256":"93c8b8fb1ebac247623d72fd56c899043e0e9e3bf7e12ea3cedbf5dfb25d5771","sha512":"32fa1311a90b39c29dd2f65a91c9bc14e007a140ade4fa5ace40e4fe262fb1a61f96bb35cbf19cbe1467fcd3fdd8b20cebb8b547e32fe9e98eaf6f2c22aeaf33","ssdeep":"1536:NBDoNSZUXIbGKdN6QfSitPTw3IWplpBKlD:joAZU6GAbunpWD","tlshash":"55a3d7487f91f07c03566879213f615ff09a0d99508ce568d502f4ba6ebc32ab63afd8","size":106420,"data":"","first_seen":"2025-12-18T23:31:11.642046Z","last_seen":"2025-12-18T23:31:11.642046Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-10T16:36:43.095517Z","times_seen":15813,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/other/adzilla/circle/2-1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"561acb3e541133bbdd2c0c19f8ee35a1","sha1":"ffd1353cf3f77d25f801c84d8208613eb0d3d548","sha256":"9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc","sha512":"8a647ed6f56b4da93c7a034609060991cc8080350f057f4f2af2c369f18af066db3b4e77701fc017027fd774264a6d0f84927239d7d2f693edc6f7d6a0917be3","ssdeep":"1536:YjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h5cApwEjOPrBeU6QLiTFbc0QlQvakV:YYh8eip3hXuf6IidlrvakdtQ47GKl","tlshash":"f993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89492,"data":"","first_seen":"2023-03-07T01:04:00Z","last_seen":"2026-05-10T12:02:32.366249Z","times_seen":6649,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"9029fce3c6b6f66fd57c8b6eef62e46d","sha1":"8508a4e51dbb2fa64de25a1a8fa1ea3d8b4fe833","sha256":"d6433481d5abaa1c170efd57ba3d104001a88eda7efb798ae90219fbe45c676f","sha512":"1b26142b97c236a1784d3a4cba3a30b9632065d59bfb005645777b6c83d88f809694964a060c03c6df2d79c5afedd13fcc9385fb97706e0c5318d3997cedef74","ssdeep":"","tlshash":"2cf0f43a3605b27adba3f257d04b778e5a31805fa5c61a0d743c9b8a1cb06a122c0c6b","size":601,"data":"","first_seen":"2025-12-07T05:38:51.424088Z","last_seen":"2025-12-30T13:00:39.74042Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","fqdn":"findresultsspot.com","domain":"findresultsspot.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6cc7f46d0481fd5b52b63c1a02bea830","sha1":"bd82eb70385394d5e6fb4219afcd5447c8571275","sha256":"b6d8a7b7b699b31cfffe02386ab67d65fd553d79cd655c5b9da15915eae27179","sha512":"ae5807bac0984d6bc01f58ce4a47bb41e33a605e7ffc6c19d07919884a101fab7944c29beeb88f05345c1bf2e2ccae1e4fc3d7329c17ec5ae7e9715dc605a04e","ssdeep":"768:GK75wr3AM52v4YPgIkqPXBuvdf/rAf1/cnx+r435SOk+GTtTwVD:b75+55TY4iPRuvdru/Sx+rw1","tlshash":"eb23e7dc34c2745617672562422f2d4bf17b1a507a4ecc40e5b5e9a63c3ca5f8a23e8e","size":47116,"data":"","first_seen":"2025-12-17T14:37:00.735889Z","last_seen":"2025-12-19T10:11:02.336182Z","times_seen":386,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bql.php?vgd_len=5027\u0026\u0026vgd_l2type=dmola\u0026fp=rxEwMlW0350whSeeKc49Nb76WR1GIXxywPcb6OK4wW7p1bTfSSs2j-FMnlFc8-3kfkAYkFst_O9TLF4OrzZp4dok1h4KaZhGCIVm-k6Bfz7kUQn8zUIG5Lbi8-PCOQ4R8lNiDVlXsek%3D\u0026cme=Y3CIEtK1-hkNRz4nOE7ecovEgwyrLSrM_s2_6dmx0LDewGYWJv_aBJD12cZ-GeNSBR1KklQ6iISTLcDnq1NsIqm8iYXS2_qtPZzbbHaiesXDTYKzEeqbkU2aBe2sNvnIh_Muj9tQ8kiiDzsw-ajcu9ouxWh1k4MV4jVPP5YG0bzMkdbqstHaZOx7aVfmlckgFFnjJq5HAYiWiTfUa6i4RlL8-gekejRXnTu36ln7vfO30XviL2fbS-V_OYv7TLfCpiPDFyUnfQQFFDwXikNu3Q%3D%3D%7C%7C93q-w6oysg91aq4hh7dv6zzrcNTS6udO%7Ca0AmFUYXmD6h8Qsq1enTflc2Pkp459aSwwGpaS1Oi_zdN8_gzvPB9Ybt_KJVFTr2TMgBXNyn1c16lGC6v8Hraw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7C9N40jeUC3sm6zGaIXg9B9L5D6D7MOru_P4NIqj857AYE3YStfVLpBAs9iET_QegTE8UKfPOpwbBFvTvUGTAGji7EqC_mTGNrL6pT5uOwn-dfF7dzvu52vDA_UuGkroI5nJXeJvINWllM3OE5thzHxWEG13pzDPdnCiR-9fE3ka3EjJllMHxbbLUQuQxAg6v7x-TTto9ioNpWh8Zsc91Y7rdv68OT1nX_o_6gyiehNBy1EbTamHPExx4h9xVuhZWSPklcT-uzDcc_zAb7iCWkVM4C4QnVaXsLHy6C1IS2mMj6VNTop2JGSORlVGtYEfWSTvNmBrLq7VDiVKni32D9bD9MqVIHtBoxBGNnjhdrpbUl6PNvg7lKc2B-DkfPec7dGQ3MqHSUHSCLaspI728V7QI95s__ZtgCGvZL98H4lJdJO6CaAh0Fx__EsPkOYeLRkOlfZMLP0_gWcTrunnGVuvd7LPX9y8qtJCzwpV0oao_xKyhqM_N7w861q3xZA5avXGtXCwmS5NOrADWrPOYpPsec4xv0sy021eFMcfcdKB8-oZfXphGrpMalRvgnoGkCe-Xr2Kft7vtm-EEWUPsOcguJHQNiNyafbgrjiioCgCukV2oBq0HduZNmq0GWsANr%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026ksu=360\u0026fdkt=658\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Find+Love+Relationship+App\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=1\u0026kid[]=1326136034\u0026kbc2[]=clid_serp%3D5528%7Cclid_fz%3D-2%7Crla%3D26.16%7Clr%3D0.06%7Cakp%3D5%7Crlhp%3D0.00%7C17%3D0.00%7C18%3D1666.67%7C5%3D6%7C6%3D0%7C16%3D1%7C19%3D1666.67%7Ckus%3D0.4847%7Ckucs%3D0.4150%7Ckcucs%3D0.6581%7Ckcucs2%3D0.6581%7Ckssks%3D5.0000%7Crcid%3D200619%7Cclpr%3D0.847200%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557870481313781650176\u0026kwd[]=Top+Dating+Offers\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=2\u0026kid[]=1933084716\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D6%7C17%3D0.00%7C18%3D0.00%7C5%3D2%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.5006%7Ckucs%3D0.4806%7Ckcucs%3D0.7188%7Ckcucs2%3D0.7188%7Ckssks%3D5.0000%7Crcid%3D237403%7Cclpr%3D0.882900%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557865977714154279680\u0026kwd[]=Senior+Romance+Sites\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=3\u0026kid[]=1325352309\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D3%7C17%3DNaN%7C18%3DNaN%7C5%3D0%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.4658%7Ckucs%3D0.4895%7Ckcucs%3D0.6581%7Ckcucs2%3D0.6581%7Ckssks%3D5.0000%7Crcid%3D71516%7Cclpr%3D0.902400%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557865977714154279680\u0026kwd[]=Romantic+Love+Messages\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=4\u0026kid[]=151353148\u0026kbc2[]=clid_fz%3D7392%7Cclid_serp%3D7392%7Cakp%3D10%7C17%3DNaN%7C18%3DNaN%7C5%3D0%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.4732%7Ckucs%3D0.4239%7Ckcucs%3D0.6208%7Ckcucs2%3D0.6208%7Ckssks%3D5.0000%7Crcid%3D45524%7Cclpr%3D0.881400%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557865977714171056896\u0026kwd[]=Best+Of+2025+Romance\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=5\u0026kid[]=1275662598\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-1%7Cakp%3D2%7C17%3D0.00%7C18%3D0.00%7C5%3D2%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.3746%7Ckucs%3D0.3938%7Ckcucs%3D0.4882%7Ckcucs2%3D0.4882%7Ckssks%3D5.0000%7Crcid%3D9319%7Cclpr%3D0.830500%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=17175296\u0026v=1\u0026gdpr=1\u0026geo=59.9%7C10.77\u0026lper=100\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170762530\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=k8zOLJQxj7QQEm7.NmY\u0026cid=8CUIK384H\u0026vi=1766100644919229513\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=2\u0026vgd_tsce=L1082-S1082\u0026vgd_l3_sc=03\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=55990\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_ifrmode=03\u0026sbdrId=\u0026verid=\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2151364624398269975\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=2596\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001766100644180015326356487944\u0026rc=0\u0026rand=1766100644911\u0026acid=undefined\u0026matm=1766100644912\u0026vgde_ltimesrc=u\u0026vgde_ltime=XAh\u0026vgde_rtime=Xuh\u0026vgde_etm=fF\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AHFW%2C%22QNLLQ71L7%22%3Aui%2C%22QNLLLJzOJL%22%3AA9%2C%22QNLLJ-JN%22%3AX9%7D\u0026vgd_lhl=1982\u0026vgd_sbSup=1\u0026vgd_nrrs=55990\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","size":15,"data":"","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-05-10T16:29:28.435773Z","times_seen":173811,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","fqdn":"ekltersas.life","domain":"ekltersas.life","tld":"life"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8caa93bcc57f04d6abbe2ceef45fa409","sha1":"0a82198f678d388a5cd391c6588d7f007f0916e4","sha256":"3732f88df3ae2724249184ffc54765315c5a510a9b3adbe8f493e41592cdc12f","sha512":"7c6e2a789f1fc32b4e873c3aba9c33379df220cc88a5ee9e1c4de4fda3eecaee85c109fcf0e241abcd9cf6369129fb60958c859578ad95d91b3f93a259262469","ssdeep":"","tlshash":"36c02bedc608f35c40d7dc24092cda00e710cd20341e049331d0082d02847268451b5e","size":139,"data":"","first_seen":"2025-11-14T12:25:36.982147Z","last_seen":"2025-12-31T11:18:27.21239Z","times_seen":472,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","fqdn":"ekltersas.life","domain":"ekltersas.life","tld":"life"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8e997cecfb28d27634f13e061b6f4de2","sha1":"09feda2c28d8c7da31bd526959ce311dca5f8723","sha256":"f7bd1d2d9172ee75d2da76930300561ff7e25b66536a5e2510bd722e3c464d73","sha512":"b7dea1ced201198d6b150d69c6cfa23fd7fb886c3a2d920d8849ba168de2690eb25a2e440754f8893b9308826191cd9e6eaba8e2b53c059160f94ee028bb1077","ssdeep":"","tlshash":"f5e0ab2998e706384cf63e441038ca3934f838a0aaa3d067625cc82ccd39fc50c04eec","size":424,"data":"","first_seen":"2025-07-22T09:27:33.747354Z","last_seen":"2026-05-09T18:31:14.138082Z","times_seen":3050,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pollingpayoff.com/a93e04098bdd2de81eb7af8dec828738/invoke.js","fqdn":"pollingpayoff.com","domain":"pollingpayoff.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"41f5bd83bff8e3a0c9fdd86d1b433126","sha1":"e34a22682b936cc1bda7a1f87a046ae2b3a692dc","sha256":"89f5afb6f27231420de98571d2997697c0a60afa29eaf31bad338ca544b39cad","sha512":"67e9821bc88fcbd47be21e57df83e44f8deb8c158016dcf100232130ffe76414b7e21548e4cc3190656b7d682e5586d2fb9498c5acaa83ff9e8427355d3d3901","ssdeep":"768:dB2Ed/5+sNKlKMHLQTwkf0RCsYeLvLoK12G6FYc0CL2p:dB2EX+aMHLQTwkf0/LDLoK12tFYNec","tlshash":"f923fa5dbf92f006165f70b7372fa106b15a8c19680cd88cfa07fda46d68f45e837aa4","size":46375,"data":"","first_seen":"2025-12-10T17:32:58.69924Z","last_seen":"2025-12-29T22:56:57.646124Z","times_seen":58,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","fqdn":"ekltersas.life","domain":"ekltersas.life","tld":"life"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"301f6cc1c86d217d44fade20d80e767b","sha1":"9507091388798be5e42852f3f74749092f71b622","sha256":"d460e4ddbde2f16bbb2450495b135667152ec3bd2473db9bc1edb791b5e54e32","sha512":"4b38afa536005cafcbc2d8a34359b24b10aaf92177b6f32c775b41ad4ea391b526e1cd27265fe9feb304f615c3fea0f9cf04284d5322861e6d351bdb5c3b182f","ssdeep":"","tlshash":"f8f05c6736631c2025676a2b617053843c2386573c96b40b761c45d04f45957b5bbea8","size":496,"data":"","first_seen":"2025-07-08T23:13:22.630361Z","last_seen":"2025-12-31T11:05:20.572985Z","times_seen":2215,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/46/67/16/466716847e8dab35df8323718d632d4f.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"483e80d0a6584cab5e8c5f6cc9045781","sha1":"e6256c806d04795e946ed4b305363796b3cf9744","sha256":"97cbf7e52ec0ffbf658d92c5d6b9544788537fc77341f68257a6ce277edbc527","sha512":"fc2cb9349dc40ac796d640c18690937ca08aa031656fd2191f7405f3d43ba85f81da273e170bee4c8f1da5cffe9665c63b4bb7fbe32169e9a7b36588a3fc7639","ssdeep":"1536:l9yUBg8XFOUGfAVTesz3WArOwlNyBv77NzxpQ2jFFwbDjIC:l3B91cKpUhxpJwDIC","tlshash":"307309487f82b16b5352a073627fd047f0256f1261ecd498d123e6a86f6c339f636b98","size":78849,"data":"","first_seen":"2025-12-10T17:32:58.721766Z","last_seen":"2025-12-29T22:56:57.625594Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","fqdn":"findresultsspot.com","domain":"findresultsspot.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7ea336f637477485ccd6f9a5b167bd7d","sha1":"8153e4b97c42ab5b73f2f577b43043c8c9283b4b","sha256":"ce4d01ea989bb3b9243f9917fe20a39064135a99b2f3b8cd6832cccb10006b96","sha512":"1ac3fbd0a0c12ef1eacf5dc2a5848e72574bc9ebab4b159fbd080d02b3c49320e5862be0d7404e6ded0c2e2c8c0c43f84d93b966d200007782e282bbab8b3c65","ssdeep":"","tlshash":"c6f0e5b694b3c8285b0f264673ffd684145043e45c05764df1ede49a03e1d4cc0d9eaa","size":481,"data":"","first_seen":"2025-03-08T00:25:13.728891Z","last_seen":"2026-05-10T16:29:28.464466Z","times_seen":171335,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","fqdn":"findresultsspot.com","domain":"findresultsspot.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2e8be5ce7a18d21c61ddaa3be3fd99ea","sha1":"7d2e7dcc6e15405e8d20e4287f271756e7f874f3","sha256":"5211c581ce1e9891281e16e8820398ab1f3a835b862b9e168bbffffe8e66ea19","sha512":"202c8e96e23f05dc95606ba0b7b318973a6ce95f22f28d05b4fe3762f335f0db7d989c73f8f0fc4e55cfa2b4c4980bc17433b8132ffba6b6975658322e7eb308","ssdeep":"","tlshash":"a6b02b103d301002007a0183c874c4290136d8f3330044d44b003cec908e440605e74c","size":122,"data":"","first_seen":"2025-04-02T18:01:59.542907Z","last_seen":"2026-05-10T16:29:28.465258Z","times_seen":170840,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"0defdeb978069a8b7b180ab6528f7e9a","sha1":"f2cc6d3e612490acb7c3755a3e82acaa53430bc0","sha256":"7255bcbe5f0b3081812ee2b4100dca05bb8593a59353c40f84aff969d02a84a6","sha512":"730d6a7f78cd0fd4b8cd4af42222c306fda96834f2a63749f53620c7fe82b27462604ba7384e7b50885fb28fc8a8b86c3c08f368d4173ff4c6e4837ef06d89f8","ssdeep":"","tlshash":"03c08c48af0b313aadc83d0da3000ba0bdc1871a30339d8023088c8060d833b4444e02","size":145,"data":"","first_seen":"2025-11-14T12:25:36.978007Z","last_seen":"2025-12-31T07:53:20.695547Z","times_seen":445,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"52.29.191.236","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.097Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ekltersas.life\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:40 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://ekltersas.life\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=3c6f4339-561e-4b31-ac77-01866d68159b:1:1; expires=Sun, 16 Dec 2035 23:30:40 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"aa95d29fc79d949770e7cb8ddf4fdd94","sha1":"0b22148b4748e58cc2bd0b809c50a1a5761a16cd","sha256":"67fecf857e4b7426d0cde464f056ddb83e5806da463d17c92de54e5a9d8211b3","sha512":"8fef19b0c8fa1e87cbad3736c91871b3512b994f25c897327e91d768599e68e97644f6290cf0b47ca2630ef65bc113053271bc1eb10cc9cdbc37fcf3ee9828d8","ssdeep":"","tlshash":"ed9004d57345c1f3040530c3337d71c41000f43c40c1c1f141037d0070744017535417","first_seen":"2025-12-18T23:31:11.640335Z","last_seen":"2025-12-18T23:31:11.640335Z","times_seen":1,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":93,"dns":20,"connect":21,"send":0,"wait":22,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/e8/5f/1b/e85f1b4e5c463e0f1e77e1a97dfbf10c.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /e8/5f/1b/e85f1b4e5c463e0f1e77e1a97dfbf10c.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 37814\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: 4b4e7ab587d59b22ad7bcd2439afc363_HD-45237=1; expires=Thu, 18 Dec 2025 23:30:40 GMT; secure; SameSite=None\r\nx-envoy-upstream-service-time: 3\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: dee43f207f895e62902f9abdfd1e1dc7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":106420,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d04a5502cbf7ead6461654ac64b1d0d7","sha1":"c006f1a3aadf180cc64122f8c0cdbaac11e1e7ca","sha256":"93c8b8fb1ebac247623d72fd56c899043e0e9e3bf7e12ea3cedbf5dfb25d5771","sha512":"32fa1311a90b39c29dd2f65a91c9bc14e007a140ade4fa5ace40e4fe262fb1a61f96bb35cbf19cbe1467fcd3fdd8b20cebb8b547e32fe9e98eaf6f2c22aeaf33","ssdeep":"1536:NBDoNSZUXIbGKdN6QfSitPTw3IWplpBKlD:joAZU6GAbunpWD","tlshash":"55a3d7487f91f07c03566879213f615ff09a0d99508ce568d502f4ba6ebc32ab63afd8","first_seen":"2025-12-18T23:31:11.642046Z","last_seen":"2025-12-18T23:31:11.642046Z","times_seen":1,"resource_available":true,"data":null}},"time_used":775,"timings":{"blocked":291,"dns":13,"connect":92,"send":0,"wait":98,"receive":93,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/7a/46/02/7a4602835f3f38811ae9549a1e65af83/1756656897.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/7a/46/02/7a4602835f3f38811ae9549a1e65af83/1756656897.