{"report_id":"09df8fb1-4ac2-4376-9fb0-7edb586170c2","version":0,"status":"done","tags":[],"date":"2026-07-12T22:01:27Z","url":{"schema":"https","addr":"varewex.com/","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"172.67.172.195","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"varewex.com/","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"title":"Varewex — Online Games \u0026 Rewards","dom":{"size":212310,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (65466), with no line terminators","md5":"b0e42cf659aca7a4958b8369403664e6","sha1":"08df5b1f1c0822f96eddf6ab496be6e28cca42da","sha256":"7045b606897e3b971d6ebef5cbbbe77f1dd01a6090f6ceb6cf604277fe155101","sha512":"70b86ff886bd8a1feb3ad8c1a1803c1bd0fcf9762afad53433fbe836364571c8020b0ed37566f89f0bc2c0a16990a9cc46468cd82e17f587c59cc8c3a96220a8","ssdeep":"1536:R7jpxFCvF9VgadnQF44MYYWjFvlJPRTgrR6666+6666v6666Umk5wTTqhGe:Rv7FCZiHqhN","tlshash":"2824b731e308591d7037c584ea61bf5e72b9c206d31a552ce3fe6475e38b8faa5272c8","dom_hash":"domhash5edb3779917336ae6006ec75758e9860","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"varewex.com/","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"172.67.172.195","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-16T22:01:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"varewex.com","ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-07-05","domain_rank":0,"first_seen":"2026-07-10T09:44:50.804135Z","last_seen":"2026-07-10T09:44:50.804135Z","alert_count":115,"request_count":115,"received_data":13773890,"sent_data":74855,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Webpack","description":"Webpack is an open-source JavaScript module bundler.","website":"https://webpack.js.org/","common_platform_enumeration":"","icon":"Webpack.svg","categories":["Miscellaneous"]},{"name":"Next.js","description":"Next.js is a React framework for developing single page Javascript applications.","website":"https://nextjs.org","common_platform_enumeration":"cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*","icon":"Next.js.svg","categories":["JavaScript frameworks","Web frameworks"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-07-05T22:19:28.847206Z","alert_count":0,"request_count":7,"received_data":277771,"sent_data":3988,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-07-05T22:48:05.057169Z","alert_count":0,"request_count":4,"received_data":14426,"sent_data":2272,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-07-05T22:22:24.069932Z","alert_count":0,"request_count":1,"received_data":33694,"sent_data":743,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/4bd1b696-100b9d70ed4e49c1.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2a9c2166a0ae63c27a466c7fb5903d80","sha1":"51f1c90c3f1e1d32d0c81e836ded7ed5ba0601d6","sha256":"5421e13a91a9389517b66179f3b4b5eaa0d95245438066d4d7b19ac30aeb809b","sha512":"8dc6274f2637076f1b5c4cd3f61b14259ec5552d844245c8b93a64f19c8b6b7347554a03b994b0f880b7dae74ad65e54eaa00be81783c2cedbae82a7fd4b89dd","ssdeep":"1536:DWET9Lwegcl2MywYleojBFOQLfioEV7hNc7lFlgXGhJx4bzZc5zg5tgW/zAe6c0:Z9LwzMyh1vLEE7RgXOQ5SIA1","tlshash":"ecf3f8ec3999e611aeb342a700df28037378261b240d4d60a614fd9ea57845bb17bfde","size":173025,"data":"","first_seen":"2025-08-21T15:49:50.637902Z","last_seen":"2026-07-13T10:45:18.945199Z","times_seen":13110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/5708-926a5cbb3579d1f7.