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:40 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 64738\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 16:14:58 GMT\r\netag: \"68b47502-fce2\"\r\nexpires: Sat, 20 Dec 2025 23:30:40 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64738,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:43:55], progressive, precision 8, 728x90, components 3","md5":"a2b837691ec08bb81b1f2ad3a31ad6c2","sha1":"0ffac46d2256df762ecf0fe356f5f2c5e25635aa","sha256":"571690e4918f9915606cb6dd208c40161bf0a9a66f1fdc186a2f1b6c3cec0508","sha512":"55926574ca9f39d09424e6e6a9f5af97cda6263ea9fe75f0422085f5495dc9f0b01a928bd435278e651678d8b2dce587e7b0475f3bdf7a1f061872be165a8b59","ssdeep":"768://CXip/CD8YyBd6tQ/rC2wUKjyZe9AgBmC9wCUgaDur+TREUM64BHkye1KBZc57x:6892aGqmDBmc90Dg+y+4ZcUrANdN","tlshash":"e453f1a5ab56de21fcf056749ae0c2d31512b995d7a33a0238ec3645bf6a3d5cc0d30b","first_seen":"2025-09-02T16:44:03.401678Z","last_seen":"2026-05-10T10:15:40.696278Z","times_seen":691,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RTO2wdRRudm0R_8f-_hEJ4tLegAITtmZ19kgJhQlBESEISlAJRzNMZvHd32dm967iKCEIRBTKigW59rhMrEPEQEh0osukiIeXS4CJuUlACQkqNrmPJ8EnzPeZMcc7MmQ_X213C0Yqdc2-Uqy7PxUI0T4fPXnKFLjs_PHNxyOg8PT685Io4PD5cmaV6_CLj4Tx9bviaUcvlQkAZpYyy4UlXG1uuLOyhcNXtjM1ndD4M5lkUYqX-9-zbAbwYQI93yeNwevrYA_s2nNpCMfrmhPHLTVm98OqozUVT1hjrzbeK5aLsCowOWlsPYIvN_dMo_ZSQzw6hLDb3FaAcb8wUQLopOfTUfchic58m5PjGI6Yyhykg9f_Qjbdg8m04sQVVXoPT9wigNM6cRTG6eaasO3HlESpm6JQcefgXXDclR-4_gWL01WLuVoYXyrxtXFl4rNgebmULbmkLVbuNZnUA121DNe_D6Z_JwsPTKEYbZ31ewumdZ7iKbch5NhfFzMyFkrM5oZJkjrI0jnWcsiiTe1fk7BaEH6CdLTdAawdoqwFGemcY0jRUTPDYZlolNBRhqI2kWRpQKjKVoFUz7mtoqjWofA2qvoqqvopl98m98jfU7R34yzvfR1aZiCdcRZaH1qaGWas0SwTTiTZGCiF1oJiSURZnMgiM5HEcpZozFds4SSLBA01NlPAkCSWNaWKYNkJoblXAqTJpRJM4CJhJmUlEktnMsswqnSmupMpExGgQhTQIMyUCpiOb2JQHkbFZxJI4ZLEScRixQESpkjYWNIp1Aq8H8A3BWPfoDEHnCTpB0DmCriHoxv0NnfvA9zd17lvJ9muwX3k_KZuldXGjbJZMQSDqNdS633DVe_4aVHN4smq9npSzJGTTT4TU_Xq1S47ODDG49fsfWDY7Q5FxQ0OapVLrQM8kykTYVBuVBmnCU3jXw_lDe8-46qbkzQ-OonJT8v8HHaTYhs-3odyTEO3TEN0kCVKIy8goVouvvRh5sWxqN5rPnTXQZY-qOYLmymA93yXHJucvLt7Z8-c7v34Ko-6S_YCqe1R1j3fdTwRL-fXJ-bIjG-fLzpNvz1aNG7lVMfPuhUY05j9fvG6udGWtT53wa7deVjNg1t6-aHxzWhTaFUuefLnotDb1ybJWhvxwyl8y8lzrLy-2ddFWp8-9cvLUqKqN964stiDclPz3z4-g3JQc-_HzvX8ZPf8dVHUVvjrg6UsCWRHkjiA3B_tC9vD_mOVBv-6vY6keQDTXUIx6jOse47yHyNfg28OTpqrvvvQL3wvIfDCReU02ZF7PcLcztNwEitI0iRlPrWE81MpGaZjpWFDODRo_dSc-7v8OAAD__xVSXIQ1BQAA","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTO2wdRRudm0R_8f-_hEJ4tLegAITtmZ19kgJhQlBESEISlAJRzNMZvHd32dm967iKCEIRBTKigW59rhMrEPEQEh0osukiIeXS4CJuUlACQkqNrmPJ8EnzPeZMcc7MmQ_X213C0Yqdc2-Uqy7PxUI0T4fPXnKFLjs_PHNxyOg8PT685Io4PD5cmaV6_CLj4Tx9bviaUcvlQkAZpYyy4UlXG1uuLOyhcNXtjM1ndD4M5lkUYqX-9-zbAbwYQI93yeNwevrYA_s2nNpCMfrmhPHLTVm98OqozUVT1hjrzbeK5aLsCowOWlsPYIvN_dMo_ZSQzw6hLDb3FaAcb8wUQLopOfTUfchic58m5PjGI6Yyhykg9f_Qjbdg8m04sQVVXoPT9wigNM6cRTG6eaasO3HlESpm6JQcefgXXDclR-4_gWL01WLuVoYXyrxtXFl4rNgebmULbmkLVbuNZnUA121DNe_D6Z_JwsPTKEYbZ31ewumdZ7iKbch5NhfFzMyFkrM5oZJkjrI0jnWcsiiTe1fk7BaEH6CdLTdAawdoqwFGemcY0jRUTPDYZlolNBRhqI2kWRpQKjKVoFUz7mtoqjWofA2qvoqqvopl98m98jfU7R34yzvfR1aZiCdcRZaH1qaGWas0SwTTiTZGCiF1oJiSURZnMgiM5HEcpZozFds4SSLBA01NlPAkCSWNaWKYNkJoblXAqTJpRJM4CJhJmUlEktnMsswqnSmupMpExGgQhTQIMyUCpiOb2JQHkbFZxJI4ZLEScRixQESpkjYWNIp1Aq8H8A3BWPfoDEHnCTpB0DmCriHoxv0NnfvA9zd17lvJ9muwX3k_KZuldXGjbJZMQSDqNdS633DVe_4aVHN4smq9npSzJGTTT4TU_Xq1S47ODDG49fsfWDY7Q5FxQ0OapVLrQM8kykTYVBuVBmnCU3jXw_lDe8-46qbkzQ-OonJT8v8HHaTYhs-3odyTEO3TEN0kCVKIy8goVouvvRh5sWxqN5rPnTXQZY-qOYLmymA93yXHJucvLt7Z8-c7v34Ko-6S_YCqe1R1j3fdTwRL-fXJ-bIjG-fLzpNvz1aNG7lVMfPuhUY05j9fvG6udGWtT53wa7deVjNg1t6-aHxzWhTaFUuefLnotDb1ybJWhvxwyl8y8lzrLy-2ddFWp8-9cvLUqKqN964stiDclPz3z4-g3JQc-_HzvX8ZPf8dVHUVvjrg6UsCWRHkjiA3B_tC9vD_mOVBv-6vY6keQDTXUIx6jOse47yHyNfg28OTpqrvvvQL3wvIfDCReU02ZF7PcLcztNwEitI0iRlPrWE81MpGaZjpWFDODRo_dSc-7v8OAAD__xVSXIQ1BQAA HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkxNDIyNCwiayI6ImE5M2UwNDA5OGJkZDJkZTgxZWI3YWY4ZGVjODI4NzM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MzQyMjI1LCJwaWQiOjg0NDY2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiaDBtZ3c0OHlocyIsImNwa3MiOnsiMjgiOiJlODVmMWI0ZTVjNDYzZTBmMWU3N2UxYTk3ZGZiZjEwYyIsIjI5IjoiNDY2NzE2ODQ3ZThkYWIzNWRmODMyMzcxOGQ2MzJkNGYifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImN0Ijp7ImlkIjozMTQzMjQ0LCJuIjoiT3NsbyJ9LCJyZyI6eyJpZCI6MTg0NCwibiI6Ik9zbG8gQ291bnR5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwiaXdmIjp0cnVlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZWtsdGVyc2FzLmxpZmUvcnFnZnIvNC82MDgwOC1rZWxseS1yb2hyYmFjaC1udWRlcyIsInR6IjoxLCJhciI6W119fQ.C_11MUdSo8_RHLhrkxzuHA8rPI7OXfbtQ5N1syxu0uA; uid_id2=3c6f4339-561e-4b31-ac77-01866d68159b:1:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1; u_pl27914224=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d80c3aa7f2cf87919b828edc3c5c9bc2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK","fqdn":"bjjhhi.flirtooffer.com","domain":"flirtooffer.com","tld":"com"},"ip":{"addr":"103.224.182.208","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T23:30:42.736Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /s/5df2314e7aee5?track=REANK HTTP/1.1\r\nHost: bjjhhi.flirtooffer.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\ndate: Thu, 18 Dec 2025 23:30:43 GMT\r\nserver: Apache\r\nset-cookie: __tad=1766100643.6019552; expires=Sun, 16 Dec 2035 23:30:43 GMT; Max-Age=315360000\r\nlocation: http://ww17.bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK\r\ncontent-length: 2\r\ncontent-type: text/html; charset=UTF-8\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":9641,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":966,"timings":{"blocked":381,"dns":216,"connect":165,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","fqdn":"findresultsspot.com","domain":"findresultsspot.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://ww17.bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK","date":"2025-12-18T23:30:44.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"findresultsspot.com","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 3","organization":"SSL Corporation"},"validity":{"start":"Wed, 26 Nov 2025 23:19:46 GMT","end":"Tue, 24 Feb 2026 23:28:19 GMT"},"fingerprint":{"sha1":"5A:BD:F8:D9:36:1F:4A:F5:E6:6C:46:4B:07:EC:2A:FC:37:71:64:E1","sha256":"5B:2A:EC:EC:D9:0C:4B:58:C8:A8:F0:F6:9D:F3:81:2E:78:DD:62:84:45:E8:C6:85:5D:99:A7:1C:CF:16:E1:4B"}}},"request":{"raw":"GET /sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1 HTTP/1.1\r\nHost: findresultsspot.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww17.bjjhhi.flirtooffer.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:44 GMT\r\ncontent-type: text/html\r\ncache-control: no-store, max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DtME7N3GB5t4phkQ3jreLFMtty%2BcG7UjUE7XBMqXAzitakx4YYS36Rdzfz8YzGwG3zVkROcX9Dp4ozhB%2FdAH6pVdcrlwgZ0DXYKxietvteIg\"}]}\r\nlink: \u003chttps://scripts.clarity.ms/0.8.45/clarity.js\u003e; rel=prefetch, \u003chttps://msadsscale.microsoft.com/bingads/telemetryJS.js\u003e; rel=prefetch, \u003chttps://www.clarity.ms\u003e; rel=dns-prefetch, \u003chttps://s.yimg.com/ds/scripts/selectTier-p1.1.0.js\u003e; rel=prefetch\r\nx-sc-h: 21-fz54\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b0273240b9a56ae-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67419,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (45949), with CRLF, LF line terminators","md5":"bdf5d8819770a1301b075a42c2f31b80","sha1":"22177b1463da9bdab817662a2de946976838749d","sha256":"957f3ea000a700815e99ec752fcc4b0e5c24b6bdce427b271193afce2a31d8e7","sha512":"3a58bae8567ef69725a77e082435856f4fda8b627003e37add9ffd7bf2835e82c73d228c2c3581b3d96bb7562a4cff34843aeea4bdf81dc925b8b61a7d3e7348","ssdeep":"1536:SO8N0Ik7SH3MMpiAFQ9vfeAwfoQPhCq675+55TY4iPRuvdru/Sx+rwB:Sfhk7SH3MMpiAFQ9vfeAwfoAJ5TYJJuv","tlshash":"ac6328cc34c27426177721a2413f3d0ef2aa15957a4e8c44e5f9e5a63d3ca9f8a23e4d","first_seen":"2025-12-18T23:31:11.646441Z","last_seen":"2025-12-18T23:31:11.646441Z","times_seen":1,"resource_available":false,"data":null}},"time_used":409,"timings":{"blocked":52,"dns":23,"connect":1,"send":0,"wait":305,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"addictedfastestgasp.com/4ee2db58adb8afc709a6004b40577412/invoke.js","fqdn":"addictedfastestgasp.com","domain":"addictedfastestgasp.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:39.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"addictedfastestgasp.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Dec 2025 20:41:42 GMT","end":"Sun, 15 Mar 2026 20:41:41 GMT"},"fingerprint":{"sha1":"FA:10:70:8B:46:78:70:BB:70:55:6D:EC:5C:02:13:DA:6C:66:52:8F","sha256":"D5:AB:30:60:27:A3:37:D7:5F:68:93:1E:6C:93:3E:79:23:9C:BC:B3:F5:45:F1:74:7D:FC:71:5B:9B:51:B6:B4"}}},"request":{"raw":"GET /4ee2db58adb8afc709a6004b40577412/invoke.js HTTP/1.1\r\nHost: addictedfastestgasp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:39 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 15954\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: addictedfastestgasp.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 442c30fd8bfef275094dbc8de71c4c9b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":43860,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (43858), with no line terminators","md5":"ce54b56622095db01a3f4ca53ceef7f5","sha1":"34fbc4a648eeed50673c7b203c7570d2e187fcd6","sha256":"f24ee0d432521724d3076ff256c8d83a2db58c558f2b3e27a6a1e9f4175bcdba","sha512":"1c1b6856b0f67c099327f634054104ed5e7ddd361584f0a70028855abb600cc761a7b9a16fba9b06afac7fe7f21ba38c41d28bac3a0637b3bd6563f4e39b85a4","ssdeep":"768:pLFPQVpOg0DGmXN43uQxjCoMSZR/IuVpPtyw4cLeJEOlhPs7YUMIwSQX:pQ0DR6fCoM4R/Zyw4UcUMIm","tlshash":"0213e79a7f91b5ac0376b47b143f922ef6399d0260c8c9acd103e8952f9ca48c53db59","first_seen":"2025-12-18T15:03:30.923837Z","last_seen":"2025-12-18T23:31:11.648351Z","times_seen":2,"resource_available":true,"data":null}},"time_used":834,"timings":{"blocked":322,"dns":41,"connect":92,"send":0,"wait":97,"receive":92,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"addictedfastestgasp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"addictedfastestgasp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/impr.gif?sid=H4sIAAAAAAAC_1RSz28bRRSebS0OpRIqBc4-AkLOrr2ObXpAhFIUEZI0DcoBcZidmXUGz-4sM7tex6eIIFRxQD5wAC5sPieNgIoffwAoOOWAKiHhEzk0EupfAEg9o3UtBZ4033tvvjl873vz0X52RhrI6On6W3oolaILzZpbfX5Lxlzntrq6WfXcmnutuiXjRf9adVCC6b_sNfya-0L1DcF6eqHueq7ruV71hjQi1IOFGQuZ3O14tY5b8-s1r-ljYP7f28yBpQ54_4w8DcmnTz0M34FkE8TR99eF7aU6een1KFM01QZ9fvR23It1HiM6L0PjIIyP5q-h7ZSQzy5Ax0fzCaD7B-UECOSUXHjuAYL4aC4TQf_wsdJAQcQI-JPI-xMINYGkEzC9B8l_JwDjWF1DHN1Z1SanO49ZWrJTUnn0D2Q-JZUHzyCOvl1SclC9pVWWSh1bDMICcjCB7E6QZCdIhw5kfgKWfgDJfyMLj1YQRwdrVmlIXsyml-EE1DrIyiMdZKGDLHEQ8dOq77Z95tHGYtjhrOX61Pe5CNxOu-66tMNayFgpa4Q0GYGpEZjZRWJ20ZMjmOwYdruA5Q5sOiXOzV30eYFcEOSWIKcEuSTIU4K8XxxyZeu2uMOVzQJvnuvz3CjGOu3u00OddkVMQM0IhhcHMnnf7oGlF8fD0PKxLoEGaTGmAS_2kzNypXTNObr8N3ritOoLUedBs0150KYha7kduui6fuC7zVbL9-qwsoC0F2aGDOWU3PzwChI5JZcf5gjoCaw6AZPPgmYeaF6AbhcYxt9ZGlnaE0ZGNSVDAa4LJGkF6Y6zr87I1fHG5tLxbH_v_vEzBLtP5gFmCiSmwHvyHkFX3R5v6JwcbOjckh_WklRGckjL3d5KaSqe-PpNsZNrw5ev29FXr7KSKMu7m8KmKzTmMu5a8s2S5FyYG9owQX5ctlsiWM_s9lJm4ixZWX_txnKUGGGt1PEEVE7Jpb8-BpNTcvWnL2f_tvnin2DJLmxyrtNqgiC5CCUJlDi_p0EB-58-OK_37W10TQU03UMcFeibAn1VgKoRbHZpnCbm_iu_fl7GFwhUZRwoUzkIlFGflj4dl3Bv5lgJv8DK02rYEHXmuu3Wotdoh8Jr-JyFzbbf4YvUbTQEUjuV1z8p_g0AAP__9Gyfr2kEAAA=","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSz28bRRSebS0OpRIqBc4-AkLOrr2ObXpAhFIUEZI0DcoBcZidmXUGz-4sM7tex6eIIFRxQD5wAC5sPieNgIoffwAoOOWAKiHhEzk0EupfAEg9o3UtBZ4033tvvjl873vz0X52RhrI6On6W3oolaILzZpbfX5Lxlzntrq6WfXcmnutuiXjRf9adVCC6b_sNfya-0L1DcF6eqHueq7ruV71hjQi1IOFGQuZ3O14tY5b8-s1r-ljYP7f28yBpQ54_4w8DcmnTz0M34FkE8TR99eF7aU6een1KFM01QZ9fvR23It1HiM6L0PjIIyP5q-h7ZSQzy5Ax0fzCaD7B-UECOSUXHjuAYL4aC4TQf_wsdJAQcQI-JPI-xMINYGkEzC9B8l_JwDjWF1DHN1Z1SanO49ZWrJTUnn0D2Q-JZUHzyCOvl1SclC9pVWWSh1bDMICcjCB7E6QZCdIhw5kfgKWfgDJfyMLj1YQRwdrVmlIXsyml-EE1DrIyiMdZKGDLHEQ8dOq77Z95tHGYtjhrOX61Pe5CNxOu-66tMNayFgpa4Q0GYGpEZjZRWJ20ZMjmOwYdruA5Q5sOiXOzV30eYFcEOSWIKcEuSTIU4K8XxxyZeu2uMOVzQJvnuvz3CjGOu3u00OddkVMQM0IhhcHMnnf7oGlF8fD0PKxLoEGaTGmAS_2kzNypXTNObr8N3ritOoLUedBs0150KYha7kduui6fuC7zVbL9-qwsoC0F2aGDOWU3PzwChI5JZcf5gjoCaw6AZPPgmYeaF6AbhcYxt9ZGlnaE0ZGNSVDAa4LJGkF6Y6zr87I1fHG5tLxbH_v_vEzBLtP5gFmCiSmwHvyHkFX3R5v6JwcbOjckh_WklRGckjL3d5KaSqe-PpNsZNrw5ev29FXr7KSKMu7m8KmKzTmMu5a8s2S5FyYG9owQX5ctlsiWM_s9lJm4ixZWX_txnKUGGGt1PEEVE7Jpb8-BpNTcvWnL2f_tvnin2DJLmxyrtNqgiC5CCUJlDi_p0EB-58-OK_37W10TQU03UMcFeibAn1VgKoRbHZpnCbm_iu_fl7GFwhUZRwoUzkIlFGflj4dl3Bv5lgJv8DK02rYEHXmuu3Wotdoh8Jr-JyFzbbf4YvUbTQEUjuV1z8p_g0AAP__9Gyfr2kEAAA= HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27725042=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: cb108d6fca5020d8caea5015aaee0842\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":564,"timings":{"blocked":276,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/sbar.json?key=380895734ef7979b147f5e53b15686f8\u0026uuid=b85291c7-edf7-4a12-bb4d-aabbf6d6d817%3A2%3A1","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:41.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /sbar.json?key=380895734ef7979b147f5e53b15686f8\u0026uuid=b85291c7-edf7-4a12-bb4d-aabbf6d6d817%3A2%3A1 HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ekltersas.life\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27725042=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:41 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4416\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ekltersas.life\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=b85291c7-edf7-4a12-bb4d-aabbf6d6d817:2:1; expires=Thu, 25 Dec 2025 23:30:41 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Fri, 19 Dec 2025 23:30:41 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Fri, 19 Dec 2025 23:30:41 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Fri, 19 Dec 2025 23:30:41 GMT; path=/; secure; SameSite=None\nu_pl27848932=1; expires=Fri, 19 Dec 2025 23:30:41 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 8\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 994e8071ca23649127a32ef907e4bf77\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5687,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"2bd5977aa155bca5f1c4f28651ac61c3","sha1":"3a5651b859481c47951c2a05dff6c0b242f30e36","sha256":"54426e1c9ebc43099fa63acad22956956fb3a7d7aee1fcdef50763b8c1840bb4","sha512":"15eea8814911528668bb072758d6403681e58bed98b2b39a32e5aaf170244dd6e6e486d2757a4dee3057e9b91c1a2ec761e1acd42b282058fd60caf7e92a511c","ssdeep":"96:9zYOD5oWZi8QPGwIpu07fe4xeGh62QnUfWPSpNi57Nk5mF+HlFLz+s0:9z1KWeGwIs0S4sGh624QoSK55k5F/2s0","tlshash":"0dc18ffb611e745527c7cc5d110b14f71cf69e0605fd8e894e8b11ae13532b29c4b066","first_seen":"2025-12-18T23:31:11.649909Z","last_seen":"2025-12-18T23:31:11.649909Z","times_seen":1,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":102,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","fqdn":"ekltersas.life","domain":"ekltersas.life","tld":"life"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T23:30:39.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ekltersas.life","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Dec 2025 21:40:24 GMT","end":"Mon, 16 Mar 2026 22:38:08 GMT"},"fingerprint":{"sha1":"4F:AC:EA:27:62:8F:3E:E4:FA:9B:D7:02:64:A9:58:2E:95:E6:09:E6","sha256":"76:12:28:F3:58:DD:7D:59:26:1D:C2:73:48:60:4C:72:38:03:78:3D:E6:66:BD:91:AB:51:F1:BD:44:C5:7F:88"}}},"request":{"raw":"GET /rqgfr/4/60808-kelly-rohrbach-nudes HTTP/1.1\r\nHost: ekltersas.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:39 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: BYPASS\r\nx-server-powered-by: Engintron\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wtNfexO56NqQPdR1CjJr1Jm9bEWoaiTmnUf6DY%2Fag6gJHP0SoI97kWr%2BBbDaQrKcXf%2FWOk5g%2B73oPeLyfioUjLjkTWiqvNtADFqqJ5Xo\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b0273026d3ac272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2916,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"968977e2c83b7b210bbdc47cee921105","sha1":"9540b5f60378aff57e3c4afaa092eb2da9ae5914","sha256":"4b3fc7d437f999e12d3a32df403b03a60d5a13f4ba0b90d0ca7dc95b681784fb","sha512":"f429e6aa37161aea97c182ee3511bb59244f971a56f923cb234eb1095936c08070cf326084ede66cf8ebe354e42354c44de338a5e72f8f6d10d76946256732ff","ssdeep":"","tlshash":"fd51b5069e9348341ce2665467b0e21834a2d9179657e89736ec8454cf40fcaac6bfdc","first_seen":"2025-12-18T23:31:11.652579Z","last_seen":"2025-12-18T23:31:11.652579Z","times_seen":1,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":49,"dns":29,"connect":1,"send":0,"wait":248,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pollingpayoff.com/a93e04098bdd2de81eb7af8dec828738/invoke.js","fqdn":"pollingpayoff.com","domain":"pollingpayoff.