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b58d901009e5dd078ec84a30e48e151d","sha1":"f871fd5e9a02a283c8e31a9be700e4ae15715e17","sha256":"0faa839769526c3620c7c8f7bc9b4b78004ef9980c103cd365079fbbedff3ab4","sha512":"b31d347b922a69e047655ced69bf8b14f63967d19b9b2df4b68726f51b5462170295305ad351d502bc84613fa23d89898c53400e8ce7adfa908d20f7c8ccf899","ssdeep":"384:u4daU8llCsp4PSOIX+lhs1UW5KRJ2YE7d2BzS+k0JQu2U67PMvia+MT/BuM+Mn4U:u4davGFu+j22","tlshash":"f1c27019aa4ba4bb87f116ef697d0b8401af075ff548ce17e529cf183347a252c91e2c","size":26916,"data":"","first_seen":"2026-07-10T09:45:03.479914Z","last_seen":"2026-07-12T22:01:35.306961Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2cde633364ca71e63e183fcd285ce7a","sha1":"9a862e68484ea8b8bb94f672043d0752dbded9c3","sha256":"77456310fac2a586847d628eb005a0b7fa04b0e9569341b7bb5702bbdb94920f","sha512":"80caa655040b31db018b4aa93f5ccee47b87cad631f25e0b6f316c5a36fdfdcf3fb8da6ad95b895a620a2ccb565090f596acf0070a561a4804e502da79b3ff3a","ssdeep":"","tlshash":"6ef00e5a2c97a4a737fa367ec31b562b235203037882d808ba0ec4242fa8a951c4298d","size":614,"data":"","first_seen":"2026-07-11T14:42:53.022414Z","last_seen":"2026-07-12T22:01:35.324806Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/main-app-f3336e172256d2ab.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"39016df7484bb925b0b0fe1905ddbceb","sha1":"088ce59eb609b8c19e00e2d93e10d33b75578d7a","sha256":"91801d552d3e97ad6aabb535c2d8eeff31bab152fb2448b8556373894e7d7215","sha512":"41618a49d22f65beb83086c769a8c67e5ba76cbd01b838ee2ef88857171a333a9ee680d08d182a3ef65393eef1b4d2984c122e3d4d0913e82c0f0e9ee004e46b","ssdeep":"","tlshash":"8bf0d69a4f0cf52f5d26ad65fe97ace2245f4175202b4e606901ee613c23bacd270404","size":572,"data":"","first_seen":"2025-09-01T15:30:28.522834Z","last_seen":"2026-07-13T11:41:26.835456Z","times_seen":634,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-07-13T12:16:58.694482Z","times_seen":394696,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/1255-c32318a942e40e3e.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d0655ecf061ed2032b2ed77f5fac4960","sha1":"bd73869341e65531e389db448125d6aa1b94dc73","sha256":"da0b6bb480869080c97b8a651145be0afa28d583e9f61fdbf836fbaf22be5ce3","sha512":"848f838f84fef605ebcdfe400206de7557e437dbc80169c2fd494308da5747a6fa93547706a1a590b39d20aaf9587ea08e5bb71a162734255329beb93bad6485","ssdeep":"1536:bzigN+8/BhcO5HYHqLVcXo7yIzPr6Q04ToTlTx1p7eChTtaocZXxreXRNIrky/Sz:379LmA+sy4r904Aj44RN0z/Sz","tlshash":"f0f3dab636d0f8d107a780e5843b400af3291c3b146f74a0a3e6dcd975645dea1b3faa","size":173011,"data":"","first_seen":"2026-03-28T22:09:22.209351Z","last_seen":"2026-07-12T22:01:35.300715Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/6477-9e02b2a147e40874.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9572bd36ad48a0afeec6633517fa7710","sha1":"d6483ba4eef36b13eb61477ac213fb9e4209bbdc","sha256":"597b7a3a3a772044b01484b288189b297f5295509a6b9834b5a3e20ffa3c3ac8","sha512":"870b80a2619e547b7aba1eb21b54d03136d56ee0e07a197510acc346f159ca8fbc1224e2934260f169a4836806d99e7ae9bae320bf5f2202ee18679492454f60","ssdeep":"12288:8YvBFTs8FN+95dzoX8i3UEPLBTXyXTUCI3184x1BZcWt/6BHsYfowoy+INtbkflt:8YvnXFZ848GYfowoAeOXwF","tlshash":"ad955c0c4b6c34ba06dd77c236cd1f36aaec4db5a6d1d2128cbe566d21ecc38923d658","size":2057604,"data":"","first_seen":"2026-07-12T17:38:11.939923Z","last_seen":"2026-07-12T22:01:35.325726Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/4038-49fdd8ae32fa9982.