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:39.578Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pollingpayoff.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 02 Nov 2025 08:55:14 GMT","end":"Sat, 31 Jan 2026 08:55:13 GMT"},"fingerprint":{"sha1":"38:5B:48:3E:00:12:AD:10:A2:3C:02:44:3E:B3:D3:9A:27:40:80:DA","sha256":"37:82:4C:68:81:45:7A:17:A3:4D:CF:B6:A0:96:A0:57:C9:75:7A:02:C1:DB:19:42:C7:CC:1F:1D:82:A5:55:C4"}}},"request":{"raw":"GET /a93e04098bdd2de81eb7af8dec828738/invoke.js HTTP/1.1\r\nHost: pollingpayoff.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:39 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18549\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: pollingpayoff.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 026991bb9c7f8ceafb6567efc637f79d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46375,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46375), with no line terminators","md5":"41f5bd83bff8e3a0c9fdd86d1b433126","sha1":"e34a22682b936cc1bda7a1f87a046ae2b3a692dc","sha256":"89f5afb6f27231420de98571d2997697c0a60afa29eaf31bad338ca544b39cad","sha512":"67e9821bc88fcbd47be21e57df83e44f8deb8c158016dcf100232130ffe76414b7e21548e4cc3190656b7d682e5586d2fb9498c5acaa83ff9e8427355d3d3901","ssdeep":"768:dB2Ed/5+sNKlKMHLQTwkf0RCsYeLvLoK12G6FYc0CL2p:dB2EX+aMHLQTwkf0/LDLoK12tFYNec","tlshash":"f923fa5dbf92f006165f70b7372fa106b15a8c19680cd88cfa07fda46d68f45e837aa4","first_seen":"2025-12-10T17:32:58.69924Z","last_seen":"2025-12-29T22:56:57.646124Z","times_seen":58,"resource_available":true,"data":null}},"time_used":798,"timings":{"blocked":303,"dns":27,"connect":91,"send":0,"wait":96,"receive":91,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"pollingpayoff.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"pollingpayoff.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/8c/ef/5b/8cef5b6cd280bdae3f6f105d6e4e2a6d/1756662103.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.603Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/8c/ef/5b/8cef5b6cd280bdae3f6f105d6e4e2a6d/1756662103.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:40 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 53091\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:41:43 GMT\r\netag: \"68b48957-cf63\"\r\nexpires: Sat, 20 Dec 2025 23:30:40 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53091,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:35:05], progressive, precision 8, 320x240, components 3","md5":"fdb07c2afc692d63cbeb795f5801a46b","sha1":"294c000fc4d8e045eb5a79dbf33eaf434aa558c0","sha256":"fd2f69bf1ca00815fbf7d5c63d2ed44e4d490a0b068e1ea00054d75eff8c4c57","sha512":"10b6855380bd8863826f64ab3f9357687ab465d11345b5530dffa0f8444ab09f8681a3b4b66b64449e9acdfc0769812dac80a1cb8506d56eec9324934a93f7f7","ssdeep":"768:SvEiGvpoSwpYyhDzX1/V6UdlEnFa0oKt0m/gRYV1g6:Do79DLKupm//V1V","tlshash":"f733c0bab7449d73dce006b899b0ead233317651a35376117cec7b04bb24dba4dad421","first_seen":"2025-09-02T19:18:23.981517Z","last_seen":"2026-05-10T12:41:16.780599Z","times_seen":1374,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":56,"dns":1,"connect":19,"send":0,"wait":58,"receive":22,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/impr.gif?sid=H4sIAAAAAAAC_1RST28bxRuezc_6HUolVAqcfQSEnF17Hdv0gAilKCIkaRqUA-IwOzPrDJ7dWWZ2vY5PEUGo4oB84ABc2DxOGgEVfz4AKDjlgCoh4RM5NJfyBQCpZ7SupcArzfO-7zxzeN7nnQ8PsnPSQEbPNt7UQ6kUXWzW3Opz2zLmOrfVta2q59bca9VtGS_516qDEkz_Ja_h19znq68L1tOLdddzXc_1qjekEaEeLM5YyORux6t13Jpfr3lNHwPz395mDix1wPvn5ClIPn3yYfg2JJsgjr67Lmwv1cmLr0WZoqk26PPjt-JerPMY0UUZGgdhfDx_DW2nhHy6AB0fzyeA7h-WEyCQU7Lw7AME8fFcJoL-0WOlgYKIEfAnkPcnEGoCSSdgeh-S_0YAxrG2jji6s6ZNTncfs7Rkp6Ty6G_IfEoqD55GHH2zrOSgekurLJU6thiEBeRgAtmdIMlOkQ4dyPwULH0fkv9KFh-tIo4O163SkLyYTS_DCah1kJVHOshCB1niIOJnVd9t-8yjjaWww1nL9anvcxG4nXbddWmHtZCxUtYIaTICUyMws4fE7KEnRzDZCexOAcsd2HRKnJt76PMCuSDILUFOCXJJkKcEeb844srWbXGHK5sF3jzX57lRjHXaPaBHOu2KmICaEQwvDmXynt0HS_83HoaWj3UJNEiLMQ14cZCckyula87x5b_QE2dVX4g6D5ptyoM2DVnL7dAl1_UD3222Wr5Xh5UFpF2YGTKUU3LzgytI5JRcfpgjoKew6hRMPgOaeaB5AbpTYBh_a2lkaU8YGdWUDAW4LpCkFaS7zoE6J1fHm1vLJ7P9vfP7PQh2n8wDzBRITIF35T2Crro93tQ5OdzUuSXfryepjOSQlru9ldJU_P-rN8Rurg1fuW5HX77CSqIs724Jm67SmMu4a8nXy5JzYW5owwT5YcVui2AjszvLmYmzZHXj1RsrUWKEtVLHE1A5JZf-_AhMTsnVH7-Y_dvmC3-AJXuwyYVOqwmCZAFKEihxcU-DAvZffXBRH9jb6JoKaLqPOCrQNwX6qgBVI9js0jhNzP2Xf_msjM8RqMo4UKZyGCijPil9OpmZVcJPJfwMK8-qYUPUmeu2W0teox0Kr-FzFjbbfocvUbfREEjtVF7_uPgnAAD__0pGWrJpBAAA","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RST28bxRuezc_6HUolVAqcfQSEnF17Hdv0gAilKCIkaRqUA-IwOzPrDJ7dWWZ2vY5PEUGo4oB84ABc2DxOGgEVfz4AKDjlgCoh4RM5NJfyBQCpZ7SupcArzfO-7zxzeN7nnQ8PsnPSQEbPNt7UQ6kUXWzW3Opz2zLmOrfVta2q59bca9VtGS_516qDEkz_Ja_h19znq68L1tOLdddzXc_1qjekEaEeLM5YyORux6t13Jpfr3lNHwPz395mDix1wPvn5ClIPn3yYfg2JJsgjr67Lmwv1cmLr0WZoqk26PPjt-JerPMY0UUZGgdhfDx_DW2nhHy6AB0fzyeA7h-WEyCQU7Lw7AME8fFcJoL-0WOlgYKIEfAnkPcnEGoCSSdgeh-S_0YAxrG2jji6s6ZNTncfs7Rkp6Ty6G_IfEoqD55GHH2zrOSgekurLJU6thiEBeRgAtmdIMlOkQ4dyPwULH0fkv9KFh-tIo4O163SkLyYTS_DCah1kJVHOshCB1niIOJnVd9t-8yjjaWww1nL9anvcxG4nXbddWmHtZCxUtYIaTICUyMws4fE7KEnRzDZCexOAcsd2HRKnJt76PMCuSDILUFOCXJJkKcEeb844srWbXGHK5sF3jzX57lRjHXaPaBHOu2KmICaEQwvDmXynt0HS_83HoaWj3UJNEiLMQ14cZCckyula87x5b_QE2dVX4g6D5ptyoM2DVnL7dAl1_UD3222Wr5Xh5UFpF2YGTKUU3LzgytI5JRcfpgjoKew6hRMPgOaeaB5AbpTYBh_a2lkaU8YGdWUDAW4LpCkFaS7zoE6J1fHm1vLJ7P9vfP7PQh2n8wDzBRITIF35T2Crro93tQ5OdzUuSXfryepjOSQlru9ldJU_P-rN8Rurg1fuW5HX77CSqIs724Jm67SmMu4a8nXy5JzYW5owwT5YcVui2AjszvLmYmzZHXj1RsrUWKEtVLHE1A5JZf-_AhMTsnVH7-Y_dvmC3-AJXuwyYVOqwmCZAFKEihxcU-DAvZffXBRH9jb6JoKaLqPOCrQNwX6qgBVI9js0jhNzP2Xf_msjM8RqMo4UKZyGCijPil9OpmZVcJPJfwMK8-qYUPUmeu2W0teox0Kr-FzFjbbfocvUbfREEjtVF7_uPgnAAD__0pGWrJpBAAA HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27725042=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 06e8250a84dbf6e9144bb6191844086a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":539,"timings":{"blocked":257,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/ren.gif?sid=H4sIAAAAAAAC_1RTz4scRRSu3gQvCpL44yYMKKLgzvav6ZkxB3GNkWBMYhLJIQep6qreLae6q63qnp7MKRiVnGS8BU8938zu-mPxxx8ghFlvASEjCHvIXvInCDnLzA6svsN73_u-Pnzv9auvx-URCVDSw6sf6aFUim60mm7jjZsy47qyjcs3Gp7bdM81bsosCs81Botk-m97Qdh032x8IOKe3vBdz3U912tckEYkerCxVCHz_a7X7LrN0G96rRAD8__elmuw1AHvH5GzkHz-_JPkFmQ8Q5b-el7YXqHzt95PS0ULbdDne59kvUxXGdITmBgHSba3-hrazgm5vwad7a0mgO5PFxOAyTlZe_kxWLa3sgnW3zl2yhREBsafRdWfQagZJJ0h1nch-SMCxByXryBLdy9rU9HbxypdqHNy-uk_kNWcnH78IrL0500lB43rWpWF1JnFIKkhBzPIrRny8gDF0IGsDhAXX0DyP8nG00vI0ukVqzQkP3yNdVp-14vb64In7fWQev46YyFfp5SxJOIR73jt5YpkMgO1ayitg1I6KBMHZe4g5YeN0O2EsUeDKOnyuO2GNAy5YG6347su7cZtlPHC-whFPkKsRojNV_vlp7ny210v9P1w7O3mfLvo9aeFKcW0zGI79r4_pvxgSe4uSD8Ye8jNHfTkCKZ8ALtdw3IHtiDo8xqVIKgsQUUJKklQFQRVv97hyvq23uXKlsxbVX9Vg3qii60x3dHFlsgIqBnB8Hoq88_tXcTFqckwsXyiF4myop5QxutxfkTOLP6Hs3__dfTEYSOMorYXdcK26HDKghZPOoEftL0OjwKfhwmsrCHtGqh1MJRz8vGXZ5DLOXnuSQVGD2DVAWL5Emj5CmhVg27XGGa_WJpa2hNGpk0lEwGua-TFaRS3nbE6Ii9Mrt3YfLC8jFvO3xDxQ7IKxKZGbmp8Jv8g2FL3Jtd0RabXdGXJb1fyQqZySBdXc72ghXjmxw_F7UobfvG8Hf3wbrwQFnD_hrDFJZpxmW1Z8tOm5FyYC9rEgvx-0d4U7GpptzdLk5X5pavvXbiY5kZYK3U2A5WPXvURyzk5-51Yvofgzi3E-R3Y_MSl1QQsd6AkgRInPGU17H96doLH9h62jANa3EWW1uibGn1Vg6oRbHlqUuTm4Tt_BcsAU86EKeNMmTLq2-MtWXnYaPksiDqdSCQRTwIe-AHvtlzRDWk3CrthC4Wdy_PfjP8NAAD___DptZWyBAAA","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:41.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTz4scRRSu3gQvCpL44yYMKKLgzvav6ZkxB3GNkWBMYhLJIQep6qreLae6q63qnp7MKRiVnGS8BU8938zu-mPxxx8ghFlvASEjCHvIXvInCDnLzA6svsN73_u-Pnzv9auvx-URCVDSw6sf6aFUim60mm7jjZsy47qyjcs3Gp7bdM81bsosCs81Botk-m97Qdh032x8IOKe3vBdz3U912tckEYkerCxVCHz_a7X7LrN0G96rRAD8__elmuw1AHvH5GzkHz-_JPkFmQ8Q5b-el7YXqHzt95PS0ULbdDne59kvUxXGdITmBgHSba3-hrazgm5vwad7a0mgO5PFxOAyTlZe_kxWLa3sgnW3zl2yhREBsafRdWfQagZJJ0h1nch-SMCxByXryBLdy9rU9HbxypdqHNy-uk_kNWcnH78IrL0500lB43rWpWF1JnFIKkhBzPIrRny8gDF0IGsDhAXX0DyP8nG00vI0ukVqzQkP3yNdVp-14vb64In7fWQev46YyFfp5SxJOIR73jt5YpkMgO1ayitg1I6KBMHZe4g5YeN0O2EsUeDKOnyuO2GNAy5YG6347su7cZtlPHC-whFPkKsRojNV_vlp7ny210v9P1w7O3mfLvo9aeFKcW0zGI79r4_pvxgSe4uSD8Ye8jNHfTkCKZ8ALtdw3IHtiDo8xqVIKgsQUUJKklQFQRVv97hyvq23uXKlsxbVX9Vg3qii60x3dHFlsgIqBnB8Hoq88_tXcTFqckwsXyiF4myop5QxutxfkTOLP6Hs3__dfTEYSOMorYXdcK26HDKghZPOoEftL0OjwKfhwmsrCHtGqh1MJRz8vGXZ5DLOXnuSQVGD2DVAWL5Emj5CmhVg27XGGa_WJpa2hNGpk0lEwGua-TFaRS3nbE6Ii9Mrt3YfLC8jFvO3xDxQ7IKxKZGbmp8Jv8g2FL3Jtd0RabXdGXJb1fyQqZySBdXc72ghXjmxw_F7UobfvG8Hf3wbrwQFnD_hrDFJZpxmW1Z8tOm5FyYC9rEgvx-0d4U7GpptzdLk5X5pavvXbiY5kZYK3U2A5WPXvURyzk5-51Yvofgzi3E-R3Y_MSl1QQsd6AkgRInPGU17H96doLH9h62jANa3EWW1uibGn1Vg6oRbHlqUuTm4Tt_BcsAU86EKeNMmTLq2-MtWXnYaPksiDqdSCQRTwIe-AHvtlzRDWk3CrthC4Wdy_PfjP8NAAD___DptZWyBAAA HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkxNDIyNCwiayI6ImE5M2UwNDA5OGJkZDJkZTgxZWI3YWY4ZGVjODI4NzM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MzQyMjI1LCJwaWQiOjg0NDY2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiaDBtZ3c0OHlocyIsImNwa3MiOnsiMjgiOiJlODVmMWI0ZTVjNDYzZTBmMWU3N2UxYTk3ZGZiZjEwYyIsIjI5IjoiNDY2NzE2ODQ3ZThkYWIzNWRmODMyMzcxOGQ2MzJkNGYifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImN0Ijp7ImlkIjozMTQzMjQ0LCJuIjoiT3NsbyJ9LCJyZyI6eyJpZCI6MTg0NCwibiI6Ik9zbG8gQ291bnR5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwiaXdmIjp0cnVlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZWtsdGVyc2FzLmxpZmUvcnFnZnIvNC82MDgwOC1rZWxseS1yb2hyYmFjaC1udWRlcyIsInR6IjoxLCJhciI6W119fQ.C_11MUdSo8_RHLhrkxzuHA8rPI7OXfbtQ5N1syxu0uA; uid_id2=b85291c7-edf7-4a12-bb4d-aabbf6d6d817:2:1; pdhtkv=true; uncs=2; pdhtkv23=true; uncs23=1; u_pl27914224=1; pdhtkv29=true; uncs29=1; u_pl28088358=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:41 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6c28291acc97c68cd48dd705bb260518\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/ntv.json?key=4ee2db58adb8afc709a6004b40577412\u0026vstc=4\u0026rb=","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /ntv.json?key=4ee2db58adb8afc709a6004b40577412\u0026vstc=4\u0026rb= HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ekltersas.life\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: application/json\r\nContent-Length: 7650\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ekltersas.life\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: pdhtkv=true; expires=Fri, 19 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Fri, 19 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Fri, 19 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Fri, 19 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\nu_pl27725042=1; expires=Fri, 19 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 7\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7e22cb6268c11aaf7a726dcaf5487aa7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":15490,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ed28d908bbdcbebed60c7a0a6f3c127e","sha1":"137c7a313099fb99e84688851a22ff817d01650e","sha256":"c1eeaa633274831815716e89b10e027d2cb7f9cbfeff743cdbdc4564f262da67","sha512":"53fe39eb6c5dbc128f37a89b9931106781019498773e81896ac93133b7f36186c56669ce5004f04fa99cef35cb1cd1ca1b5a62a3eb48f1da770f3696c5c27b9b","ssdeep":"384:8NG8xnGbooG8uExYLxqBgy7YLxqZOxzxzN6ExzxzT5khyFZ7DVhPJ:8/n/dExYlquy7YlqZc1zD1z9khyf7DVv","tlshash":"e8629ebd25cc19b64fbc217dbdfb6a4d0e09333fe8e86988256d81654e19126532f838","first_seen":"2025-12-18T23:31:11.656781Z","last_seen":"2025-12-18T23:31:11.656781Z","times_seen":1,"resource_available":false,"data":null}},"time_used":724,"timings":{"blocked":311,"dns":27,"connect":93,"send":0,"wait":103,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/ren.gif?sid=H4sIAAAAAAAC_1RST28bxRue7c_6HUolVAqc9wgIObv22rHpARFKUERI0jQoB8RhdmfWGTy7s8zseh2fIoJQxQH5wAG4sHmcNAIq_nwAUHDKAVVCYk_k0AipnwCQekbrWgq80jzv-84zh-d93vnwIDsnTWT0bONNNRJS0oVW3bGf2xYxU7mx17Zs16k71-1tEbe96_awAj14yW16ded5-3Ue9NVCw3Edx3Vce1loHqrhwoyFSO523XrXqXuNutvyMNT_7U1mwVALbHBOnoJg5ZMPw7chgini6Lsb3PRTlbz4WpRJmiqNATt-K-7HKo8RXZShthDGx_PXUKYk5NNLUPHxfAKowWE1AXxRkkvPPoAfH89lwh8cPVbqS_AYPnsC-WAKLqcQdIpA7UOw3wgQMKytI47urCmd093HLK3YktQe_Q2Rl6T24GnE0TdLUgztW0pmqVCxwTAsIIZTiN4USXaKdGRB5KcI0vch2K9k4dEq4uhw3UgFwYrZ9CKcghoLWXWEhSy0kCUWInZme07HC1zabIddFiw6HvU8xn2n22k4Du0Gi8iCStYYaTJGIMcI9B4SvYe-GENnJzA7BQyzYNKSWDf3MGAFck6QG4KcEuSCIE8J8kFxxKRpmOIOkybz3XluzHOzmKi0d0CPVNrjMQHVY2hWHIrkPbOPIP3fZBQaNlEVUD8tJtRnxUFyTq5WrlnHV_5Cn5_ZHucN5rc6lPkdGgaLTpe2HcfzPae1uOi5DRhRQJhLM0NGoiQ3P7iKRJTkysMcPj2FkacIxDOgmQuaF6A7BUbxt4ZGhva5FlFdipCDqQJJWkO6ax3Ic3Jtsrm1dDLb3zu_n4AH98k8EOgCiS7wrrhH0JO3J5sqJ4ebKjfk-_UkFZEY0Wq3t1Ka8v9_9QbfzZVmKzfM-MtXgoqoyrtb3KSrNGYi7hny9ZJgjOtlpQNOflgx29zfyMzOUqbjLFndeHV5JUo0N0aoeAoqSnL5z48QiJJc-_GL2b9tvfAHgmQPJrnQaRSBn1iQgkDyi3vqFzD_6v2L-sDcRk_XQNN9xFGBgS4wkAWoHMNklydpou-__MtnVXwOX9YmvtS1Q19q-cnMpwruVfBTBT_DiDO71fCb7U6nzcM2C5us2WiybsvhXY92217XayE1pbjxcfFPAAAA__89lVEdaQQAAA==","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.574Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RST28bxRue7c_6HUolVAqc9wgIObv22rHpARFKUERI0jQoB8RhdmfWGTy7s8zseh2fIoJQxQH5wAG4sHmcNAIq_nwAUHDKAVVCYk_k0AipnwCQekbrWgq80jzv-84zh-d93vnwIDsnTWT0bONNNRJS0oVW3bGf2xYxU7mx17Zs16k71-1tEbe96_awAj14yW16ded5-3Ue9NVCw3Edx3Vce1loHqrhwoyFSO523XrXqXuNutvyMNT_7U1mwVALbHBOnoJg5ZMPw7chgini6Lsb3PRTlbz4WpRJmiqNATt-K-7HKo8RXZShthDGx_PXUKYk5NNLUPHxfAKowWE1AXxRkkvPPoAfH89lwh8cPVbqS_AYPnsC-WAKLqcQdIpA7UOw3wgQMKytI47urCmd093HLK3YktQe_Q2Rl6T24GnE0TdLUgztW0pmqVCxwTAsIIZTiN4USXaKdGRB5KcI0vch2K9k4dEq4uhw3UgFwYrZ9CKcghoLWXWEhSy0kCUWInZme07HC1zabIddFiw6HvU8xn2n22k4Du0Gi8iCStYYaTJGIMcI9B4SvYe-GENnJzA7BQyzYNKSWDf3MGAFck6QG4KcEuSCIE8J8kFxxKRpmOIOkybz3XluzHOzmKi0d0CPVNrjMQHVY2hWHIrkPbOPIP3fZBQaNlEVUD8tJtRnxUFyTq5WrlnHV_5Cn5_ZHucN5rc6lPkdGgaLTpe2HcfzPae1uOi5DRhRQJhLM0NGoiQ3P7iKRJTkysMcPj2FkacIxDOgmQuaF6A7BUbxt4ZGhva5FlFdipCDqQJJWkO6ax3Ic3Jtsrm1dDLb3zu_n4AH98k8EOgCiS7wrrhH0JO3J5sqJ4ebKjfk-_UkFZEY0Wq3t1Ka8v9_9QbfzZVmKzfM-MtXgoqoyrtb3KSrNGYi7hny9ZJgjOtlpQNOflgx29zfyMzOUqbjLFndeHV5JUo0N0aoeAoqSnL5z48QiJJc-_GL2b9tvfAHgmQPJrnQaRSBn1iQgkDyi3vqFzD_6v2L-sDcRk_XQNN9xFGBgS4wkAWoHMNklydpou-__MtnVXwOX9YmvtS1Q19q-cnMpwruVfBTBT_DiDO71fCb7U6nzcM2C5us2WiybsvhXY92217XayE1pbjxcfFPAAAA__89lVEdaQQAAA== HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27725042=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6d9d3ed5bc863b5a7f50ed1e16e3c148\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 174bf46c640e968f8c6273ddbb47a342\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-10T16:36:43.095517Z","times_seen":15813,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":0,"dns":0,"connect":21,"send":0,"wait":19,"receive":18,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.no/ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-KJ4T538TS5\u0026cid=1834062265.1766100640\u0026gtm=45je5ca1v9118348237za200zd9118348237\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3l3l2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=103116026~103200004~104527906~104528501~104684208~104684211~105391252~115583767~115938466~115938468~116184927~116184929~116251938~116251940~116682877\u0026z=1986443226","fqdn":"www.google.no","domain":"google.no","tld":"no"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.no","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:59:28 GMT","end":"Wed, 25 Feb 2026 15:59:27 GMT"},"fingerprint":{"sha1":"26:28:32:29:0D:EC:7C:A6:70:C6:B4:55:22:40:CC:C6:C2:BE:44:6D","sha256":"BA:6B:58:64:89:F9:73:7D:3A:37:E9:08:D4:E1:6A:49:39:B9:EF:6C:43:F6:DC:F5:92:3D:2C:1E:95:7E:10:94"}}},"request":{"raw":"GET /ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-KJ4T538TS5\u0026cid=1834062265.1766100640\u0026gtm=45je5ca1v9118348237za200zd9118348237\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3l3l2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=103116026~103200004~104527906~104528501~104684208~104684211~105391252~115583767~115938466~115938468~116184927~116184929~116251938~116251940~116682877\u0026z=1986443226 HTTP/1.1\r\nHost: www.google.no\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Thu, 18 Dec 2025 23:30:41 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-05-10T16:28:06.972261Z","times_seen":870484,"resource_available":true,"data":null}},"time_used":347,"timings":{"blocked":146,"dns":3,"connect":28,"send":0,"wait":51,"receive":0,"ssl":116},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/38/08/95/380895734ef7979b147f5e53b15686f8.js","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.117Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /38/08/95/380895734ef7979b147f5e53b15686f8.js HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 30206\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7ba0bcbcbf3d195a406da139fec748da\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78852,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6cb5965fb2620a4fe29fc1f4d73f2844","sha1":"44cb19a3d596369bc0728feccb083d3ecbc844af","sha256":"c512d654942622780cd02123a55d072215d86a130b85da4aa7418adb75e33f70","sha512":"fa6108222bcdcd8a2d3eb21e2f877422b1916e5ccdfa44c855f1fd9ae58636b1cd6323112bac97b97f6fb130e87d423219d843eed251bc4ee14f2ef56616bc2f","ssdeep":"1536:H9yUBg8XFOUGcAVTesz3WArOwlNyBv77NzxpQ2jFFwTnjII:H3B91c3pUhxpJwXII","tlshash":"a57309487f42b16b5352a073627fd047f0256f1261ecd498d123e6a86f6c33af636b98","first_seen":"2025-12-18T15:03:30.926664Z","last_seen":"2025-12-18T23:31:11.660144Z","times_seen":2,"resource_available":true,"data":null}},"time_used":795,"timings":{"blocked":302,"dns":26,"connect":91,"send":0,"wait":97,"receive":92,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/sbar.json?key=466716847e8dab35df8323718d632d4f\u0026uuid=b85291c7-edf7-4a12-bb4d-aabbf6d6d817%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:41.