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fcc0345f008acbe8f529de677f7ea0b8","sha1":"4709ac8c02289d17f1a27caf9f719c3199e33199","sha256":"94702b098b138dcadab4016ec2aaa5431ce4daf3592629f2b1bd4bfea2c18363","sha512":"40efb9d579d53f9a2b66c219b459d80829c15026ef38f76021613ef87027131a8a09f3ad0c4cbc7d7421f37e3632c419088eeafc6f2907fd8b471081a65c4f18","ssdeep":"1536:kjI+qNzajw1Muc9T05eMK89JgRPWSEtmfPjvss85QxnpYQoQCsdZ:k0plajw1Cez9JgRPItmf7v85mnWRmdZ","tlshash":"178319256609315cf17bc58872cfd91db26e362ce61ac578bf3e7829179a0f4b126f80","size":82267,"data":"","first_seen":"2026-07-12T17:38:11.838423Z","last_seen":"2026-07-12T22:01:35.286472Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/app/(main)/layout-4d27638b938b6895.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bff7621c687cd5d0f66ebf66ca833cfd","sha1":"cd1f50b353365d253742afdf6ae67fdf39795351","sha256":"d28666a9634510936f8d64bbba35597f853a668c80009cdb3607125168eefc37","sha512":"b25b6d5745ac6e3165fcbcf29518a315ad942447a0a7dd97c02324c08a791d30f9eb178fed39ee9f4b5694defbccc9c1b7ec56764182c26bcb50a4158aed6dfb","ssdeep":"768:f4f66H0enWAvs3/94888itgZ6E9hHnIiTuJWxdlBLdvHT6tyaz3DXE7ir3zeZ6z:fcrnWAkva888itgXhNrT5eDE76zeQz","tlshash":"f2430935aa073d18f63f81c9778f550eb15fa924fa4f4538ba7e2c3212584e4b226bd4","size":57728,"data":"","first_seen":"2026-07-11T14:42:52.99703Z","last_seen":"2026-07-12T22:01:35.313706Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/app/layout-3f0574c4e5d40333.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c0d11d52032af6ad193ca67a8408c35c","sha1":"8932c0ff9004f3317bb6d2e2c06693f5f855a761","sha256":"6165148d41738b1c671dce4457ec8f9742d6b4489d0de7f6c916b30a77d5f34e","sha512":"7a88391810320df94fc5f40b777293396b0f6fef64aac6c6ba2ac848997bf81dd11dc7cedbe7fbf16e450fe788117fe66f79dae4b072b67724e99c13c2590fdb","ssdeep":"768:+s5XQwaevuPsAc9kxPsAzea6AZZGSYY2pxJuFFdYnQ:+s5XQwaevuPxnpMpxJuFFynQ","tlshash":"80d21ba6920a293cb5b245e8663f910cb17f6b25d72e4414b7bf2c313b498cd92727cd","size":31080,"data":"","first_seen":"2026-07-10T09:45:03.495816Z","last_seen":"2026-07-12T22:01:35.275778Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/webpack-88bb21cc9b698da8.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a6e899e41a949fba95deb581bb003e29","sha1":"89ba1afcdead5a1d29e3f536b345fae2dba1b13f","sha256":"6e412f48b783c41ca2068b946c56cd6312c80b2d3abffb6dbfd140e72c87ba60","sha512":"37f42a21cc92480d8f99693a786fa2152a4eb6e87e9543a80d7e50e46bc07d6baf311b4dcee59547fc6bb6e1af56aee9c0ff37c864449797ef34c6bfe4d4b052","ssdeep":"","tlshash":"0a6195a93625f9b556f108868c7ed142f21a6037051af8a0e717dcf9b464ae20562ff3","size":3448,"data":"","first_seen":"2026-07-10T09:45:03.472302Z","last_seen":"2026-07-12T22:01:35.287927Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/8602-8018835a2b8c6467.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f366648bcf45d5debf0c1b40cf7d2f5f","sha1":"0b1a9b153106e4fea89f7cac44766d059c2e5941","sha256":"673a7d8aaeb6a9b355d1054015014fd544c8be225843d7bc37d39210d4caf7cd","sha512":"87bc2980f9da79d98616c2345107d092948b85ff882e652aee6ea02a2b3e01f9f8a2f49bd4835069e0487ce71bb42d9591bcd223fe11cb936a9d27a489040e70","ssdeep":"384:iTrTbTaTUnT74TeTVTwT9TQTkTz2uLSD8Tl4rmN2tTRT5ToToT3TuTcTrTP8TQTz:EP/MUTa4NOlu6zVmD8J4rhVxJ22jICPz","tlshash":"936286be77dd348d5a02e2e8d92ba0039bae0138264c4434b14ee4fd5958947987bf3f","size":14841,"data":"","first_seen":"2026-07-10T09:45:03.507605Z","last_seen":"2026-07-12T22:01:35.288512Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/app/(main)/error-e76e5ecab04323eb.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea37a6907bbf49850fbc241b021b98ac","sha1":"0c4b73cae7505f9098532e047b378bfae64317ac","sha256":"38ad85b1457519a9dc72e54394f3996d7560f3d34e3398ec2ec72a9ed62253aa","sha512":"dc3684031a1dfd4df683fa10824f12e47c829ae2d20a92efd4820e6ad9e55732c6a9784530685c9356a7af34747a1a16f700f036f08e09d75bee9b15f06256cb","ssdeep":"192:lTzTFtTCTnsHTTYTetT9TYTFTYTcTLATnPtpSTiuTQTp6TPTSDTETzT3sToThTF9:lTzTjTCTsHTTYTmT9TYTFTYTcTLATPrw","tlshash":"681224fe5f9e25ce5512c3ccaa4ba040d7de0338365e4821a58ea8b9c241956fd77f24","size":9171,"data":"","first_seen":"2026-07-10T09:45:03.528266Z","last_seen":"2026-07-12T22:01:35.281579Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/9792-bbed82e0e875a1e0.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b082208296b9b3705076807c6a765752","sha1":"df9d0a8602debe4cc087445f2f2928428a8dd8f8","sha256":"e5cc5cd6fd587fd300815648759a627ef8c4dc295d75f12440f6d27de6b02924","sha512":"44a1bafc5746c002fc285d55b8f9240e4dc493c65c631114334e52b732499504fee8c0449fbebf9d50205593347c073ebedd5e48fb1e606a37f7cb474066b846","ssdeep":"192:O3Yaic4We1aowaYz4n6rUGUCKbLgcJ/t/ml/6/hYmPE:O3LuWsYn/8rc/8E","tlshash":"76121b92baa2f8b291bb6552683703863130277b790b4441a3bb4cac2354f59b4d3f5d","size":9337,"data":"","first_seen":"2026-07-10T09:45:03.521341Z","last_seen":"2026-07-12T22:01:35.311525Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/app/error-33d1788fed5ffb4f.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5127c8a0bf18bf19c981c4c0f5fd3b5d","sha1":"f812e3d7611042d8be29a2491fa3cbbaf991d54a","sha256":"937b53427e51b436510f6512d504cecc2f6b5478328d3f8e1ce04c45758345b6","sha512":"46314691bf04c743c678ec3b850bf7fc634132b3102eff1279ab430bee9398efe937e8b5021231f5193dbaa3e459cdc12bfcd4e31160df42ac8d8f7fdebdba59","ssdeep":"","tlshash":"cd41621766056e18f437c94877ff900c71eb4428712ade7867a89d3a11d64e53a2b7d0","size":2364,"data":"","first_seen":"2026-07-10T09:45:03.569736Z","last_seen":"2026-07-12T22:01:35.294604Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/6820-e593c9faa2a09980.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5c1e6130f49137ec5692ac319914a3f5","sha1":"e2db6215232326cd4d627e0f60c9a2c0ebc01c74","sha256":"131356516768ecf2507d0f76b9a7e9908b01e31dfc8df88329705d2e2afc3222","sha512":"d69ad7e662752ba1072c4de3574746de1675d7c123fc8c86dc45531e3ba9df2435998247276573ffc511590437f9cf1f4a3eab9c59d8e0ef9dfb3fc717e73b12","ssdeep":"192:WL9p3LRi2cihbDVksxQTu5c4tMSojxugZNYOHCh0wMcGW0T2vJVkwkFFtzQj:WL99Rx2Tu5cAMJVjiqwMcGW0T2vrkXbu","tlshash":"5422c8d9b5d1f8a583ab4090443f100bf2795d75281e5184e3f95ceab9a045ca2f2fa9","size":10748,"data":"","first_seen":"2026-07-10T09:45:03.49158Z","last_seen":"2026-07-12T22:01:35.290779Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/8347-2cdd515f34b89f12.