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /sbar.json?key=466716847e8dab35df8323718d632d4f\u0026uuid=b85291c7-edf7-4a12-bb4d-aabbf6d6d817%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ekltersas.life\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkxNDIyNCwiayI6ImE5M2UwNDA5OGJkZDJkZTgxZWI3YWY4ZGVjODI4NzM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MzQyMjI1LCJwaWQiOjg0NDY2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiaDBtZ3c0OHlocyIsImNwa3MiOnsiMjgiOiJlODVmMWI0ZTVjNDYzZTBmMWU3N2UxYTk3ZGZiZjEwYyIsIjI5IjoiNDY2NzE2ODQ3ZThkYWIzNWRmODMyMzcxOGQ2MzJkNGYifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImN0Ijp7ImlkIjozMTQzMjQ0LCJuIjoiT3NsbyJ9LCJyZyI6eyJpZCI6MTg0NCwibiI6Ik9zbG8gQ291bnR5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwiaXdmIjp0cnVlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZWtsdGVyc2FzLmxpZmUvcnFnZnIvNC82MDgwOC1rZWxseS1yb2hyYmFjaC1udWRlcyIsInR6IjoxLCJhciI6W119fQ.C_11MUdSo8_RHLhrkxzuHA8rPI7OXfbtQ5N1syxu0uA; uid_id2=3c6f4339-561e-4b31-ac77-01866d68159b:1:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1; u_pl27914224=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:41 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4569\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ekltersas.life\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=b85291c7-edf7-4a12-bb4d-aabbf6d6d817:2:1; expires=Thu, 25 Dec 2025 23:30:41 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Fri, 19 Dec 2025 23:30:41 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Fri, 19 Dec 2025 23:30:41 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Fri, 19 Dec 2025 23:30:41 GMT; path=/; secure; SameSite=None\nu_pl28088358=1; expires=Fri, 19 Dec 2025 23:30:41 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 11\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 036c1df8d66cbe802f9aba0dd868a758\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5884,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"36bd833681bf62a51c6ca5f41011cf57","sha1":"498b3d562ca6d69800c25b01cf29d6fdeb005adc","sha256":"551b6653982fad85a35d175e4f01f63c7bf5b3accf9929c06d750384d967036c","sha512":"2706a8baea20f9d0c67701d236ad830b541c714265b0ab3d88506d3133b567c80a3f6784b96f6dd49e11f1695e539581b339b6c858b03260c86fc68e05eb9bb5","ssdeep":"96:9za+7ixP/5NCAPpz5dZK15/E4dEgGQXbyHdupELQLVUHKdlG9hNS6f3sO:9zmNzPZ5dZK3/hEgFrKupiq5vGT3sO","tlshash":"25c1afbc7dd722b54eee2ea2980668decd568d5aaed01728420dc3cf39130df2d54c18","first_seen":"2025-12-18T23:31:11.66186Z","last_seen":"2025-12-18T23:31:11.66186Z","times_seen":1,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/ren.gif?sid=H4sIAAAAAAAC_1RST28bxRuezc_6HUolVAqc9wgIObv22rHpARFKUURI0jQoB8RhdmfWGTy7s8zseh2fIoJQxQH5wAG4sHmcNAIq_nwAUHDKAVVCYk_k0FzKFwCkntG6lgKvNM_7vvPM4Xmfdz48yM5JExk923hTjYSUdLFVd-zntkXMVG7stS3bderONXtbxG3vmj2sQA9ecpte3Xnefp0HfbXYcFzHcR3XviE0D9VwccZCJHe7br3r1L1G3W15GOr_9iazYKgFNjgnT0Gw8smH4dsQwRRx9N11bvqpSl58LcokTZXGgB2_FfdjlceILspQWwjj4_lrKFMS8ukCVHw8nwBqcFhNAF-UZOHZB_Dj47lM-IOjx0p9CR7DZ08gH0zB5RSCThGofQj2GwEChrV1xNGdNaVzuvuYpRVbktqjvyHyktQePI04-mZZiqF9S8ksFSo2GIYFxHAK0ZsiyU6RjiyI_BRB-j4E-5UsPlpFHB2uG6kgWDGbXoRTUGMhq46wkIUWssRCxM5sz-l4gUub7bDLgiXHo57HuO90Ow3Hod1gCVlQyRojTcYI5BiB3kOi99AXY-jsBGangGEWTFoS6-YeBqxAzglyQ5BTglwQ5ClBPiiOmDQNU9xh0mS-O8-NeW4WE5X2DuiRSns8JqB6DM2KQ5G8Z_YRpP-bjELDJqoC6qfFhPqsOEjOyZXKNev48l_o8zPb47zB_FaHMr9Dw2DJ6dK243i-57SWljy3ASMKCLMwM2QkSnLzgytIREkuP8zh01MYeYpAPAOauaB5AbpTYBR_a2hkaJ9rEdWlCDmYKpCkNaS71oE8J1cnm1vLJ7P9vfP7PfDgPpkHAl0g0QXeFfcIevL2ZFPl5HBT5YZ8v56kIhIjWu32VkpT_v-v3uC7udJs5boZf_lKUBFVeXeLm3SVxkzEPUO-XhaMcX1D6YCTH1bMNvc3MrOznOk4S1Y3Xr2xEiWaGyNUPAUVJbn050cIREmu_vjF7N-2XvgDQbIHk1zoNIrATxYgBYHkF_fUL2D-1fsX9YG5jZ6ugab7iKMCA11gIAtQOYbJLk3SRN9_-ZfPqvgcvqxNfKlrh77U8pPKp5OZWRX8VMHPMOLMbjX8ZrvTafOwzcImazaarNtyeNej3bbX9VpITSmuf1z8EwAA__-2LspsaQQAAA==","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RST28bxRuezc_6HUolVAqc9wgIObv22rHpARFKUURI0jQoB8RhdmfWGTy7s8zseh2fIoJQxQH5wAG4sHmcNAIq_nwAUHDKAVVCYk_k0FzKFwCkntG6lgKvNM_7vvPM4Xmfdz48yM5JExk923hTjYSUdLFVd-zntkXMVG7stS3bderONXtbxG3vmj2sQA9ecpte3Xnefp0HfbXYcFzHcR3XviE0D9VwccZCJHe7br3r1L1G3W15GOr_9iazYKgFNjgnT0Gw8smH4dsQwRRx9N11bvqpSl58LcokTZXGgB2_FfdjlceILspQWwjj4_lrKFMS8ukCVHw8nwBqcFhNAF-UZOHZB_Dj47lM-IOjx0p9CR7DZ08gH0zB5RSCThGofQj2GwEChrV1xNGdNaVzuvuYpRVbktqjvyHyktQePI04-mZZiqF9S8ksFSo2GIYFxHAK0ZsiyU6RjiyI_BRB-j4E-5UsPlpFHB2uG6kgWDGbXoRTUGMhq46wkIUWssRCxM5sz-l4gUub7bDLgiXHo57HuO90Ow3Hod1gCVlQyRojTcYI5BiB3kOi99AXY-jsBGangGEWTFoS6-YeBqxAzglyQ5BTglwQ5ClBPiiOmDQNU9xh0mS-O8-NeW4WE5X2DuiRSns8JqB6DM2KQ5G8Z_YRpP-bjELDJqoC6qfFhPqsOEjOyZXKNev48l_o8zPb47zB_FaHMr9Dw2DJ6dK243i-57SWljy3ASMKCLMwM2QkSnLzgytIREkuP8zh01MYeYpAPAOauaB5AbpTYBR_a2hkaJ9rEdWlCDmYKpCkNaS71oE8J1cnm1vLJ7P9vfP7PfDgPpkHAl0g0QXeFfcIevL2ZFPl5HBT5YZ8v56kIhIjWu32VkpT_v-v3uC7udJs5boZf_lKUBFVeXeLm3SVxkzEPUO-XhaMcX1D6YCTH1bMNvc3MrOznOk4S1Y3Xr2xEiWaGyNUPAUVJbn050cIREmu_vjF7N-2XvgDQbIHk1zoNIrATxYgBYHkF_fUL2D-1fsX9YG5jZ6ugab7iKMCA11gIAtQOYbJLk3SRN9_-ZfPqvgcvqxNfKlrh77U8pPKp5OZWRX8VMHPMOLMbjX8ZrvTafOwzcImazaarNtyeNej3bbX9VpITSmuf1z8EwAA__-2LspsaQQAAA== HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27725042=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: dbbc87272e6176cc9d5ebf48abd557ec\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":127,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/ren.gif?sid=H4sIAAAAAAAC_1RSP28jxRuevZ_1K46T0HFAvSUg5Ozaa8fmCkQIQREhyeWCUiCK2Z1ZZ_DszjKz63VcRQShEwVyQQE0bB4nFwEn_nwAUHCOAp2ExFakuDQnPgAgXY02sRR4pXne951niud93vlwPzsjTWT0dP1NNRJS0rlW3bGf2xIxU7mxVzdt16k7N-0tEbe9m_awAj14yW16ded5-3Ue9NVcw3Edx3Vce0loHqrh3DkLkdzruvWuU_cadbflYaj_25vMgqEW2OCMPAXByicfhW9DBFPE0XeL3PRTlbz4WpRJmiqNATt6K-7HKo8RXZahthDGR7PXUKYk5NMrUPHRbAKowUE1AXxRkivPPoQfH81kwh8cXij1JXgMnz2BfDAFl1MIOkWg9iDYbwQIGFbXEEd3V5XO6c4FSyu2JLXHf0PkJak9fBpx9M2CFEP7tpJZKlRsMAwLiOEUojdFkp0gHVkQ-QmC9H0I9iuZe7yCODpYM1JBsOJ8ehFOQY2FrDrCQhZayBILETu1PafjBS5ttsMuC-Ydj3oe477T7TQch3aDeWRBJWuMNBkjkGMEeheJ3kVfjKGzY5jtAoZZMGlJrFu7GLACOSfIDUFOCXJBkKcE-aA4ZNI0THGXSZP57iw3ZrlZTFTa26eHKu3xmIDqMTQrDkTyntlDkP5vMgoNm6gKqJ8WE-qzYj85I9cr16yja3-hz09tj_MG81sdyvwODYN5p0vbjuP5ntOan_fcBowoIMyVc0NGoiS3PriORJTk2qMcPj2BkScIxDOgmQuaF6DbBUbxt4ZGhva5FlFdipCDqQJJWkO6Y-3LM3JjsrG5cHy-v3d-_xk8eEBmgUAXSHSBd8V9gp68M9lQOTnYULkh368lqYjEiFa7vZ3SlP__qzf4Tq40W1404y9fCSqiKu9tcpOu0JiJuGfI1wuCMa6XlA44-WHZbHF_PTPbC5mOs2Rl_dWl5SjR3Bih4imoKMnVPz9CIEpy48cvzv9t64U_ECS7MMmlTqMI_KQGKQgkv7ynfgHzr96_rPfNHfR0DTTdQxwVGOgCA1mAyjFMdnWSJvrBy798VsXn8GVt4ktdO_Cllp9UPh1XcL-Cny5sM-LUbjX8ZrvTafOwzcImazaarNtyeNej3bbX9VpITSkWPy7-CQAA__9gHGr6aQQAAA==","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSP28jxRuevZ_1K46T0HFAvSUg5Ozaa8fmCkQIQREhyeWCUiCK2Z1ZZ_DszjKz63VcRQShEwVyQQE0bB4nFwEn_nwAUHCOAp2ExFakuDQnPgAgXY02sRR4pXne951niud93vlwPzsjTWT0dP1NNRJS0rlW3bGf2xIxU7mxVzdt16k7N-0tEbe9m_awAj14yW16ded5-3Ue9NVcw3Edx3Vce0loHqrh3DkLkdzruvWuU_cadbflYaj_25vMgqEW2OCMPAXByicfhW9DBFPE0XeL3PRTlbz4WpRJmiqNATt6K-7HKo8RXZahthDGR7PXUKYk5NMrUPHRbAKowUE1AXxRkivPPoQfH81kwh8cXij1JXgMnz2BfDAFl1MIOkWg9iDYbwQIGFbXEEd3V5XO6c4FSyu2JLXHf0PkJak9fBpx9M2CFEP7tpJZKlRsMAwLiOEUojdFkp0gHVkQ-QmC9H0I9iuZe7yCODpYM1JBsOJ8ehFOQY2FrDrCQhZayBILETu1PafjBS5ttsMuC-Ydj3oe477T7TQch3aDeWRBJWuMNBkjkGMEeheJ3kVfjKGzY5jtAoZZMGlJrFu7GLACOSfIDUFOCXJBkKcE-aA4ZNI0THGXSZP57iw3ZrlZTFTa26eHKu3xmIDqMTQrDkTyntlDkP5vMgoNm6gKqJ8WE-qzYj85I9cr16yja3-hz09tj_MG81sdyvwODYN5p0vbjuP5ntOan_fcBowoIMyVc0NGoiS3PriORJTk2qMcPj2BkScIxDOgmQuaF6DbBUbxt4ZGhva5FlFdipCDqQJJWkO6Y-3LM3JjsrG5cHy-v3d-_xk8eEBmgUAXSHSBd8V9gp68M9lQOTnYULkh368lqYjEiFa7vZ3SlP__qzf4Tq40W1404y9fCSqiKu9tcpOu0JiJuGfI1wuCMa6XlA44-WHZbHF_PTPbC5mOs2Rl_dWl5SjR3Bih4imoKMnVPz9CIEpy48cvzv9t64U_ECS7MMmlTqMI_KQGKQgkv7ynfgHzr96_rPfNHfR0DTTdQxwVGOgCA1mAyjFMdnWSJvrBy798VsXn8GVt4ktdO_Cllp9UPh1XcL-Cny5sM-LUbjX8ZrvTafOwzcImazaarNtyeNej3bbX9VpITSkWPy7-CQAA__9gHGr6aQQAAA== HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27725042=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9ab718efc42e331319597a2afd8ce361\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":172,"timings":{"blocked":76,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:14:37 GMT","end":"Wed, 28 Jan 2026 01:14:36 GMT"},"fingerprint":{"sha1":"5A:67:AA:88:D5:BE:C4:00:42:86:CC:4E:FC:E7:73:FE:CB:85:71:60","sha256":"F5:6C:A4:39:AC:04:F6:11:7E:DB:94:93:4C:93:FC:EC:A2:B4:4E:A4:FE:19:8E:22:C0:D8:D4:84:67:37:70:C0"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 1fbc385daaecd514570784e7de6e3fdf\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":142,"timings":{"blocked":60,"dns":0,"connect":18,"send":0,"wait":20,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ekltersas.life/check","fqdn":"ekltersas.life","domain":"ekltersas.life","tld":"life"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T23:30:42.355Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ekltersas.life","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Dec 2025 21:40:24 GMT","end":"Mon, 16 Mar 2026 22:38:08 GMT"},"fingerprint":{"sha1":"4F:AC:EA:27:62:8F:3E:E4:FA:9B:D7:02:64:A9:58:2E:95:E6:09:E6","sha256":"76:12:28:F3:58:DD:7D:59:26:1D:C2:73:48:60:4C:72:38:03:78:3D:E6:66:BD:91:AB:51:F1:BD:44:C5:7F:88"}}},"request":{"raw":"POST /check HTTP/1.1\r\nHost: ekltersas.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 189\r\nOrigin: https://ekltersas.life\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes\r\nCookie: _ga_KJ4T538TS5=GS2.1.s1766100639$o1$g0$t1766100642$j57$l0$h1076649015; _ga=GA1.1.1834062265.1766100640; js_enabled=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=b85291c7-edf7-4a12-bb4d-aabbf6d6d817%3A2%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=ringdisgustpostman.com; pp_main_e85f1b4e5c463e0f1e77e1a97dfbf10c=1; sb_main_466716847e8dab35df8323718d632d4f=1; sb_count_466716847e8dab35df8323718d632d4f=1; sb_main_380895734ef7979b147f5e53b15686f8=1; sb_count_380895734ef7979b147f5e53b15686f8=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=ringdisgustpostman.com; delayed=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":189,"data":"challenge=2fcaf98e74ba4a1852223aae39d509a1\u0026fingerprint=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTM0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTM0LjB8MTI4MHgxMDI0fGVuLVVTfDA%3D"}},"response":{"raw":"HTTP/3 302 Found\r\ndate: Thu, 18 Dec 2025 23:30:42 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://wl12wbq.starflirt-thefever.com/cvwpenb?s1=news2\r\nserver: cloudflare\r\npriority: u=1,i=?0\r\nreferrer-policy: unsafe-url\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-server-powered-by: Engintron\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=osKUCszaqupIz6cPg7a0a5biz8NQumdiotvb4OJsL9y76PfJs9%2Bk4iYIZcyS7%2BtwR%2FzYU3oqt8mVowHgM9Ge9l2mLBmzSpk88Xo%2FY5WZ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b027316bda13181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9641,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/d6/39/0a/d6390af0b4f58d3725cd01a19abacd3a/1756661987.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/d6/39/0a/d6390af0b4f58d3725cd01a19abacd3a/1756661987.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:40 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 93518\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:39:48 GMT\r\netag: \"68b488e4-16d4e\"\r\nexpires: Sat, 20 Dec 2025 23:30:40 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93518,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:25:00], progressive, precision 8, 320x240, components 3","md5":"c68d4f79a76b758c2624caba8892164b","sha1":"f5fbfbc14fea8c9b05a962b395ff854517c333fe","sha256":"19e1f4a3d8aa639cc69911d4c6bc713497f0936330c1fc4539ca2dade4eeb6af","sha512":"ef6f997a9bfe1a208b4c54ba2f7d732f19348df16b73cc73a7628d190fe456aba0ec1d87993daefa127cd8f093cca3ca7cc2c49c4c4a8017f20d0c79badff1e1","ssdeep":"1536:BGfG/zbP01UpLKf55/FiVhLgNa1qiokfY89PqoPt48z:BGfGbT018L+9iVhLr1qiBw89PJJz","tlshash":"4d93f23bb6a2db21f5e4563886fbe79503b30e68ae3701503ccdb6d4b7a64c31999407","first_seen":"2025-09-02T18:13:44.321498Z","last_seen":"2026-05-10T12:41:16.764936Z","times_seen":1377,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":43,"dns":1,"connect":19,"send":0,"wait":41,"receive":34,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/f0/fb/23/f0fb231c3868f7f970a30d973f7bfa93/1756662127.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/f0/fb/23/f0fb231c3868f7f970a30d973f7bfa93/1756662127.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:40 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 81446\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:42:07 GMT\r\netag: \"68b4896f-13e26\"\r\nexpires: Sat, 20 Dec 2025 23:30:40 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81446,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:39:09], progressive, precision 8, 320x240, components 3","md5":"5cc1ea1ae22514d2a4e634a3fc00fc38","sha1":"17a827b9ae082506fe9d086fd2d006d0593ae5e8","sha256":"2a7d63fc873f793b91adea7c866b01e00bb59f075fc29953fd108f52fb5ede09","sha512":"9b57eb1e4bf4668182319d2f0bfa356c766de2afe94f188dc84054140014267d1f1ad0cf81b91421d88cdba16a9ad51b8acc87b9540c93c523bd66dd444304b5","ssdeep":"1536:LNkk6f2Nkk6fvhbg2DyMgTuF+faDypx3cvkYWMwjYz8+HjFOn:LZk2ZkJb+XTuF80sYWnYz8MjFQ","tlshash":"c183e125b3d1efb2e5d8973498a3c719f6219e45673760913e8db5a03fe2361da8c023","first_seen":"2025-09-02T19:18:23.934309Z","last_seen":"2026-05-10T12:00:10.003455Z","times_seen":1447,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":24,"send":0,"wait":57,"receive":29,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: dcf3159e67f48cf302addba4dbfaa980\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-10T16:36:43.095517Z","times_seen":15813,"resource_available":true,"data":null}},"time_used":135,"timings":{"blocked":2,"dns":5,"connect":17,"send":0,"wait":53,"receive":18,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wl12wbq.starflirt-thefever.com/cvwpenb?s1=news2","fqdn":"wl12wbq.starflirt-thefever.com","domain":"starflirt-thefever.com","tld":"com"},"ip":{"addr":"172.67.173.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T23:30:42.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"starflirt-thefever.