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"49950202b034f7c0521d2f2129c83c84","sha1":"b39a0b9a93e867cf8675f483507f08d29d1375f9","sha256":"b35f82e8ce5a7a8b3b1083a9731c3d7351973f866106ebffd0c69b90405e5db6","sha512":"e40aac677169b6d180e3fe9b824cb491c49e9c1298c17f6a222b00343907f3ae29daa5d7b2a5c9af388e54bfcd0f92611283a303bb310752b5721c51c943be04","ssdeep":"192:njk3KSwJQV71am/oOJZBOcIkQmAYxDvLZNIw:jk3z1D/9JZQkQmAYdvLZNV","tlshash":"8f02daf5b762383149ebc2d6b5722942f318078e6628d81051f50d2e7358e0eea52fd8","size":8438,"data":"","first_seen":"2026-03-03T22:08:14.650035Z","last_seen":"2026-07-12T22:01:35.278324Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/app/(main)/page-1242cbe80559576f.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ee880e294b488be8baf2ca00c36378c","sha1":"8097afdbc5ddf81116d40b3ee666e00de6c6f3e0","sha256":"ef032dd04b290288f2ae2edc7770a8d5b9326fcef21f5bc58b25227269543da0","sha512":"3eb17709c4aec980db281cba79a3b2a34ab80a6faa5937533e6b892184a66f54ccabf143dbee2d30eb530a94f2627e766a7452702e844f442e436f1d413dcf8c","ssdeep":"1536:7cJf0hkZ9geTeIY6rGa5cd1Q8g993275WBWVQ4u:7y3ej6Ka58g993UZQ","tlshash":"8863193a975a7918f837ca8c769f410cb16e4528a34e0db4a7bbac3113854f4b667fd0","size":70076,"data":"","first_seen":"2026-07-10T09:45:03.50869Z","last_seen":"2026-07-12T22:01:35.305089Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"varewex.com/images/payments/bitcoin-btc-logo.svg","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.378Z","timestamp":1783893655378,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /images/payments/bitcoin-btc-logo.svg HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"815-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fzq3jNjPDaXdINzXE4WRF1AGGdCFJqeQVElv2CC1Sl0OG5n7Wh2hnWZrGs9UHQBKHMIeL9LanA3qaH6orDz3usEy5UT5J37fWH383DgGAbFKGRZcE0%2BP9wIQJEuAuw%3D%3D\"}]}\r\ncf-ray: a1a352d21959b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2069,"size_decoded":2120,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f92890de8d6512e2597d378f00254e71","sha1":"ae4f3414bffd2594adedb794d4f9eefb2a86c382","sha256":"51a4362311aab24ca9f1b68d3ff5faf423385db8ffdade0894bd6acb799e53d3","sha512":"6ab7b81fef67d104a6fdf5c9523efc3d03d6039913a3cd3dac6d22fd4975d2449be7043953c840ff0ee8fdc7226894b07c287790381b0fb653579d8dd55f140f","ssdeep":"","tlshash":"cc41a5fcca1a8952ca9e4b6ceafc4c5e2f23604f016d01fcc58296f57c125f58645a9d","first_seen":"2023-07-06T20:31:23Z","last_seen":"2026-07-12T22:01:35.242849Z","times_seen":814,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/site-config","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.962Z","timestamp":1783893655962,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/site-config HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=znpjDlebzMQkciGY%2BLO%2F%2B01hCOdk%2BAckj5FjXZW1HX3FszB7gl3kQBXmUXsDg8drzfDP%2FwosEFVaS9PeIPH%2Fk1NS0SJn2eiTfhz8%2FHIqiSVmffDFga9nbBGwPtqg9A%3D%3D\"}]}\r\ncf-ray: a1a352d5c9c7b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":684,"size_decoded":1522,"mime_type":"application/json","magic":"JSON text data","md5":"ad098332a0076ecd71b1f832f5d1bb4b","sha1":"21c33274943939ee46d7127827b230104ac7f903","sha256":"e3984b4738e384c244cd9e9e2b3dc1f6e4a531443a0d64245a791f56dce7a3a0","sha512":"7f1fe40decd626f8a701e8fec00f3e1507a30959dc652171c462cc0814b53d253fe0d70f9e50dace998a602ca535ef86e903dca611b3bc612a88355737f657e7","ssdeep":"","tlshash":"4a01fe13836e2e2737e671c03d9f7d9814c819f49a84e8350d0d595806963049cf43ce","first_seen":"2026-07-12T22:01:35.243551Z","last_seen":"2026-07-12T22:01:35.243551Z","times_seen":1,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/crown-icon-512.png","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.998Z","timestamp":1783893656998,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /crown-icon-512.png HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/png\r\ndate: Sun, 12 Jul 2026 22:00:57 GMT\r\netag: W/\"3d605-19f1a0f2520\"\r\nlast-modified: Tue, 30 Jun 2026 19:43:48 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\nage: 0\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AxXMhosShYlwzxW0JZ3hSCvmF9B0zUnqly78SGYdGdoQRQ1mHBMq4rKcsB3bd6ziafkz85kilB3ynnCN9%2FGAI72Cd1pohhHG9N%2Bjuhog%2BB64ijCscPKGZx9JW3DozA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352dc4a61b4eb-OSL\r\ncontent-length: 251397\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":251397,"size_decoded":252412,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced","md5":"80d4744555e10615fd0705451496696b","sha1":"cdbb7f742437134f1a5d60165acf86ad5213db97","sha256":"6e73823fa9392ebc0bf9d73a2d4125b570b38729f8d9ea310afa814fd6256abd","sha512":"c9bfda11e02a25c4582ae239c6e168d59accaa434e697ce2aa6d510edf759e3a24f623e9219961edf63a7a4a1f0dca027a8f06f505a2a544c73b0d3607457b3c","ssdeep":"6144:NVPLp8eA7j5PdHoachilP1Odjbn36A3EHgbmODh5d/FJH4VAvLX:NJNEtPh8ldjbnKTcp15ddZ4VAvj","tlshash":"8534232db096f918cc4e7f515e3d4f4a95b773eec97db804619865ae8a3d29030c4b2c","first_seen":"2026-07-10T09:45:03.470767Z","last_seen":"2026-07-12T22:01:35.244679Z","times_seen":17,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":121,"receive":98,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/css/65910d15602bebdb.css","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.295Z","timestamp":1783893655295,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/css/65910d15602bebdb.css HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"31f38-19f48675780\"\r\nlast-modified: Thu, 09 Jul 2026 19:42:40 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 265085\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AhwuO82g91u58E4oWJF0cRW1EJ0%2FAu%2FF%2FM5rpayVE6wOTYWFXA11Diyg%2F6E2JrLQW9dncaZ%2F3avcN0Wm3NLcecXjHd9mdZqW3EfFmW85qpC5yMy25g%2FBwnCK16q%2BLA%3D%3D\"}]}\r\ncf-ray: a1a352d19922b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":204600,"size_decoded":31964,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"700cebd09c3c299cefcf95a2db9df5d9","sha1":"92327324c0a826656c708bd6caaf6b543d5b5c43","sha256":"c1cc07b695cea585a5986a797bf683e40175aaba9b113bbe46de4870bc810c9b","sha512":"20422a13fec2bd443071009d9c2a78814638e785725eb8c1db261cd43f92240325c9f68073d2713b9dbc276766d95f790e02dcb07127ebb6911913145a175590","ssdeep":"6144:QIjgxKfrm8khsWOshvZc/Xt3oVvAaz1NGGF+XtfKhRcOJHV6tyCsU9baLoofhhDq:FaBqZ","tlshash":"e8149670f6a0607bbd13b1fde7dce44cb50aa096ad229becba61651113d37f62d53a00","first_seen":"2026-07-10T09:45:03.520448Z","last_seen":"2026-07-12T22:01:35.245297Z","times_seen":17,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/bigger-bass-bonanza.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.345Z","timestamp":1783893655345,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/bigger-bass-bonanza.