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 19:39:06 GMT","end":"Mon, 09 Feb 2026 19:05:07 GMT"},"fingerprint":{"sha1":"63:8F:DD:9F:D9:E0:7F:BD:5B:70:60:95:CB:60:6A:06:DB:FE:E4:BE","sha256":"AC:53:0F:D2:35:F9:F5:3E:20:CF:07:32:BF:B0:4E:53:BE:92:0C:25:48:2C:8D:43:1E:04:A8:D1:DA:10:16:83"}}},"request":{"raw":"GET /cvwpenb?s1=news2 HTTP/1.1\r\nHost: wl12wbq.starflirt-thefever.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 18 Dec 2025 23:30:42 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 174\r\nlocation: http://bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: private, no-transform\r\nset-cookie: sid=t6~ukm45p1qottnjs04ozej13ce; path=/\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZCAufCvJMVGCruEt5t3sTNSFYAde%2BBUym0clCI8KCrl2lKE2m2edl%2FhbIys3go8nQc%2B%2BVXWBV7Kx4aoITMPsUR6AkWYjTLMwaonCrJmJr7HfhgIyhs6RbNN2EXU%3D\"}]}\r\ncf-ray: 9b0273175af0b521-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9641,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":367,"timings":{"blocked":44,"dns":22,"connect":1,"send":0,"wait":279,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bql.php?vgd_len=5027\u0026\u0026vgd_l2type=dmola\u0026fp=rxEwMlW0350whSeeKc49Nb76WR1GIXxywPcb6OK4wW7p1bTfSSs2j-FMnlFc8-3kfkAYkFst_O9TLF4OrzZp4dok1h4KaZhGCIVm-k6Bfz7kUQn8zUIG5Lbi8-PCOQ4R8lNiDVlXsek%3D\u0026cme=Y3CIEtK1-hkNRz4nOE7ecovEgwyrLSrM_s2_6dmx0LDewGYWJv_aBJD12cZ-GeNSBR1KklQ6iISTLcDnq1NsIqm8iYXS2_qtPZzbbHaiesXDTYKzEeqbkU2aBe2sNvnIh_Muj9tQ8kiiDzsw-ajcu9ouxWh1k4MV4jVPP5YG0bzMkdbqstHaZOx7aVfmlckgFFnjJq5HAYiWiTfUa6i4RlL8-gekejRXnTu36ln7vfO30XviL2fbS-V_OYv7TLfCpiPDFyUnfQQFFDwXikNu3Q%3D%3D%7C%7C93q-w6oysg91aq4hh7dv6zzrcNTS6udO%7Ca0AmFUYXmD6h8Qsq1enTflc2Pkp459aSwwGpaS1Oi_zdN8_gzvPB9Ybt_KJVFTr2TMgBXNyn1c16lGC6v8Hraw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7C9N40jeUC3sm6zGaIXg9B9L5D6D7MOru_P4NIqj857AYE3YStfVLpBAs9iET_QegTE8UKfPOpwbBFvTvUGTAGji7EqC_mTGNrL6pT5uOwn-dfF7dzvu52vDA_UuGkroI5nJXeJvINWllM3OE5thzHxWEG13pzDPdnCiR-9fE3ka3EjJllMHxbbLUQuQxAg6v7x-TTto9ioNpWh8Zsc91Y7rdv68OT1nX_o_6gyiehNBy1EbTamHPExx4h9xVuhZWSPklcT-uzDcc_zAb7iCWkVM4C4QnVaXsLHy6C1IS2mMj6VNTop2JGSORlVGtYEfWSTvNmBrLq7VDiVKni32D9bD9MqVIHtBoxBGNnjhdrpbUl6PNvg7lKc2B-DkfPec7dGQ3MqHSUHSCLaspI728V7QI95s__ZtgCGvZL98H4lJdJO6CaAh0Fx__EsPkOYeLRkOlfZMLP0_gWcTrunnGVuvd7LPX9y8qtJCzwpV0oao_xKyhqM_N7w861q3xZA5avXGtXCwmS5NOrADWrPOYpPsec4xv0sy021eFMcfcdKB8-oZfXphGrpMalRvgnoGkCe-Xr2Kft7vtm-EEWUPsOcguJHQNiNyafbgrjiioCgCukV2oBq0HduZNmq0GWsANr%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026ksu=360\u0026fdkt=658\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Find+Love+Relationship+App\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=1\u0026kid[]=1326136034\u0026kbc2[]=clid_serp%3D5528%7Cclid_fz%3D-2%7Crla%3D26.16%7Clr%3D0.06%7Cakp%3D5%7Crlhp%3D0.00%7C17%3D0.00%7C18%3D1666.67%7C5%3D6%7C6%3D0%7C16%3D1%7C19%3D1666.67%7Ckus%3D0.4847%7Ckucs%3D0.4150%7Ckcucs%3D0.6581%7Ckcucs2%3D0.6581%7Ckssks%3D5.0000%7Crcid%3D200619%7Cclpr%3D0.847200%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557870481313781650176\u0026kwd[]=Top+Dating+Offers\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=2\u0026kid[]=1933084716\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D6%7C17%3D0.00%7C18%3D0.00%7C5%3D2%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.5006%7Ckucs%3D0.4806%7Ckcucs%3D0.7188%7Ckcucs2%3D0.7188%7Ckssks%3D5.0000%7Crcid%3D237403%7Cclpr%3D0.882900%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557865977714154279680\u0026kwd[]=Senior+Romance+Sites\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=3\u0026kid[]=1325352309\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D3%7C17%3DNaN%7C18%3DNaN%7C5%3D0%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.4658%7Ckucs%3D0.4895%7Ckcucs%3D0.6581%7Ckcucs2%3D0.6581%7Ckssks%3D5.0000%7Crcid%3D71516%7Cclpr%3D0.902400%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557865977714154279680\u0026kwd[]=Romantic+Love+Messages\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=4\u0026kid[]=151353148\u0026kbc2[]=clid_fz%3D7392%7Cclid_serp%3D7392%7Cakp%3D10%7C17%3DNaN%7C18%3DNaN%7C5%3D0%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.4732%7Ckucs%3D0.4239%7Ckcucs%3D0.6208%7Ckcucs2%3D0.6208%7Ckssks%3D5.0000%7Crcid%3D45524%7Cclpr%3D0.881400%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557865977714171056896\u0026kwd[]=Best+Of+2025+Romance\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=5\u0026kid[]=1275662598\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-1%7Cakp%3D2%7C17%3D0.00%7C18%3D0.00%7C5%3D2%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.3746%7Ckucs%3D0.3938%7Ckcucs%3D0.4882%7Ckcucs2%3D0.4882%7Ckssks%3D5.0000%7Crcid%3D9319%7Cclpr%3D0.830500%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=17175296\u0026v=1\u0026gdpr=1\u0026geo=59.9%7C10.77\u0026lper=100\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170762530\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=k8zOLJQxj7QQEm7.NmY\u0026cid=8CUIK384H\u0026vi=1766100644919229513\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=2\u0026vgd_tsce=L1082-S1082\u0026vgd_l3_sc=03\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=55990\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_ifrmode=03\u0026sbdrId=\u0026verid=\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2151364624398269975\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=2596\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001766100644180015326356487944\u0026rc=0\u0026rand=1766100644911\u0026acid=undefined\u0026matm=1766100644912\u0026vgde_ltimesrc=u\u0026vgde_ltime=XAh\u0026vgde_rtime=Xuh\u0026vgde_etm=fF\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AHFW%2C%22QNLLQ71L7%22%3Aui%2C%22QNLLLJzOJL%22%3AA9%2C%22QNLLJ-JN%22%3AX9%7D\u0026vgd_lhl=1982\u0026vgd_sbSup=1\u0026vgd_nrrs=55990\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","date":"2025-12-18T23:30:44.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /bql.php?vgd_len=5027\u0026\u0026vgd_l2type=dmola\u0026fp=rxEwMlW0350whSeeKc49Nb76WR1GIXxywPcb6OK4wW7p1bTfSSs2j-FMnlFc8-3kfkAYkFst_O9TLF4OrzZp4dok1h4KaZhGCIVm-k6Bfz7kUQn8zUIG5Lbi8-PCOQ4R8lNiDVlXsek%3D\u0026cme=Y3CIEtK1-hkNRz4nOE7ecovEgwyrLSrM_s2_6dmx0LDewGYWJv_aBJD12cZ-GeNSBR1KklQ6iISTLcDnq1NsIqm8iYXS2_qtPZzbbHaiesXDTYKzEeqbkU2aBe2sNvnIh_Muj9tQ8kiiDzsw-ajcu9ouxWh1k4MV4jVPP5YG0bzMkdbqstHaZOx7aVfmlckgFFnjJq5HAYiWiTfUa6i4RlL8-gekejRXnTu36ln7vfO30XviL2fbS-V_OYv7TLfCpiPDFyUnfQQFFDwXikNu3Q%3D%3D%7C%7C93q-w6oysg91aq4hh7dv6zzrcNTS6udO%7Ca0AmFUYXmD6h8Qsq1enTflc2Pkp459aSwwGpaS1Oi_zdN8_gzvPB9Ybt_KJVFTr2TMgBXNyn1c16lGC6v8Hraw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7C9N40jeUC3sm6zGaIXg9B9L5D6D7MOru_P4NIqj857AYE3YStfVLpBAs9iET_QegTE8UKfPOpwbBFvTvUGTAGji7EqC_mTGNrL6pT5uOwn-dfF7dzvu52vDA_UuGkroI5nJXeJvINWllM3OE5thzHxWEG13pzDPdnCiR-9fE3ka3EjJllMHxbbLUQuQxAg6v7x-TTto9ioNpWh8Zsc91Y7rdv68OT1nX_o_6gyiehNBy1EbTamHPExx4h9xVuhZWSPklcT-uzDcc_zAb7iCWkVM4C4QnVaXsLHy6C1IS2mMj6VNTop2JGSORlVGtYEfWSTvNmBrLq7VDiVKni32D9bD9MqVIHtBoxBGNnjhdrpbUl6PNvg7lKc2B-DkfPec7dGQ3MqHSUHSCLaspI728V7QI95s__ZtgCGvZL98H4lJdJO6CaAh0Fx__EsPkOYeLRkOlfZMLP0_gWcTrunnGVuvd7LPX9y8qtJCzwpV0oao_xKyhqM_N7w861q3xZA5avXGtXCwmS5NOrADWrPOYpPsec4xv0sy021eFMcfcdKB8-oZfXphGrpMalRvgnoGkCe-Xr2Kft7vtm-EEWUPsOcguJHQNiNyafbgrjiioCgCukV2oBq0HduZNmq0GWsANr%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026ksu=360\u0026fdkt=658\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Find+Love+Relationship+App\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=1\u0026kid[]=1326136034\u0026kbc2[]=clid_serp%3D5528%7Cclid_fz%3D-2%7Crla%3D26.16%7Clr%3D0.06%7Cakp%3D5%7Crlhp%3D0.00%7C17%3D0.00%7C18%3D1666.67%7C5%3D6%7C6%3D0%7C16%3D1%7C19%3D1666.67%7Ckus%3D0.4847%7Ckucs%3D0.4150%7Ckcucs%3D0.6581%7Ckcucs2%3D0.6581%7Ckssks%3D5.0000%7Crcid%3D200619%7Cclpr%3D0.847200%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557870481313781650176\u0026kwd[]=Top+Dating+Offers\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=2\u0026kid[]=1933084716\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D6%7C17%3D0.00%7C18%3D0.00%7C5%3D2%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.5006%7Ckucs%3D0.4806%7Ckcucs%3D0.7188%7Ckcucs2%3D0.7188%7Ckssks%3D5.0000%7Crcid%3D237403%7Cclpr%3D0.882900%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557865977714154279680\u0026kwd[]=Senior+Romance+Sites\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=3\u0026kid[]=1325352309\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D3%7C17%3DNaN%7C18%3DNaN%7C5%3D0%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.4658%7Ckucs%3D0.4895%7Ckcucs%3D0.6581%7Ckcucs2%3D0.6581%7Ckssks%3D5.0000%7Crcid%3D71516%7Cclpr%3D0.902400%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557865977714154279680\u0026kwd[]=Romantic+Love+Messages\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=4\u0026kid[]=151353148\u0026kbc2[]=clid_fz%3D7392%7Cclid_serp%3D7392%7Cakp%3D10%7C17%3DNaN%7C18%3DNaN%7C5%3D0%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.4732%7Ckucs%3D0.4239%7Ckcucs%3D0.6208%7Ckcucs2%3D0.6208%7Ckssks%3D5.0000%7Crcid%3D45524%7Cclpr%3D0.881400%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=75557865977714171056896\u0026kwd[]=Best+Of+2025+Romance\u0026kwt[]=658\u0026kbc[]=f1d18bcb40236a906caad902aaf00472.d2s\u0026kwp[]=5\u0026kid[]=1275662598\u0026kbc2[]=clid_fz%3D-2%7Cclid_serp%3D-1%7Cakp%3D2%7C17%3D0.00%7C18%3D0.00%7C5%3D2%7C6%3D0%7C16%3D0%7C19%3D0.00%7Ckus%3D0.3746%7Ckucs%3D0.3938%7Ckcucs%3D0.4882%7Ckcucs2%3D0.4882%7Ckssks%3D5.0000%7Crcid%3D9319%7Cclpr%3D0.830500%7Ccllvl%3D5%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.992%7Cps_id%3D0\u0026ktd[]=17175296\u0026v=1\u0026gdpr=1\u0026geo=59.9%7C10.77\u0026lper=100\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170762530\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=k8zOLJQxj7QQEm7.NmY\u0026cid=8CUIK384H\u0026vi=1766100644919229513\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=2\u0026vgd_tsce=L1082-S1082\u0026vgd_l3_sc=03\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=55990\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_ifrmode=03\u0026sbdrId=\u0026verid=\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2151364624398269975\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=2596\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001766100644180015326356487944\u0026rc=0\u0026rand=1766100644911\u0026acid=undefined\u0026matm=1766100644912\u0026vgde_ltimesrc=u\u0026vgde_ltime=XAh\u0026vgde_rtime=Xuh\u0026vgde_etm=fF\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AHFW%2C%22QNLLQ71L7%22%3Aui%2C%22QNLLLJzOJL%22%3AA9%2C%22QNLLJ-JN%22%3AX9%7D\u0026vgd_lhl=1982\u0026vgd_sbSup=1\u0026vgd_nrrs=55990\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://findresultsspot.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:45 GMT\r\ncontent-type: text/javascript\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\nexpires: Wed, 17 Dec 2025 23:30:45 GMT\r\npragma: no-cache\r\ntiming-allow-origin: *\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=12y24fDL8v32xHaZSZfkkoN5W0bmxe7w8NdRkw90dMJY%2Big%2FFOmb9VqRXtXQHjzaI5aoZT4r1hGp%2FiM0N5RAFZqw9Ld0uqH2jUamE6FDNZpQ0w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b0273271ab956b9-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-05-10T16:29:28.435773Z","times_seen":173811,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"52.29.191.236","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ekltersas.life\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:40 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://ekltersas.life\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=b85291c7-edf7-4a12-bb4d-aabbf6d6d817:2:1; expires=Sun, 16 Dec 2035 23:30:40 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"979c51ac1c0143d446af4f2fcea56e6e","sha1":"b5bf15782be7b174171279e0c94b8316cc42f84a","sha256":"baba1798a6af96f5d0ab781c2e6705f968f43a8a315bcb8dfcac1385164e0c4a","sha512":"93c4a7dd0f35723b846c8caf2262faa5945b3f5ff4fe1d1924ca39745cd446ec4a82419a22fb1b9f7de94ee0ee5f7b9eb48fe008452eaf8e774f4240eb4c195f","ssdeep":"","tlshash":"aa9002616516324a9010ba9a9210c080d640913548009150645491433028008a914149","first_seen":"2025-12-18T23:31:11.665554Z","last_seen":"2025-12-18T23:31:11.665554Z","times_seen":1,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":81,"dns":7,"connect":23,"send":0,"wait":22,"receive":0,"ssl":50},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b31c605835233c98e0e48870888569d3\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-10T16:36:43.095517Z","times_seen":15813,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":1,"connect":19,"send":0,"wait":20,"receive":18,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.1006467474269.js?key=a93e04098bdd2de81eb7af8dec828738\u0026kw=%5B%22ekltersas%22%2C%22life%22%2C%22please%22%2C%22wait%22%5D\u0026refer=https%3A%2F%2Fekltersas.life%2Frqgfr%2F4%2F60808-kelly-rohrbach-nudes\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=3c6f4339-561e-4b31-ac77-01866d68159b%3A1%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /watch.1006467474269.js?key=a93e04098bdd2de81eb7af8dec828738\u0026kw=%5B%22ekltersas%22%2C%22life%22%2C%22please%22%2C%22wait%22%5D\u0026refer=https%3A%2F%2Fekltersas.life%2Frqgfr%2F4%2F60808-kelly-rohrbach-nudes\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=3c6f4339-561e-4b31-ac77-01866d68159b%3A1%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ekltersas.life\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ekltersas.life\r\naccess-control-allow-credentials: true\r\nlocation: https://kettledroopingcontinuation.com/watch.1006467474269.js?key=a93e04098bdd2de81eb7af8dec828738\u0026kw=%5B%22ekltersas%22%2C%22life%22%2C%22please%22%2C%22wait%22%5D\u0026refer=https%3A%2F%2Fekltersas.life%2Frqgfr%2F4%2F60808-kelly-rohrbach-nudes\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=3c6f4339-561e-4b31-ac77-01866d68159b%3A1%3A1\u0026shu=5fce5373c5f34ff8e1ffcd17a1d7deebaabd2c1cb5969b22eb36658d31c6f6775a32d0e573774b0607e1deaad3fc230ce85076221e81e7a79f9f19fcd9c3cbc9a5102540249ca21d5f7f8325ef95176416ca64512a58cbf6a056d7\u0026pst=1766100700\u0026rmtc=t\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkxNDIyNCwiayI6ImE5M2UwNDA5OGJkZDJkZTgxZWI3YWY4ZGVjODI4NzM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MzQyMjI1LCJwaWQiOjg0NDY2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiaDBtZ3c0OHlocyIsImNwa3MiOnsiMjgiOiJlODVmMWI0ZTVjNDYzZTBmMWU3N2UxYTk3ZGZiZjEwYyIsIjI5IjoiNDY2NzE2ODQ3ZThkYWIzNWRmODMyMzcxOGQ2MzJkNGYifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImN0Ijp7ImlkIjozMTQzMjQ0LCJuIjoiT3NsbyJ9LCJyZyI6eyJpZCI6MTg0NCwibiI6Ik9zbG8gQ291bnR5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwiaXdmIjp0cnVlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZWtsdGVyc2FzLmxpZmUvcnFnZnIvNC82MDgwOC1rZWxseS1yb2hyYmFjaC1udWRlcyIsInR6IjoxLCJhciI6W119fQ.C_11MUdSo8_RHLhrkxzuHA8rPI7OXfbtQ5N1syxu0uA; expires=Thu, 18 Dec 2025 23:31:40 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e35d8ac290a9451954eabeb0ab4dbe3a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":4594,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":655,"timings":{"blocked":279,"dns":1,"connect":91,"send":0,"wait":97,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/impr.gif?sid=H4sIAAAAAAAC_1RST28bxRue7c_6HUolVAqcfQSEnF17Hdv0gAglKCIkaRqUA-IwOzPrDJ7dWWZ2vY5PEUGo4oB84ABc2DxOGgEVfz4AKDjlgCoh4RM5NELqJwCkntG6lgKvNM_7vvPM4Xmfdz48yM5JAxk923hTD6VSdKFZc6vPbcuY69xW17aqnltzr1e3ZbzoX68OSjD9l7yGX3Ofr74uWE8v1F3PdT3Xqy5LI0I9WJixkMndjlfruDW_XvOaPgbmv73NHFjqgPfPyVOQfPrkw_BtSDZBHH13Q9heqpMXX4syRVNt0OfHb8W9WOcxoosyNA7C-Hj-GtpOCfn0EnR8PJ8Aun9YToBATsmlZx8giI_nMhH0jx4rDRREjIA_gbw_gVATSDoB0_uQ_DcCMI61dcTRnTVtcrr7mKUlOyWVR39D5lNSefA04uibJSUH1VtaZanUscUgLCAHE8juBEl2inToQOanYOn7kPxXsvBoFXF0uG6VhuTFbHoZTkCtg6w80kEWOsgSBxE_q_pu22cebSyGHc5ark99n4vA7bTrrks7rIWMlbJGSJMRmBqBmT0kZg89OYLJTmB3CljuwKZT4tzcQ58XyAVBbglySpBLgjwlyPvFEVe2bos7XNks8Oa5Ps-NYqzT7gE90mlXxATUjGB4cSiT9-w-WPq_8TC0fKxLoEFajGnAi4PknFwtXXOOr_yFnjir-kLUedBsUx60achabocuuq4f-G6z1fK9OqwsIO2lmSFDOSU3P7iKRE7JlYc5AnoKq07B5DOgmQeaF6A7BYbxt5ZGlvaEkVFNyVCA6wJJWkG66xyoc3JtvLm1dDLb3zu_n0Cw-2QeYKZAYgq8K-8RdNXt8abOyeGmzi35fj1JZSSHtNztrZSm4v9fvSF2c234yg07-vIVVhJleXdL2HSVxlzGXUu-XpKcC7OsDRPkhxW7LYKNzO4sZSbOktWNV5dXosQIa6WOJ6BySi7_-RGYnJJrP34x-7fNF_4AS_ZgkwudVhMEiQMlCZS4uKdBAfuvPrioD-xtdE0FNN1HHBXomwJ9VYCqEWx2eZwm5v7Lv3xWxucIVGUcKFM5DJRRn8x8KuFeCT-V8DOsPKuGDVFnrttuLXqNdii8hs9Z2Gz7Hb5I3UZDILVTeePj4p8AAAD__8H9wcNpBAAA","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RST28bxRue7c_6HUolVAqcfQSEnF17Hdv0gAglKCIkaRqUA-IwOzPrDJ7dWWZ2vY5PEUGo4oB84ABc2DxOGgEVfz4AKDjlgCoh4RM5NELqJwCkntG6lgKvNM_7vvPM4Xmfdz48yM5JAxk923hTD6VSdKFZc6vPbcuY69xW17aqnltzr1e3ZbzoX68OSjD9l7yGX3Ofr74uWE8v1F3PdT3Xqy5LI0I9WJixkMndjlfruDW_XvOaPgbmv73NHFjqgPfPyVOQfPrkw_BtSDZBHH13Q9heqpMXX4syRVNt0OfHb8W9WOcxoosyNA7C-Hj-GtpOCfn0EnR8PJ8Aun9YToBATsmlZx8giI_nMhH0jx4rDRREjIA_gbw_gVATSDoB0_uQ_DcCMI61dcTRnTVtcrr7mKUlOyWVR39D5lNSefA04uibJSUH1VtaZanUscUgLCAHE8juBEl2inToQOanYOn7kPxXsvBoFXF0uG6VhuTFbHoZTkCtg6w80kEWOsgSBxE_q_pu22cebSyGHc5ark99n4vA7bTrrks7rIWMlbJGSJMRmBqBmT0kZg89OYLJTmB3CljuwKZT4tzcQ58XyAVBbglySpBLgjwlyPvFEVe2bos7XNks8Oa5Ps-NYqzT7gE90mlXxATUjGB4cSiT9-w-WPq_8TC0fKxLoEFajGnAi4PknFwtXXOOr_yFnjir-kLUedBsUx60achabocuuq4f-G6z1fK9OqwsIO2lmSFDOSU3P7iKRE7JlYc5AnoKq07B5DOgmQeaF6A7BYbxt5ZGlvaEkVFNyVCA6wJJWkG66xyoc3JtvLm1dDLb3zu_n0Cw-2QeYKZAYgq8K-8RdNXt8abOyeGmzi35fj1JZSSHtNztrZSm4v9fvSF2c234yg07-vIVVhJleXdL2HSVxlzGXUu-XpKcC7OsDRPkhxW7LYKNzO4sZSbOktWNV5dXosQIa6WOJ6BySi7_-RGYnJJrP34x-7fNF_4AS_ZgkwudVhMEiQMlCZS4uKdBAfuvPrioD-xtdE0FNN1HHBXomwJ9VYCqEWx2eZwm5v7Lv3xWxucIVGUcKFM5DJRRn8x8KuFeCT-V8DOsPKuGDVFnrttuLXqNdii8hs9Z2Gz7Hb5I3UZDILVTeePj4p8AAAD__8H9wcNpBAAA HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27725042=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ee85d0f641e92056588389b375ad4a02\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":-1,"dns":1,"connect":92,"send":0,"wait":98,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ekltersas.life/favicon.ico","fqdn":"ekltersas.life","domain":"ekltersas.life","tld":"life"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ekltersas.life","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Dec 2025 21:40:24 GMT","end":"Mon, 16 Mar 2026 22:38:08 GMT"},"fingerprint":{"sha1":"4F:AC:EA:27:62:8F:3E:E4:FA:9B:D7:02:64:A9:58:2E:95:E6:09:E6","sha256":"76:12:28:F3:58:DD:7D:59:26:1D:C2:73:48:60:4C:72:38:03:78:3D:E6:66:BD:91:AB:51:F1:BD:44:C5:7F:88"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ekltersas.