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:57 GMT\r\netag: W/\"16198-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UKFNnsTp6cNaSljuLAbv1lwb530bf08W9FB4V2WbAmvmJ80%2FMmGhsQCZ48SBUfCtoC2e0pBKvyBjGI8UOVRXPnLsrcea9tW5GfuDQoeISrpbkk8pIY7Qq57q1lUiGA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1e947b4eb-OSL\r\ncontent-length: 90520\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":90520,"size_decoded":91520,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e3f8e5841788bd266ee6bf17ec0475b4","sha1":"872069dd6f8ac718b46b581fdc46da24c2bdd3e8","sha256":"590941ede3a0091deb7626acf11bc039331d71385db4a14d486538f364e354d2","sha512":"c3c42e96c0801384e41fb01e016283ac61de9f779e3bd192a0829ac9734d86a561b7fbbb1c863481f9e00714509709c49f2d6185bb2cc3878aa953fdc6abdc33","ssdeep":"1536:BUDMnU+IWPe6sZLAn+87aIkQ/jusg5P+0SPqYJyqK9xcE8A7dlo:BUDKRHJC8+8r/j5gkrqYMaEP7dO","tlshash":"959312c9a739c27b656addc05e1ef2c466d7f346004776ba2a2463527f9072603f8632","first_seen":"2026-07-10T09:45:03.462318Z","last_seen":"2026-07-12T22:01:35.245968Z","times_seen":17,"resource_available":false,"data":null}},"time_used":2236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1986,"receive":250,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/community?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.206Z","timestamp":1783893656206,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /community?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ae5UE171rvTK2T%2FP44xYnKWgl938zvj58qDeGf3vxhqTTww990e5XkY5oGnwilL8n2KetSIfPZF29CQdw3g%2FMpSMdlfolpY6%2BIXIvn0BM8dcc6thXq8J1DLetKupRA%3D%3D\"}]}\r\ncf-ray: a1a352d749dfb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":158,"size_decoded":1198,"mime_type":"text/x-component","magic":"ASCII text","md5":"1b0334705ee22e8a7d17bed69bac5a45","sha1":"3465996fda1b5a83c87e02b97b8df6ee0f9bed44","sha256":"f76a15b0ea09f5f901cf09bf4070cf841680c410472ec28c75a2f6ac0d8d2dd3","sha512":"2e444a8bf36dfff8dba923a3fe6ded8a12f0830293d60cd2a7bfc9a0a97849ec2e7da3c860aa937da2f4941a12f0b9b0358cc8061fe212b81f5bb853f8d9879f","ssdeep":"","tlshash":"a9c08c3942983ef66cbb288824aec64f360e430b21c611f0a0934e20f7370a00803de8","first_seen":"2026-07-12T17:38:11.869575Z","last_seen":"2026-07-12T22:01:35.246609Z","times_seen":8,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/images/payments/ethereum-eth-logo.svg","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.379Z","timestamp":1783893655379,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /images/payments/ethereum-eth-logo.svg HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"541-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xv0d%2FNMLHioV3F0pfJ0lXa9JB%2FQ15d9en%2BSMpTl%2B1Ul0IwGjWRt2aEipTzJgNBBi%2BPXWg7c7si0F2XYlLMAsFa0wXYBfpu0xAZ9nAZT84umsUhxKyu9RHgkbrd5aTg%3D%3D\"}]}\r\ncf-ray: a1a352d2295ab4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1345,"size_decoded":1566,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7c19954628081bf6fd772fa0d0819547","sha1":"9c1d03cc04bb9d2e2f8577ad561abb9c9ac9dae5","sha256":"066b2a60df66fbe2c11bbf7d37201552fd27e4edca73cac4a3e7ebda3ceb2486","sha512":"3f40c39fa2e06194f6957ad2bb7cf6c752dd9ad12eaefe891a56380496d85f383331fc4c557b42f3cd897bdfa02c87d4f27ff457b1c11ecdbba6053ff2549ff4","ssdeep":"","tlshash":"fc21eef5ad9e6991c5fe83b4b5fc91532853c0cf008a0880fac07681ac066fe4e42adc","first_seen":"2023-10-24T01:06:33Z","last_seen":"2026-07-12T22:01:35.247599Z","times_seen":825,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/rajdhani/v17/LDI2apCSOBg7S-QT7pa8FvOreec.