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes\r\nCookie: _ga_KJ4T538TS5=GS2.1.s1766100639$o1$g0$t1766100639$j60$l0$h1076649015; _ga=GA1.1.1834062265.1766100640; js_enabled=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=b85291c7-edf7-4a12-bb4d-aabbf6d6d817%3A2%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=ringdisgustpostman.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nexpires: Mon, 16 Feb 2026 09:07:30 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: BYPASS\r\nx-server-powered-by: Engintron\r\nage: 51789\r\ncf-cache-status: HIT\r\nlast-modified: Thu, 18 Dec 2025 09:07:31 GMT\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V0ey0ZFCP7%2F8iiv4QnmWCK71y8gKQpnfRjb4AzdVVsrlMbjHPYkNaRCZgURmWOGr%2BejzZ36vDn9TUU1SJ29amruw%2FMCKfMR7Cs9NREbT\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b02730e3ff13181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":2911,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"d7e285948ea37fff29e9dd9bf0314dc4","sha1":"7c87874311c91018523832faba07235b5324cafd","sha256":"dac6767bf822a658150e5ba786bd8d9f258d81a132b9f5b6c5bdd6cd285c833a","sha512":"79c8ab9e2ca74dbd4d5dd1cfa8de647c8b9ec7ec6498f887548355773407d5affce65c60d1f9a1694f5ce077fac328a3690de4e8b485953f663f1b4e88ce0c7e","ssdeep":"","tlshash":"a751b5069e9348341ce2665467b0e21834a2d9179657e89736ec8454cf40fcaac6bfdc","first_seen":"2025-12-18T23:31:11.667059Z","last_seen":"2025-12-18T23:31:11.667059Z","times_seen":1,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bping.php?mspa=0\u0026wshp=0\u0026vgd_tsce=L1082\u0026vi=1766100644919229513\u0026vgd_rpth=%2Fola\u0026wsip=170763298\u0026vgd_cage=35\u0026crid=105767162\u0026vgd_oreqf=one\u0026vgd_setup=c21\u0026gdpr=1\u0026vgd_cdv=O2494\u0026r=1766100644182\u0026prid=8PR11258V\u0026cid=8CUIK384H\u0026vgd_oresf=one\u0026vgd_wlstp=0\u0026lf=6\u0026cc=NO\u0026ugd=4\u0026requrl=https%3A%2F%2Fflirtooffer.com%2Fs%2F5df2314e7aee5%3Ftrack%3DREANK\u0026ssld=%7B%22QQNN%22%3A%22Ia%22%2C%22QQN75%22%3A%22mQjm%22%2C%22QQ8E%22%3A%22%22%2C%22QQQN%22%3A%229A%22%7D\u0026vgd_l2type=dmola\u0026hvsid=00001766100644180015326356487944\u0026lper=100\u0026vgd_asn=50304\u0026sc=03\u0026vgd_len=569\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww17.bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK","date":"2025-12-18T23:30:44.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /bping.php?mspa=0\u0026wshp=0\u0026vgd_tsce=L1082\u0026vi=1766100644919229513\u0026vgd_rpth=%2Fola\u0026wsip=170763298\u0026vgd_cage=35\u0026crid=105767162\u0026vgd_oreqf=one\u0026vgd_setup=c21\u0026gdpr=1\u0026vgd_cdv=O2494\u0026r=1766100644182\u0026prid=8PR11258V\u0026cid=8CUIK384H\u0026vgd_oresf=one\u0026vgd_wlstp=0\u0026lf=6\u0026cc=NO\u0026ugd=4\u0026requrl=https%3A%2F%2Fflirtooffer.com%2Fs%2F5df2314e7aee5%3Ftrack%3DREANK\u0026ssld=%7B%22QQNN%22%3A%22Ia%22%2C%22QQN75%22%3A%22mQjm%22%2C%22QQ8E%22%3A%22%22%2C%22QQQN%22%3A%229A%22%7D\u0026vgd_l2type=dmola\u0026hvsid=00001766100644180015326356487944\u0026lper=100\u0026vgd_asn=50304\u0026sc=03\u0026vgd_len=569\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww17.bjjhhi.flirtooffer.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:44 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\nexpires: Wed, 17 Dec 2025 23:30:44 GMT\r\npragma: no-cache\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xhRBLrjN4GZOW3LqwHMwtCmJunLvE%2BBSfGb%2F%2B9M1JYcMpm3AoGFHCNLS3V%2Fo%2F9nyOd5hxE3YmzXCfDl1OmgRau%2FcHSi%2FyNbz%2BA1cwaoArVY%2FEbYk\"}]}\r\nserver: cloudflare\r\ncf-ray: 9b027323e9be32fa-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 87a, 1 x 1","md5":"6f1d74c7168076c7666246504a8c03f2","sha1":"00656377deb1a4393e0cf0055385b08b2b81b46c","sha256":"8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde","sha512":"e502484faa0dc2a1f23c7f715879db654f29d0af1d6f616467d3d1fc578c2d16fccaacd76c4a5ecae8451dc912323473559d29edbd322fe85b8f1e83a7cdf2f3","ssdeep":"","tlshash":"53900447f1401103d135403007075340070c5030145403050071507ddc1d7553d07410","first_seen":"2025-03-07T21:51:05.009549Z","last_seen":"2026-05-10T16:29:28.448525Z","times_seen":175397,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":42,"dns":20,"connect":1,"send":0,"wait":128,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/ren.gif?sid=H4sIAAAAAAAC_1RSz28bRRSebS0OpRIqBc57BIScXXvt2PSACKUoIiRpGpQD4jC7M-sMnt1ZZna9jk8RQajigHzgAFzYfE4aARU__gBQcMoBVUJiT-TQSKh_ASD1jNa1FHjSfO-9-ebwve_NR_vZGWkio6frb6mRkJIutOqO_fyWiJnKjb26abtO3blmb4m47V2zhxXowctu06s7L9hv8KCvFhqO6ziu49o3hOahGi7MWIjkbtetd52616i7LQ9D_f_eZBYMtcAGZ-RpCFY-9TB8ByKYIo6-v85NP1XJS69HmaSp0hiwo7fjfqzyGNF5GWoLYXw0fw1lSkI-uwAVH80ngBocVBPAFyW58NwD-PHRXCb8weFjpb4Ej-GzJ5EPpuByCkGnCNQeBPudAAHD6hri6M6q0jndeczSii1J7dE_EHlJag-eQRx9uyTF0L6lZJYKFRsMwwJiOIXoTZFkJ0hHFkR-giD9AIL9RhYerSCODtaMVBCsmE0vwimosZBVR1jIQgtZYiFip7bndLzApc122GXBouNRz2Pcd7qdhuPQbrCILKhkjZEmYwRyjEDvItG76IsxdHYMs13AMAsmLYl1cxcDViDnBLkhyClBLgjylCAfFIdMmoYp7jBpMt-d58Y8N4uJSnv79FClPR4TUD2GZsWBSN43ewjSi5NRaNhEVUD9tJhQnxX7yRm5UrlmHV3-G31-anucN5jf6lDmd2gYLDpd2nYcz_ec1uKi5zZgRAFhLswMGYmS3PzwChJRkssPc_j0BEaeIBDPgmYuaF6AbhcYxd8ZGhna51pEdSlCDqYKJGkN6Y61L8_I1cnG5tLxbH_v_vEzeHCfzAOBLpDoAu-JewQ9eXuyoXJysKFyQ35YS1IRiRGtdnsrpSl_4us3-U6uNFu-bsZfvRpURFXe3eQmXaExE3HPkG-WBGNc31A64OTHZbPF_fXMbC9lOs6SlfXXbixHiebGCBVPQUVJLv31MQJRkqs_fTn7t60X_0SQ7MIk5zqNIvCTi5CCQPLze-oXMP_p_fN639xGT9dA0z3EUYGBLjCQBagcw2SXJmmi77_y6-dVfAFf1ia-1LUDX2r5aeXTcQX3Zo5V8AuMOLVbDb_Z7nTaPGyzsMmajSbrthze9Wi37XW9FlJTiuufFP8GAAD__wgED3FpBAAA","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz28bRRSebS0OpRIqBc57BIScXXvt2PSACKUoIiRpGpQD4jC7M-sMnt1ZZna9jk8RQajigHzgAFzYfE4aARU__gBQcMoBVUJiT-TQSKh_ASD1jNa1FHjSfO-9-ebwve_NR_vZGWkio6frb6mRkJIutOqO_fyWiJnKjb26abtO3blmb4m47V2zhxXowctu06s7L9hv8KCvFhqO6ziu49o3hOahGi7MWIjkbtetd52616i7LQ9D_f_eZBYMtcAGZ-RpCFY-9TB8ByKYIo6-v85NP1XJS69HmaSp0hiwo7fjfqzyGNF5GWoLYXw0fw1lSkI-uwAVH80ngBocVBPAFyW58NwD-PHRXCb8weFjpb4Ej-GzJ5EPpuByCkGnCNQeBPudAAHD6hri6M6q0jndeczSii1J7dE_EHlJag-eQRx9uyTF0L6lZJYKFRsMwwJiOIXoTZFkJ0hHFkR-giD9AIL9RhYerSCODtaMVBCsmE0vwimosZBVR1jIQgtZYiFip7bndLzApc122GXBouNRz2Pcd7qdhuPQbrCILKhkjZEmYwRyjEDvItG76IsxdHYMs13AMAsmLYl1cxcDViDnBLkhyClBLgjylCAfFIdMmoYp7jBpMt-d58Y8N4uJSnv79FClPR4TUD2GZsWBSN43ewjSi5NRaNhEVUD9tJhQnxX7yRm5UrlmHV3-G31-anucN5jf6lDmd2gYLDpd2nYcz_ec1uKi5zZgRAFhLswMGYmS3PzwChJRkssPc_j0BEaeIBDPgmYuaF6AbhcYxd8ZGhna51pEdSlCDqYKJGkN6Y61L8_I1cnG5tLxbH_v_vEzeHCfzAOBLpDoAu-JewQ9eXuyoXJysKFyQ35YS1IRiRGtdnsrpSl_4us3-U6uNFu-bsZfvRpURFXe3eQmXaExE3HPkG-WBGNc31A64OTHZbPF_fXMbC9lOs6SlfXXbixHiebGCBVPQUVJLv31MQJRkqs_fTn7t60X_0SQ7MIk5zqNIvCTi5CCQPLze-oXMP_p_fN639xGT9dA0z3EUYGBLjCQBagcw2SXJmmi77_y6-dVfAFf1ia-1LUDX2r5aeXTcQX3Zo5V8AuMOLVbDb_Z7nTaPGyzsMmajSbrthze9Wi37XW9FlJTiuufFP8GAAD__wgED3FpBAAA HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27725042=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 00ae8409f8683e1810ed90b9e8d1e728\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":639,"timings":{"blocked":268,"dns":1,"connect":91,"send":0,"wait":93,"receive":0,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-KJ4T538TS5\u0026gtm=45je5ca1v9118348237za200zd9118348237\u0026_p=1766100639564\u0026_gaz=1\u0026gcd=13l3l3l2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=1834062265.1766100640\u0026ecid=1076649015\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_s=1\u0026tag_exp=103116026~103200004~104527906~104528501~104684208~104684211~105391252~115583767~115938466~115938468~116184927~116184929~116251938~116251940~116682877\u0026sid=1766100639\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2Fekltersas.life%2Frqgfr%2F4%2F60808-kelly-rohrbach-nudes\u0026dt=ekltersas.life%20Please%20Wait\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026tfd=949","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.34.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:38:53 GMT","end":"Mon, 16 Feb 2026 08:38:52 GMT"},"fingerprint":{"sha1":"14:1E:23:68:0E:D0:A1:C7:ED:6A:FE:20:1B:06:FE:F9:83:B2:99:F5","sha256":"61:AF:E1:FE:D1:A6:4C:C2:5B:60:60:94:B3:7F:5C:5D:34:BE:8E:AB:21:42:8A:97:07:E7:8A:B7:2C:91:5D:0D"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-KJ4T538TS5\u0026gtm=45je5ca1v9118348237za200zd9118348237\u0026_p=1766100639564\u0026_gaz=1\u0026gcd=13l3l3l2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=1834062265.1766100640\u0026ecid=1076649015\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_s=1\u0026tag_exp=103116026~103200004~104527906~104528501~104684208~104684211~105391252~115583767~115938466~115938468~116184927~116184929~116251938~116251940~116682877\u0026sid=1766100639\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2Fekltersas.life%2Frqgfr%2F4%2F60808-kelly-rohrbach-nudes\u0026dt=ekltersas.life%20Please%20Wait\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026tfd=949 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ekltersas.life/\r\nOrigin: https://ekltersas.life\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://ekltersas.life\r\ndate: Thu, 18 Dec 2025 23:30:41 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:170:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:170:0\r\nreport-to: {\"group\":\"ascnsrsggc:170:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:170:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":213,"timings":{"blocked":89,"dns":0,"connect":21,"send":0,"wait":35,"receive":0,"ssl":66},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/pics/9000/09/593//arrrow.png","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","date":"2025-12-18T23:30:44.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /__media__/pics/9000/09/593//arrrow.png HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://findresultsspot.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 283\r\nserver: cloudflare\r\nlast-modified: Thu, 06 Mar 2025 13:05:37 GMT\r\naccept-ranges: bytes\r\ncache-control: public, max-age=604800\r\nvia: 1.1 google\r\nx-cache-status: miss\r\nalt-svc: h3=\":443\"; ma=86400\r\netag: \"11b-62fac2985d568\"\r\nage: 144395\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qPre410qhTDl6iKHDPFYQDpr%2B1KT1marmoDiqD4L0QaDohjZDpgcyCsk56mLB4Cj3oID8MawbxCJlGr4ME7aMEARzAEv5vkxoqnNQpJ4Ohyq8g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b027326ba6956b9-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":283,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 17 x 27, 8-bit colormap, non-interlaced","md5":"80d42c82a6c37da90210fd60a2f36128","sha1":"554ba7c84d2a27ecf3b1f29d03e62101936b54d8","sha256":"a1626e2d9160a0890a0a8d6e3af9e7095d68a24f9fb5ac8a166000c9a2581e10","sha512":"8ecb032c38176996ee637009833f3399f773b325e4f574fbbd26f93cdb82892c4143c5816543052b3a5123b89ef4b1aaca0407315aab879968085e61a20786b6","ssdeep":"","tlshash":"38d023cb5d512c3dd3615031445810799df2ad602c774182013eb4760f73545c658714","first_seen":"2023-04-06T17:33:21Z","last_seen":"2026-05-10T16:29:28.440532Z","times_seen":181610,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":33,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/fonts/montserrat_regular/montserrat_regular.woff","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","date":"2025-12-18T23:30:44.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /__media__/fonts/montserrat_regular/montserrat_regular.woff HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://findresultsspot.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://findresultsspot.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:44 GMT\r\ncontent-type: font/woff\r\ncontent-length: 24744\r\nserver: cloudflare\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nedge-control: downstream-ttl=1d\r\nvia: 1.1 google\r\ncache-control: public, max-age=604800\r\nlast-modified: Mon, 16 May 2016 10:39:41 GMT\r\netag: \"60a8-532f33dedf540\"\r\nage: 126637\r\nx-cache-status: hit\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ISQTsjy8r97tVO4WWinDRt6W%2FYjA0aV15jvahIyh9Jeb5j8xlDsw8eYmOkpWqSmK6GD9Y47dxzSO92UQKMqK%2BXIi3l12VLLb1%2FLkVNPKU%2F0rIw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b027326ca7a56b9-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24744,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 24744, version 1.0","md5":"987e102655eee6557d9e5de5eda2dbd7","sha1":"9cfb173085bc54a3e7a4f377e5184cba87ad7a67","sha256":"1354d1ffff7cde96f66dd463a7a9d9bc627c2ea55c1a12c7f0b5c63594622c3e","sha512":"bccd46bbc05dc333869797877f2702294f24f697bd5cf8c42210092d74ddb261b301fa1cb09f79ddc2fb1dc5a54acb3aabde5454920ab195fc906cfddf1be75a","ssdeep":"768:Vw0BKrqrg0KoirVY+RpyVvAfeiCONpPkIw31R:q0BKH0Koiu+Tyqfe1cCH31R","tlshash":"80b2d138a2776205f24c16f579030b361dda21ba925e47bb062360ae1db9a4cd18a24f","first_seen":"2025-04-10T23:48:29.909914Z","last_seen":"2026-05-10T16:29:28.443914Z","times_seen":156688,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.1006467474269.js?key=a93e04098bdd2de81eb7af8dec828738\u0026kw=%5B%22ekltersas%22%2C%22life%22%2C%22please%22%2C%22wait%22%5D\u0026refer=https%3A%2F%2Fekltersas.life%2Frqgfr%2F4%2F60808-kelly-rohrbach-nudes\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=3c6f4339-561e-4b31-ac77-01866d68159b%3A1%3A1\u0026shu=5fce5373c5f34ff8e1ffcd17a1d7deebaabd2c1cb5969b22eb36658d31c6f6775a32d0e573774b0607e1deaad3fc230ce85076221e81e7a79f9f19fcd9c3cbc9a5102540249ca21d5f7f8325ef95176416ca64512a58cbf6a056d7\u0026pst=1766100700\u0026rmtc=t","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /watch.1006467474269.js?key=a93e04098bdd2de81eb7af8dec828738\u0026kw=%5B%22ekltersas%22%2C%22life%22%2C%22please%22%2C%22wait%22%5D\u0026refer=https%3A%2F%2Fekltersas.life%2Frqgfr%2F4%2F60808-kelly-rohrbach-nudes\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=3c6f4339-561e-4b31-ac77-01866d68159b%3A1%3A1\u0026shu=5fce5373c5f34ff8e1ffcd17a1d7deebaabd2c1cb5969b22eb36658d31c6f6775a32d0e573774b0607e1deaad3fc230ce85076221e81e7a79f9f19fcd9c3cbc9a5102540249ca21d5f7f8325ef95176416ca64512a58cbf6a056d7\u0026pst=1766100700\u0026rmtc=t HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ekltersas.life\r\nReferer: https://ekltersas.life/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzkxNDIyNCwiayI6ImE5M2UwNDA5OGJkZDJkZTgxZWI3YWY4ZGVjODI4NzM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MzQyMjI1LCJwaWQiOjg0NDY2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiaDBtZ3c0OHlocyIsImNwa3MiOnsiMjgiOiJlODVmMWI0ZTVjNDYzZTBmMWU3N2UxYTk3ZGZiZjEwYyIsIjI5IjoiNDY2NzE2ODQ3ZThkYWIzNWRmODMyMzcxOGQ2MzJkNGYifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImN0Ijp7ImlkIjozMTQzMjQ0LCJuIjoiT3NsbyJ9LCJyZyI6eyJpZCI6MTg0NCwibiI6Ik9zbG8gQ291bnR5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwiaXdmIjp0cnVlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZWtsdGVyc2FzLmxpZmUvcnFnZnIvNC82MDgwOC1rZWxseS1yb2hyYmFjaC1udWRlcyIsInR6IjoxLCJhciI6W119fQ.C_11MUdSo8_RHLhrkxzuHA8rPI7OXfbtQ5N1syxu0uA\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: text/html\r\nContent-Length: 3260\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://ekltersas.life\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=3c6f4339-561e-4b31-ac77-01866d68159b:1:1; expires=Thu, 25 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Fri, 19 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Fri, 19 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\npdhtkv23=true; expires=Fri, 19 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\nuncs23=1; expires=Fri, 19 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\nu_pl27914224=1; expires=Fri, 19 Dec 2025 23:30:40 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 6\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b0c593f86ae76fab75e012770b768b38\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4594,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3718)","md5":"e1568d487cc096cdb6719fb893d90994","sha1":"a2aa4663e90e501c9027a35f7b19e992e3783aaf","sha256":"0b09226c52d0dede901ec59353f4ec87ad4c3ae19f799ed60a40bedcf0e8fa54","sha512":"89c43ff52dae814a435332fd969a8181a64ac21ced7cf17be17383b716ab965850c45655062d506df9394a48ae9eb00c93c68f5a88a1487b122a407ebd07f5f7","ssdeep":"96:Aozn+Vpi5GZZwDZ8Ik/ohO+vL8tG7e1ZDeCfMEDaH:JzUpiWwDlk4jkUCVeCkCaH","tlshash":"37913b3f9edb66785dee705f153a69482c62e50b6800dd42780ed9401b347fa0ca8eba","first_seen":"2025-12-18T23:31:11.670869Z","last_seen":"2025-12-18T23:31:11.670869Z","times_seen":1,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww17.bjjhhi.flirtooffer.com/favicon.ico","fqdn":"ww17.bjjhhi.flirtooffer.com","domain":"flirtooffer.com","tld":"com"},"ip":{"addr":"199.191.50.246","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww17.bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK","date":"2025-12-18T23:30:44.542Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ww17.bjjhhi.flirtooffer.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww17.bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Thu, 18 Dec 2025 23:30:36 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 198\r\nConnection: keep-alive\r\naccept-ranges: bytes\r\nvia: 1.1 google\r\nCache-Control: public,max-age=604800\r\nAge: 529745\r\nLast-Modified: Tue, 01 Jul 2025 13:38:24 GMT\r\nX-Cache-Status: hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":198,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 2 colors","md5":"3678cdbd64a22fa30ac1cbd55c172a0d","sha1":"f7eec842b643978bf4170df2ffbee8527df75b11","sha256":"c0b46ef8c31c29febb37a659fbaf512b3144261d023dcfab44da82502feb4e79","sha512":"bee9b34872133f110c73ae6ed24da0f385b54894393eeb5a5c09162665710e9e5db9d997305f249ccf136f6c9a85d1d6b48629a2fb01b8ce9e612279741801c5","ssdeep":"","tlshash":"9fd002833204c456c0080735c055d7f472654d155a95160708003d773c805884c64550","first_seen":"2023-07-30T22:25:04Z","last_seen":"2026-05-10T16:29:28.447937Z","times_seen":88554,"resource_available":true,"data":null}},"time_used":206,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ww17.bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ww17.bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ww17.bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/pics/9000/09/593//bg1.png","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","date":"2025-12-18T23:30:44.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /__media__/pics/9000/09/593//bg1.png HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://findresultsspot.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 17986\r\nserver: cloudflare\r\naccept-ranges: bytes\r\nvia: 1.1 google\r\ncache-control: public, max-age=604800\r\nlast-modified: Thu, 06 Mar 2025 12:55:21 GMT\r\nage: 594154\r\nx-cache-status: hit\r\nalt-svc: h3=\":443\"; ma=86400\r\netag: \"4642-62fac04c7759a\"\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uV825MC83zXqTJWNyqz6VidBmcwj%2FqlVRcfoPOJ%2FQeJBNmXgCTQ3hjhG5ka%2Fe7U9QCnCzsgeZCP9p%2B1AMMs6QSVRKKqSjTOIGKpDFtLjItAWLg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b027326ba6756b9-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17986,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1730 x 988, 4-bit colormap, non-interlaced","md5":"825ccd29ac102fcadaf92b2343d5917b","sha1":"24472e766cfac5b82a73b219796556a0a3702bd6","sha256":"0878fb2875c0ad852de8fb3e8f443afdf3064890f1443b3feccc274382f913cd","sha512":"71b8e7c0813227f5efa4b4e0561978b13672f46ee441bc222ad77aa46a32f0f44a5dab3ef038bb3418190e69dced597a79e77566da01a259f1cd6b5298a08662","ssdeep":"384:/ATpX6Cex7jSxPgvgsODg/B2HgqSSeMjhRNAxB60ZL/HU+HqofTBf:ipX6nx7elggsODg52AqSSJhIxBZZLc8N","tlshash":"8a82bef49ea4241cdde2dfbce09243d635e8fb03481a9c516bcb46c27459ea2782c71d","first_seen":"2023-04-06T22:32:28Z","last_seen":"2026-05-10T16:29:28.434265Z","times_seen":181535,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":15,"dns":0,"connect":0,"send":0,"wait":13,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/98/4a/ea/984aea0590243673d8100824b542b2eb/1756662026.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/98/4a/ea/984aea0590243673d8100824b542b2eb/1756662026.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:40 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 54266\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:40:26 GMT\r\netag: \"68b4890a-d3fa\"\r\nexpires: Sat, 20 Dec 2025 23:30:40 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":54266,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:29:30], progressive, precision 8, 320x240, components 3","md5":"61ed57bf223ebc615f8a1df5d6df4368","sha1":"efb61d1f59f6dcdb45ff2205a02ce0cd6d8577b1","sha256":"301c9c6b429a2b8c70326d0acd72bf1d503fdde4c081f8da9a71f60f90b27442","sha512":"d3323768584bf852bc18a08ebcff711b49c72b3797e973c18aee182e17d44da76937f8db37f17cbc6601e758d31e79c551fe825b153809d253d4effc00025d06","ssdeep":"768:XnaGnvGicnaGnvVhsSYymkxswdA5HURFmI2PI+KIaSMUeFBhMkIh:XbSbVVzmwdA5HURFL2PzMUeFbMkQ","tlshash":"dc33d128f3a2ef22f4d4fab55195e7a372259b2483d71b517c6d70593736090cc8e2c6","first_seen":"2025-09-02T17:23:30.730781Z","last_seen":"2026-05-10T12:41:16.829125Z","times_seen":1366,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":48,"dns":1,"connect":20,"send":0,"wait":64,"receive":13,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/impr.gif?sid=H4sIAAAAAAAC_1RSP28jxRuevZ_1K46T0HFA7RIQcnbtdWxzBSKEoIiQ5HJBKRDF7MysM3h2Z5nZ9TquIoLQiQK5oAAaNo-Ti4ATfz4AKDhHgU5CwhUpLs2JDwBIV6NNLAVeaZ73feeZ4nmfdz7cz85IAxk9XX9TD6VSdK5Zc6vPbcmY69xWVzernltzb1a3ZDzv36wOSjD9l7yGX3Ofr74uWE_P1V3PdT3Xqy5JI0I9mDtnIZN7Ha_WcWt-veY1fQzMf3ubObDUAe-fkacg-fTJR-HbkGyCOPpuUdheqpMXX4syRVNt0OdHb8W9WOcxossyNA7C-Gj2GtpOCfn0CnR8NJsAun9QToBATsmVZx8iiI9mMhH0Dy-UBgoiRsCfQN6fQKgJJJ2A6T1I_hsBGMfqGuLo7qo2Od25YGnJTknl8d-Q-ZRUHj6NOPpmQclB9bZWWSp1bDEIC8jBBLI7QZKdIB06kPkJWPo-JP-VzD1eQRwdrFmlIXlxPr0MJ6DWQVYe6SALHWSJg4ifVn237TOPNubDDmct16e-z0Xgdtp116Ud1kLGSlkjpMkITI3AzC4Ss4ueHMFkx7DbBSx3YNMpcW7tos8L5IIgtwQ5JcglQZ4S5P3ikCtbt8VdrmwWeLNcn-VGMdZpd58e6rQrYgJqRjC8OJDJe3YPLP3feBhaPtYl0CAtxjTgxX5yRq6XrjlH1_5CT5xWfSHqPGi2KQ_aNGQtt0PnXdcPfLfZavleHVYWkPbKuSFDOSW3PriORE7JtUc5AnoCq07A5DOgmQeaF6DbBYbxt5ZGlvaEkVFNyVCA6wJJWkG64-yrM3JjvLG5cHy-v3d-_xmCPSCzADMFElPgXXmfoKvujDd0Tg42dG7J92tJKiM5pOVub6c0Ff__6g2xk2vDlxft6MtXWEmU5b1NYdMVGnMZdy35ekFyLsySNkyQH5btlgjWM7u9kJk4S1bWX11ajhIjrJU6noDKKbn650dgckpu_PjF-b9tvvAHWLILm1zqtJogSCpQkkCJy3saFLD_6oPLet_eQddUQNM9xFGBvinQVwWoGsFmV8dpYh68_MtnZXyOQFXGgTKVg0AZ9Unp03EJ90v46cI2K0-rYUPUmeu2W_Neox0Kr-FzFjbbfofPU7fREEjtVC5-XPwTAAD__5x0-iRpBAAA","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSP28jxRuevZ_1K46T0HFA7RIQcnbtdWxzBSKEoIiQ5HJBKRDF7MysM3h2Z5nZ9TquIoLQiQK5oAAaNo-Ti4ATfz4AKDhHgU5CwhUpLs2JDwBIV6NNLAVeaZ73feeZ4nmfdz7cz85IAxk9XX9TD6VSdK5Zc6vPbcmY69xWVzernltzb1a3ZDzv36wOSjD9l7yGX3Ofr74uWE_P1V3PdT3Xqy5JI0I9mDtnIZN7Ha_WcWt-veY1fQzMf3ubObDUAe-fkacg-fTJR-HbkGyCOPpuUdheqpMXX4syRVNt0OdHb8W9WOcxossyNA7C-Gj2GtpOCfn0CnR8NJsAun9QToBATsmVZx8iiI9mMhH0Dy-UBgoiRsCfQN6fQKgJJJ2A6T1I_hsBGMfqGuLo7qo2Od25YGnJTknl8d-Q-ZRUHj6NOPpmQclB9bZWWSp1bDEIC8jBBLI7QZKdIB06kPkJWPo-JP-VzD1eQRwdrFmlIXlxPr0MJ6DWQVYe6SALHWSJg4ifVn237TOPNubDDmct16e-z0Xgdtp116Ud1kLGSlkjpMkITI3AzC4Ss4ueHMFkx7DbBSx3YNMpcW7tos8L5IIgtwQ5JcglQZ4S5P3ikCtbt8VdrmwWeLNcn-VGMdZpd58e6rQrYgJqRjC8OJDJe3YPLP3feBhaPtYl0CAtxjTgxX5yRq6XrjlH1_5CT5xWfSHqPGi2KQ_aNGQtt0PnXdcPfLfZavleHVYWkPbKuSFDOSW3PriORE7JtUc5AnoCq07A5DOgmQeaF6DbBYbxt5ZGlvaEkVFNyVCA6wJJWkG64-yrM3JjvLG5cHy-v3d-_xmCPSCzADMFElPgXXmfoKvujDd0Tg42dG7J92tJKiM5pOVub6c0Ff__6g2xk2vDlxft6MtXWEmU5b1NYdMVGnMZdy35ekFyLsySNkyQH5btlgjWM7u9kJk4S1bWX11ajhIjrJU6noDKKbn650dgckpu_PjF-b9tvvAHWLILm1zqtJogSCpQkkCJy3saFLD_6oPLet_eQddUQNM9xFGBvinQVwWoGsFmV8dpYh68_MtnZXyOQFXGgTKVg0AZ9Unp03EJ90v46cI2K0-rYUPUmeu2W_Neox0Kr-FzFjbbfofPU7fREEjtVC5-XPwTAAD__5x0-iRpBAAA HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27725042=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 83ed85301350b890b868b8d64a1dcfd1\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":190,"timings":{"blocked":92,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ringdisgustpostman.com/ren.gif?sid=H4sIAAAAAAAC_1RTPY8cRRDtOVsEgISMgQxpAwKQuL353N3BAeIwRhb-wjZygATqnu65a7Zneuie2TlfZGFAFgFaMsLZt-s7Ayc-fgCStUdmCclLdIEvMT8AhOQY7d5KBxVUvZr3glc11V-OqkMSoKIHVy7qbakUXYvabuvVGzLnuratS9dbntt2z7RuyLwTnmltzZMZvOEFYdt9rfWuSPp6zXc91_Vcr3VOGpHqrbUFC1nsxV47dtuh3_aiEFvm_72tVmCpAz44JM9D8tlzj9MPIZMp8uzns8L2S128_k5WKVpqgwHf_SDv57rOkR3D1DhI892lGtrOCPl2BTrfXU4APZjMJwCTM7Ly0iOwfHdpE2xw98gpUxA5GH8G9WAKoaaQdIpE34bkDwmQcFy6jDzbuaRNTW8esXTOzsjJJ_9A1jNy8tELyLMf15Xcal3Tqiqlzi220gZyawq5MUVR7aPcdiDrfSTlZ5D8d7L25ALybHLZKg3JD15hvciPvaS7KnjaXQ2p568yFvJVShlLO7zDe153sSKZTkHtCirroJIOqtRBVTjI-EErdHth4tGgk8Y86bohDUMumBv3fNelcdJFlcy9D1EWQyRqiMR8ca_gm2V_EMaT0lRip8oTG8Yjb6_6uFB-t-tHbuiPvJ0j1UIzmWtGHgpzC305hKnuw242sNyBLQkGvEEtCGpLUFOCWhLUJUE9aO5yZX3b7HBlK-Ytq7-sQTPW5caI3tXlhsgJqBnC8GYii0_tbSTlifF2avlYzxNlZTOmjDej4pCcmv8P595ff6IvDlpBz-3FUTcIRdqNuzHzwm4aiShgXtTpddIerGwg7QqodbAtZ-T9z0-hkDPy7OMajO7Dqn0k8kXQ6mXQugHdbLCd_2RpZmlfGJm1lUwFuG5QlCdR3nRG6pCcHl-9vn5_cRkfnbYQyQOyDCSmQWEafCJ_I9hQd8ZXdU0mV3VtyS-Xi1JmcpvOr-ZaSUvx1PfviZu1Nvz8WTv87q1kTszh3nVhyws05zLfsOSHdcm5MOe0SQT59by9IdiVym6uVyavigtX3j53PiuMsFbqfAoqZ-Tpv79CImfk9MMTixcRXWyQFLdgi2OfVhOwwoGSBEocf6esgf1Pz47xyN7BhnFAy9vIswYD02CgGlA1hK1OjMvCPHjzj2ARYMoZM2WcCVNGfXO0JysPWpHPgk6v1xFph6cBD_yAx5Er4pDGnTAOI5R2Js9-Pfo3AAD__xigrAS0BAAA","fqdn":"ringdisgustpostman.com","domain":"ringdisgustpostman.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:41.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ringdisgustpostman.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 11:27:51 GMT","end":"Tue, 03 Mar 2026 11:27:50 GMT"},"fingerprint":{"sha1":"93:F7:4C:84:99:B7:C1:DB:D7:F2:16:E6:C5:FA:C7:E7:EF:7B:0C:56","sha256":"37:08:07:46:C0:EF:70:47:55:6D:D5:77:54:47:28:EF:E0:AD:84:29:86:F6:18:0F:2E:5F:90:9C:39:0F:6C:0C"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTPY8cRRDtOVsEgISMgQxpAwKQuL353N3BAeIwRhb-wjZygATqnu65a7Zneuie2TlfZGFAFgFaMsLZt-s7Ayc-fgCStUdmCclLdIEvMT8AhOQY7d5KBxVUvZr3glc11V-OqkMSoKIHVy7qbakUXYvabuvVGzLnuratS9dbntt2z7RuyLwTnmltzZMZvOEFYdt9rfWuSPp6zXc91_Vcr3VOGpHqrbUFC1nsxV47dtuh3_aiEFvm_72tVmCpAz44JM9D8tlzj9MPIZMp8uzns8L2S128_k5WKVpqgwHf_SDv57rOkR3D1DhI892lGtrOCPl2BTrfXU4APZjMJwCTM7Ly0iOwfHdpE2xw98gpUxA5GH8G9WAKoaaQdIpE34bkDwmQcFy6jDzbuaRNTW8esXTOzsjJJ_9A1jNy8tELyLMf15Xcal3Tqiqlzi220gZyawq5MUVR7aPcdiDrfSTlZ5D8d7L25ALybHLZKg3JD15hvciPvaS7KnjaXQ2p568yFvJVShlLO7zDe153sSKZTkHtCirroJIOqtRBVTjI-EErdHth4tGgk8Y86bohDUMumBv3fNelcdJFlcy9D1EWQyRqiMR8ca_gm2V_EMaT0lRip8oTG8Yjb6_6uFB-t-tHbuiPvJ0j1UIzmWtGHgpzC305hKnuw242sNyBLQkGvEEtCGpLUFOCWhLUJUE9aO5yZX3b7HBlK-Ytq7-sQTPW5caI3tXlhsgJqBnC8GYii0_tbSTlifF2avlYzxNlZTOmjDej4pCcmv8P595ff6IvDlpBz-3FUTcIRdqNuzHzwm4aiShgXtTpddIerGwg7QqodbAtZ-T9z0-hkDPy7OMajO7Dqn0k8kXQ6mXQugHdbLCd_2RpZmlfGJm1lUwFuG5QlCdR3nRG6pCcHl-9vn5_cRkfnbYQyQOyDCSmQWEafCJ_I9hQd8ZXdU0mV3VtyS-Xi1JmcpvOr-ZaSUvx1PfviZu1Nvz8WTv87q1kTszh3nVhyws05zLfsOSHdcm5MOe0SQT59by9IdiVym6uVyavigtX3j53PiuMsFbqfAoqZ-Tpv79CImfk9MMTixcRXWyQFLdgi2OfVhOwwoGSBEocf6esgf1Pz47xyN7BhnFAy9vIswYD02CgGlA1hK1OjMvCPHjzj2ARYMoZM2WcCVNGfXO0JysPWpHPgk6v1xFph6cBD_yAx5Er4pDGnTAOI5R2Js9-Pfo3AAD__xigrAS0BAAA HTTP/1.1\r\nHost: ringdisgustpostman.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=1; u_pl27725042=1; uid_id2=b85291c7-edf7-4a12-bb4d-aabbf6d6d817:2:1; pdhtkv29=true; uncs29=1; u_pl27848932=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:41 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: ringdisgustpostman.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0a72ccce89fd7b224b70be5836fc475a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ringdisgustpostman.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"msadsscale.microsoft.com/bingads/telemetryJS.js","fqdn":"msadsscale.microsoft.com","domain":"microsoft.com","tld":"com"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","date":"2025-12-18T23:30:45.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msadsscale.microsoft.com","organization":""},"issuer":{"commonName":"GeoTrust Global TLS RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 31 Jul 2025 00:00:00 GMT","end":"Sat, 31 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"34:39:11:D9:81:82:9F:0D:13:FF:7F:59:87:CB:0A:A8:B2:97:4E:0D","sha256":"91:83:F9:25:CC:CC:3E:DE:FD:B5:F0:CA:F2:E0:10:35:CF:D7:DC:52:B9:4B:1E:D2:DC:9B:5B:86:F7:91:A3:E8"}}},"request":{"raw":"GET /bingads/telemetryJS.js HTTP/1.1\r\nHost: msadsscale.microsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://findresultsspot.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:45 GMT\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 12 Mar 2025 08:06:51 GMT\r\netag: W/\"0x8DD613CD8BAF720\"\r\nx-ms-request-id: 5ea243b1-d01e-0046-3d7e-6ff6ab000000\r\nx-ms-version: 2018-03-28\r\naccess-control-expose-headers: content-length\r\naccess-control-allow-origin: *\r\nx-azure-ref: 20251218T233045Z-17f644c5599h7llhhC1SVGpuqg0000000zfg0000000083ex\r\nx-fd-int-roxy-purgeid: 0\r\nx-cache: TCP_HIT\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}],"data":{"size":72824,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65504), with no line terminators","md5":"84bf71fe11d71bedaac885462b1d2940","sha1":"bdcf95799b79eea873329ddbd112eda32f47877e","sha256":"a8d28463855fcf949fb31963246cc6c55ea9baf9c5551b327687dcd6076502f7","sha512":"02d7de1db70f021c17bc184e1e795cc01f63889731f444ca429040f3599dccdb346c68e8e5e69fc81060972b7ccbcebf1e9294e50318957ded8cb0cbeecacb3e","ssdeep":"768:TM4lJgxIU3OPOEUi6UsQ6R1k/Y7/LKF/ZE/4OkeZChQZqeYQYTyCLJV6N//MFgPc:A4voIU+POE3kMMmF/6VbqXQQfI/EgYuo","tlshash":"5a63938df1d1b0f607e7a0e5412f960ae1b72968b45ea8d6e6a1d4e09c7884f1037f7c","first_seen":"2025-03-13T12:39:24.627452Z","last_seen":"2026-05-10T16:29:28.444726Z","times_seen":124567,"resource_available":true,"data":null}},"time_used":64,"timings":{"blocked":24,"dns":0,"connect":8,"send":0,"wait":17,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/46/67/16/466716847e8dab35df8323718d632d4f.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /46/67/16/466716847e8dab35df8323718d632d4f.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 18 Dec 2025 23:30:40 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 30204\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 067ea03febd81c70b3689a36a21c7fec\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78849,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"483e80d0a6584cab5e8c5f6cc9045781","sha1":"e6256c806d04795e946ed4b305363796b3cf9744","sha256":"97cbf7e52ec0ffbf658d92c5d6b9544788537fc77341f68257a6ce277edbc527","sha512":"fc2cb9349dc40ac796d640c18690937ca08aa031656fd2191f7405f3d43ba85f81da273e170bee4c8f1da5cffe9665c63b4bb7fbe32169e9a7b36588a3fc7639","ssdeep":"1536:l9yUBg8XFOUGfAVTesz3WArOwlNyBv77NzxpQ2jFFwbDjIC:l3B91cKpUhxpJwDIC","tlshash":"307309487f82b16b5352a073627fd047f0256f1261ecd498d123e6a86f6c339f636b98","first_seen":"2025-12-10T17:32:58.721766Z","last_seen":"2025-12-29T22:56:57.625594Z","times_seen":8,"resource_available":true,"data":null}},"time_used":786,"timings":{"blocked":295,"dns":14,"connect":94,"send":0,"wait":99,"receive":93,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"penpineapple.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1552\u0026rd=1552\u0026fd=491\u0026bv=25.12.6659\u0026tmpl=70","fqdn":"penpineapple.com","domain":"penpineapple.com","tld":"com"},"ip":{"addr":"52.57.11.42","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:40.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"penpineapple.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 01 Dec 2025 00:00:00 GMT","end":"Wed, 30 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AD:7E:BA:FB:22:EC:2C:9D:2D:4C:56:2C:9A:80:27:72:FE:67:C1:48","sha256":"63:02:2E:55:6E:36:75:EE:6C:09:C9:6B:AC:4C:CE:27:F0:76:1F:83:21:03:52:43:6C:BC:40:8D:C6:4C:F4:3F"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1552\u0026rd=1552\u0026fd=491\u0026bv=25.12.6659\u0026tmpl=70 HTTP/1.1\r\nHost: penpineapple.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:40 GMT\r\ncontent-length: 0\r\nserver: nginx/1.21.6\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\ncache-control: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":408,"timings":{"blocked":149,"dns":22,"connect":24,"send":0,"wait":114,"receive":0,"ssl":94},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"penpineapple.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww17.bjjhhi.flirtooffer.com/s/5df2314e7aee5?track=REANK","fqdn":"ww17.bjjhhi.flirtooffer.com","domain":"flirtooffer.com","tld":"com"},"ip":{"addr":"199.191.50.246","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T23:30:43.326Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /s/5df2314e7aee5?track=REANK HTTP/1.1\r\nHost: ww17.bjjhhi.flirtooffer.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Thu, 18 Dec 2025 23:30:36 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nx-sc-h: 21-aepk\r\nvia: 1.1 google\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":9641,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (9474)","md5":"1e02c7e11aba152d40e3b89635cf3ab5","sha1":"5f1742916f613177be3c76e158c3339c42c67aa7","sha256":"605a5f614d76eea835c2690eb3c28f395b93c7f14671b57b609291c149608e59","sha512":"fa4191e6e08c0bfc4d181921aea7e79526ff93da2369247d17a1696f27233bfc2bf4463dd7972235007cf7ca4f4488e5e9973913c823d3ad0c7695200f2f2259","ssdeep":"192:fm5Mp7NzF7TH7KR5v6rYvxmh0GKLGAvzTH7KR5v6rYvxmh0GmaVAY:vY8+yAvG8jh","tlshash":"a312087611b694108cce24a2df3eefde61ed1e1bed5d680c8598c250316e72b8d41bf1","first_seen":"2025-12-18T23:31:11.67647Z","last_seen":"2025-12-18T23:31:11.67647Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1471,"timings":{"blocked":495,"dns":371,"connect":123,"send":0,"wait":480,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ww17.bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ww17.bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"ww17.bjjhhi.flirtooffer.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.yimg.com/ds/scripts/selectTier-p1.1.0.js","fqdn":"s.yimg.com","domain":"yimg.com","tld":"com"},"ip":{"addr":"87.248.119.252","port":443,"asn":203220,"as":"Yahoo-UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","date":"2025-12-18T23:30:45.084Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yahoo.com","organization":"Yahoo Holdings Inc."},"issuer":{"commonName":"DigiCert SHA2 High Assurance Server CA","organization":"DigiCert Inc"},"validity":{"start":"Wed, 03 Dec 2025 00:00:00 GMT","end":"Wed, 21 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"24:1C:45:0A:5D:1C:D7:ED:7A:D5:E6:FA:55:FD:EE:95:53:AE:FA:77","sha256":"18:A3:9C:6B:4D:4C:7B:B4:54:34:AC:7E:B0:00:DB:9D:89:03:B3:A9:7F:5F:2A:1B:A9:62:49:67:87:3E:F0:8C"}}},"request":{"raw":"GET /ds/scripts/selectTier-p1.1.0.js HTTP/1.1\r\nHost: s.yimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://findresultsspot.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: bxUfphAmq13dw8iGIymdHMV/h4v/Wnzh8FW3W6cEBtQAnmDgPEtOY4FaBEkv+1o2WJNgJaJFbW9dc1EO1/4jhg==\r\nx-amz-request-id: SQZZ8SK43HM52316\r\ndate: Thu, 18 Dec 2025 23:30:24 GMT\r\nlast-modified: Thu, 20 Nov 2025 17:25:39 GMT\r\ncache-control: public,max-age=60\r\nx-amz-version-id: cBEvYraRJPb_oZIzj59OF.PVkaCjFNDl\r\naccept-ranges: bytes\r\ncontent-type: application/javascript\r\nserver: ATS\r\nvary: Origin, Accept-Encoding\r\netag: \"3e822c257ba7fef24f528f4691aeb99b-df\"\r\nage: 22\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: gzip\r\ncontent-length: 4373\r\nstrict-transport-security: max-age=31536000\r\nats-carp-promotion: 1, 1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache Traffic Server","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12818,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12818), with no line terminators","md5":"3e822c257ba7fef24f528f4691aeb99b","sha1":"f819207c02f62baca71d1ebd1c5b3703312f630f","sha256":"3799b25dd5ee04f751d55c8fef57734264b83fa875b4270a2069bb0b42af9e5e","sha512":"84b5a5f85166699f09a77cf3b358be9d4e3d2386b06134dce6321869d6ab6e9517c43dadd25519e72e683a33010c41a233020b7cc799ef275be870890c98bf6c","ssdeep":"384:tKjiEAbREf2vfxpw5LISLJM6IhJocevD5tg:5gfGw9IEm6IhJmng","tlshash":"da42b5d57886b47627ab81a0b53f232532335c36240dd79076498678aa4cf8f9323fec","first_seen":"2025-11-20T17:27:39.740418Z","last_seen":"2026-03-17T16:07:28.498685Z","times_seen":75555,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":65,"dns":26,"connect":29,"send":0,"wait":32,"receive":1,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-KJ4T538TS5","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.72","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ekltersas.life/rqgfr/4/60808-kelly-rohrbach-nudes","date":"2025-12-18T23:30:39.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:40 GMT","end":"Wed, 25 Feb 2026 15:49:39 GMT"},"fingerprint":{"sha1":"A1:49:37:FE:E0:3E:26:88:A3:64:37:DC:04:D7:8D:D1:D3:F3:91:75","sha256":"BB:61:22:1A:6C:67:5D:C0:C8:A6:73:93:B9:53:82:98:95:54:B5:52:8B:33:FC:08:58:01:D2:3B:FF:E6:35:12"}}},"request":{"raw":"GET /gtag/js?id=G-KJ4T538TS5 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ekltersas.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 18 Dec 2025 23:30:39 GMT\r\nexpires: Thu, 18 Dec 2025 23:30:39 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 147135\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":449288,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (6031)","md5":"2c6f2166610cfd82dfa698fced78d9a9","sha1":"5e40b88d1d4cf2c56eef5e7ce2698046cbf1f5fa","sha256":"25ff88384f28b06a63ee095e2489b433c4838c3c067a83ffc93acc689348585b","sha512":"8d6a7506a8c54f6955fc0aac170b73013b2c19648f56fd6a85008822d1e04eda16a31927f2b0351792e0db693e48dab7fb629331aa8079d26832e5462ca2f530","ssdeep":"6144:PZIe7ma2bulKY/1u99xHDmHYmyBFzvnsy/O6yWoNPad4FpCpbr:iC8bu7/1mbrnsyByWbMpC","tlshash":"b9a4098e73c67426939ae078502f11cba97b29e2b45cc896f1c9cce01d7469a4277f7c","first_seen":"2025-12-18T15:03:30.903461Z","last_seen":"2025-12-19T05:29:52.904382Z","times_seen":8,"resource_available":true,"data":null}},"time_used":390,"timings":{"blocked":151,"dns":1,"connect":15,"send":0,"wait":36,"receive":47,"ssl":138},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bqi.php?vgd_len=1703\u0026\u0026vgd_aref=0\u0026vgd_tsce=L1082-S1082\u0026vgd_l2type=dmola\u0026vgd_ydspr=0\u0026vgd_cdv=O2494\u0026vgd_cage=2\u0026vgd_pgids=0\u0026vgd_pdtid=1\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026lf=3\u0026prid=8PR11258V\u0026cid=8CUIK384H\u0026crid=105767162\u0026requrl=https%3A%2F%2Fflirtooffer.com%2Fs%2F5df2314e7aee5%3Ftrack%3DREANK\u0026vi=1766100644919229513\u0026ugd=4\u0026cc=NO\u0026sc=03\u0026gdpr=1\u0026vgd_acid=undefined\u0026hvsid=00001766100644180015326356487944\u0026cme=Y3CIEtK1-hkNRz4nOE7ecovEgwyrLSrM_s2_6dmx0LDewGYWJv_aBJD12cZ-GeNSBR1KklQ6iISTLcDnq1NsIqm8iYXS2_qtPZzbbHaiesXDTYKzEeqbkU2aBe2sNvnIh_Muj9tQ8kiiDzsw-ajcu9ouxWh1k4MV4jVPP5YG0bzMkdbqstHaZOx7aVfmlckgFFnjJq5HAYiWiTfUa6i4RlL8-gekejRXnTu36ln7vfO30XviL2fbS-V_OYv7TLfCpiPDFyUnfQQFFDwXikNu3Q%3D%3D%7C%7C93q-w6oysg91aq4hh7dv6zzrcNTS6udO%7Ca0AmFUYXmD6h8Qsq1enTflc2Pkp459aSwwGpaS1Oi_zdN8_gzvPB9Ybt_KJVFTr2TMgBXNyn1c16lGC6v8Hraw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7C9N40jeUC3sm6zGaIXg9B9L5D6D7MOru_P4NIqj857AYE3YStfVLpBAs9iET_QegTE8UKfPOpwbBFvTvUGTAGji7EqC_mTGNrL6pT5uOwn-dfF7dzvu52vDA_UuGkroI5nJXeJvINWllM3OE5thzHxWEG13pzDPdnCiR-9fE3ka3EjJllMHxbbLUQuQxAg6v7x-TTto9ioNpWh8Zsc91Y7rdv68OT1nX_o_6gyiehNBy1EbTamHPExx4h9xVuhZWSPklcT-uzDcc_zAb7iCWkVM4C4QnVaXsLHy6C1IS2mMj6VNTop2JGSORlVGtYEfWSTvNmBrLq7VDiVKni32D9bD9MqVIHtBoxBGNnjhdrpbUl6PNvg7lKc2B-DkfPec7dGQ3MqHSUHSCLaspI728V7QI95s__ZtgCGvZL98H4lJdJO6CaAh0Fx__EsPkOYeLRkOlfZMLP0_gWcTrunnGVuvd7LPX9y8qtJCzwpV0oao_xKyhqM_N7w861q3xZA5avXGtXCwmS5NOrADWrPOYpPsec4xv0sy021eFMcfcdKB8-oZfXphGrpMalRvgnoGkCe-Xr2Kft7vtm-EEWUPsOcguJHQNiNyafbgrjiioCgCukV2oBq0HduZNmq0GWsANr%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026fp=rxEwMlW0350whSeeKc49Nb76WR1GIXxywPcb6OK4wW7p1bTfSSs2j-FMnlFc8-3kfkAYkFst_O9TLF4OrzZp4dok1h4KaZhGCIVm-k6Bfz7kUQn8zUIG5Lbi8-PCOQ4R8lNiDVlXsek%3D\u0026vgd_rensize=1280_1024\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://findresultsspot.com/sr/754870121/SAFEFRAME.html?ule=799\u0026%2AE=grMMgVVMff%28g%28jj%28Cgw\u0026-Ka=Ru45pUipfU00A5%212-U-Ui8u%2F%21UN0UwuSw2U\u0026-TH2=\u0026-W%2A=\u0026-Wag=\u0026-Waj=\u0026-Wnk-EN=\u0026.qEW=\u00260p520B=maaTl%3A%2F%2F%21BE0ann%21%21p0sKnk%2Fl%2FCW%21jwgfpr-ppC%3Fa0-KI%3DxciS1\u00262AW=f\u00262lTpN%21=V\u0026AWT0=g\u0026AWT0KNla=\u0026BjazTp=WknB-\u0026ElEW=V\u0026IW=\u0026IZ0%21=\u0026K0EW=gVCrMrgMj\u0026KEW=oHv41wofL\u0026KK=S7\u0026KW%2A=7jf%28f\u0026KaTEW=\u0026KmNkj=nl%2AfeENaK\u0026KmNkw=\u0026Na%2A=\u0026Nkp00=g\u0026TEW=\u0026Wk0%21=g\u0026WpKkkk=\u0026ZBlaT=V\u0026ZlmT=V\u0026alKp=XgVoj\u0026htmlsrc=1\u0026kkdd=n9%7CH%7C%2An9A\u0026klT-=V\u0026lE8p=ggCfUMo%28\u0026lK=Vw\u0026llBW=%7B%22llKK%22%3A%22S7%22%2C%22llKaz%22%3A%22nlBn%22%2C%22llET%22%3A%22%22%2C%22lllK%22%3A%22Vw%22%7D\u0026lqW04W=\u0026maaTl=g\u0026nB-%21=nNp\u0026nEW=w%21%21frofK9jpMC9fjwo9%28wCK9rWVwqMgMK-pf\u0026pK0EW=\u0026q-p=\u0026qEW=\u0026qW04W=\u0026qp=V\u0026tpid=\u0026zTBT=\u0026zWlT0=\u0026zqNeKKepUT=\u0026eobd=\u0026eoac=RvYbkNvbY\u0026eoch=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001766100644180015326356487944\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222151364624398269975%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=IGBuBoCQ6EtJJ0FyjJNomtkw_H32sVjST4wF6bcRHhZM4OSV2ZsBBUIBRALWNwsAE31lLm_M7aEtJXgbGJpc3SPt7qgIStupxVpqsf3VzAR_QzUgS-BY7XFL_xRmZgukp1rpCa3NqdCS-EuKrv-zXcc7AcaDiv1py0gm36Sr0JimQnLKGbwCerHn1TmPk5IU7oPLNFuUlHmbVCzRMARQOw%3D%3D\u0026tchkpts=%7B%22prel2%22%3A1766100644424%7D\u0026stime=1766100644424\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Ffindresultsspot.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F3ZRb%253DC%25265AMXRk%253Dh3U5b%2526BZRko4%253DC%2526Blh%253DT%2526II%253Dj1%2526ILwh%253DuC_eFeuFA%2526IMRwh%253D%2526IhJ%253D1AT8T%2526Iio3A%253DUZJT%252528woMI%2526Iio3t%253D%2526Iwh%253D%25252ANYW6t%25252AT2%2526Jw%253DueFFuCCFTT8u8AA8_ut%2526Lk-BL5%253DiMMRZ%25253A%25252F%25252F45wLMUU44kLSIU3%25252FZ%25252F_h4AtuTkebkk_%25253FMLbIm%25253Dz9gj6%2526MZIk%253DHuC%25252AA%2526Rwh%253D%2526U5b4%253DUok%2526Uwh%253Dt44Te%25252ATIOAkF_OTAt%25252AO8t_IOehCtsFuFIbkT%2526XR5R%253D%2526XhZRL%253D%2526Xso%252528II%252528k.R%253D%2526ZI%253DCt%2526ZZ5h%253D%25257B%252522ZZII%252522%25253A%252522j1%252522%25252C%252522ZZIMX%252522%25253A%252522UZ5U%252522%25252C%252522ZZwR%252522%25253A%252522%252522%25252C%252522ZZZI%252522%25253A%252522Ct%252522%25257D%2526ZshLWh%253D%2526Zwyk%253Duu_T.F%25252A8%2526bIM%253D7~W-k.gkT.LLl-4Bb.b.gy~%25252F4.oL.t~jtB.%2526bRNB%253D%2526bhJ%253D%2526bhMA%253D%2526bhMu%253D%2526bhU3bwo%253D%2526hkI333%253D%2526htmlsrc%253D1%2526iMMRZ%253Du%2526kILwh%253D%2526kkdd%253Dn%25252A%25257Cu%25257CnA%25252A3H9%2526lhRL%253Du%2526lhRLIoZM%253D%2526mh%253D%2526mxL4%253D%2526o3kLL%253Du%2526oMJ%253D%2526pswh%253D%2526sbk%253D%2526shLWh%253D%2526sk%253DC%2526swh%253D%2526tpid%253D%2526wZwh%253DC%2526x5ZMR%253DC%2526xZiR%253DC%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D","date":"2025-12-18T23:30:45.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:48:41 GMT","end":"Sat, 28 Feb 2026 16:47:10 GMT"},"fingerprint":{"sha1":"B6:15:E0:AA:2B:F2:1A:96:0A:90:53:E3:BA:E4:61:85:FA:35:8C:5A","sha256":"AF:0A:96:E0:3A:65:9A:90:80:F1:73:2C:66:E0:90:E6:6B:6C:23:08:E5:9E:AA:0E:52:53:23:5B:14:9A:9B:6E"}}},"request":{"raw":"GET /bqi.php?vgd_len=1703\u0026\u0026vgd_aref=0\u0026vgd_tsce=L1082-S1082\u0026vgd_l2type=dmola\u0026vgd_ydspr=0\u0026vgd_cdv=O2494\u0026vgd_cage=2\u0026vgd_pgids=0\u0026vgd_pdtid=1\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026lf=3\u0026prid=8PR11258V\u0026cid=8CUIK384H\u0026crid=105767162\u0026requrl=https%3A%2F%2Fflirtooffer.com%2Fs%2F5df2314e7aee5%3Ftrack%3DREANK\u0026vi=1766100644919229513\u0026ugd=4\u0026cc=NO\u0026sc=03\u0026gdpr=1\u0026vgd_acid=undefined\u0026hvsid=00001766100644180015326356487944\u0026cme=Y3CIEtK1-hkNRz4nOE7ecovEgwyrLSrM_s2_6dmx0LDewGYWJv_aBJD12cZ-GeNSBR1KklQ6iISTLcDnq1NsIqm8iYXS2_qtPZzbbHaiesXDTYKzEeqbkU2aBe2sNvnIh_Muj9tQ8kiiDzsw-ajcu9ouxWh1k4MV4jVPP5YG0bzMkdbqstHaZOx7aVfmlckgFFnjJq5HAYiWiTfUa6i4RlL8-gekejRXnTu36ln7vfO30XviL2fbS-V_OYv7TLfCpiPDFyUnfQQFFDwXikNu3Q%3D%3D%7C%7C93q-w6oysg91aq4hh7dv6zzrcNTS6udO%7Ca0AmFUYXmD6h8Qsq1enTflc2Pkp459aSwwGpaS1Oi_zdN8_gzvPB9Ybt_KJVFTr2TMgBXNyn1c16lGC6v8Hraw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7C9N40jeUC3sm6zGaIXg9B9L5D6D7MOru_P4NIqj857AYE3YStfVLpBAs9iET_QegTE8UKfPOpwbBFvTvUGTAGji7EqC_mTGNrL6pT5uOwn-dfF7dzvu52vDA_UuGkroI5nJXeJvINWllM3OE5thzHxWEG13pzDPdnCiR-9fE3ka3EjJllMHxbbLUQuQxAg6v7x-TTto9ioNpWh8Zsc91Y7rdv68OT1nX_o_6gyiehNBy1EbTamHPExx4h9xVuhZWSPklcT-uzDcc_zAb7iCWkVM4C4QnVaXsLHy6C1IS2mMj6VNTop2JGSORlVGtYEfWSTvNmBrLq7VDiVKni32D9bD9MqVIHtBoxBGNnjhdrpbUl6PNvg7lKc2B-DkfPec7dGQ3MqHSUHSCLaspI728V7QI95s__ZtgCGvZL98H4lJdJO6CaAh0Fx__EsPkOYeLRkOlfZMLP0_gWcTrunnGVuvd7LPX9y8qtJCzwpV0oao_xKyhqM_N7w861q3xZA5avXGtXCwmS5NOrADWrPOYpPsec4xv0sy021eFMcfcdKB8-oZfXphGrpMalRvgnoGkCe-Xr2Kft7vtm-EEWUPsOcguJHQNiNyafbgrjiioCgCukV2oBq0HduZNmq0GWsANr%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026fp=rxEwMlW0350whSeeKc49Nb76WR1GIXxywPcb6OK4wW7p1bTfSSs2j-FMnlFc8-3kfkAYkFst_O9TLF4OrzZp4dok1h4KaZhGCIVm-k6Bfz7kUQn8zUIG5Lbi8-PCOQ4R8lNiDVlXsek%3D\u0026vgd_rensize=1280_1024\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://findresultsspot.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 18 Dec 2025 23:30:46 GMT\r\ncontent-type: text/javascript\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\nexpires: Wed, 17 Dec 2025 23:30:46 GMT\r\npragma: no-cache\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JDK47824Xu0nhC7Vh21a%2FLjq5kSV%2FOs543%2FIgQ0y10lNslCD4wOQWCqaxEQ0ICmRlj6kGi22y82nEI4XYwd%2BUByIG%2BJXIN%2BTx4UshbWfmIQCxA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b02732d7f8e56b9-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-05-10T16:29:28.435773Z","times_seen":173811,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":135,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}