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.664Z","timestamp":1783893655664,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/rajdhani/v17/LDI2apCSOBg7S-QT7pa8FvOreec.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://varewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15688\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 05:57:21 GMT\r\nexpires: Fri, 09 Jul 2027 05:57:21 GMT\r\ncache-control: public, max-age=31536000\r\nage: 317014\r\nlast-modified: Tue, 16 Sep 2025 03:40:35 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":15688,"size_decoded":16501,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15688, version 1.0","md5":"d5448938a162ccb434b09f4572c0191f","sha1":"be9eae3d1d9f4fbd2208e0fd3c871b17b65b6516","sha256":"5b7e4a6f97163c2636724d4de90304fc895653dcfe64c67a7a22f26331ca5c5f","sha512":"df0245084768642738387f7a0daa11c4bd0109617c4120bfd88083c30d686ee2bd327e426ce0d9ee1f50839c5e2890f8a2a2d7acce3705fe8fa324fe623ad942","ssdeep":"384:Bktl5HsgImpL/2gZDAMAyNWE3pZrsjyb2mf+X:Bkl5MgDpT2g5AMtswpZZ2mf+X","tlshash":"7962c046a5a6b998f4d4ecfb0086542c19bb5ca11c6230f3c719356f5bd3e75cee4540","first_seen":"2023-04-14T01:29:53Z","last_seen":"2026-07-13T07:15:41.198028Z","times_seen":5715,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":43,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/sport?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.211Z","timestamp":1783893656211,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /sport?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B4%2Fdb0eJfrUJ8fnOHHXe3n%2FWlymRHFjWE4Oea5MoTl%2BQVmwT3zQSDl12KuiikkbdHo5bVjLAhzkKOYiaOltKu%2BkMhUyx6yTGRXO3H3SA%2BdYtpYLJbz7QfZLANDvWAw%3D%3D\"}]}\r\ncf-ray: a1a352d759e1b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":150,"size_decoded":1201,"mime_type":"text/x-component","magic":"ASCII text","md5":"58dfd66d86ef41e0dbe017c5b7e355aa","sha1":"36d41337111ebea1844b4ce57f53a44899d98d93","sha256":"96bc05c57ac0edf0e2a5fedcaae23bc9f76f68e272b587454b2eaa39c54bc23a","sha512":"dc7904a78b124aa12553520a5e26687b56576e45ee054b476d0e7892df4b30f468e490f0eb9e0ecd30e7f471006435b5f2fdb6724fe4b3fd21d88a4adbe4401f","ssdeep":"","tlshash":"b7c08c2142483ef56cba2888156ec60f760e410b22c658f4a0d24b14a73723006035e8","first_seen":"2026-07-12T17:38:11.924846Z","last_seen":"2026-07-12T22:01:35.248934Z","times_seen":8,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/play/vs15godsofwar?provider=pragmatic\u0026_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.659Z","timestamp":1783893656659,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /play/vs15godsofwar?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NBIRiIR9O0bpTWoY3EHg4curvz1nAKEn2xop%2FrELBEaAgKbT5NpvgMXyiDmklPn5Gp6amYiKrKdRkxFMnszFilkQVih7eQPGKYLtZf8XGtulSKARitIdEYTD4SgHoQ%3D%3D\"}]}\r\ncf-ray: a1a352da2a2cb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":221,"size_decoded":1231,"mime_type":"text/x-component","magic":"ASCII text","md5":"23c01eb3c26338f91369fc8af176aa20","sha1":"9de0f3f7f24c3b5d2132d079c249fadc6d69a183","sha256":"8c0869cd0fd0ea595e988e46ac46c15890363303f3a70296c0f1dca9ca38794b","sha512":"b8388b5aa4211a82442b9cb18dcd9085cf1470abc20383c2df7089680d018d75068a8b22322096e190d3ff2f6347bdbd35e1ed9f5c504554513cd3d9954e7f38","ssdeep":"","tlshash":"a0d0a72646053af96c7a2884057dca9f761f515b61c856f250625a35936303219035f5","first_seen":"2026-07-12T17:38:11.91928Z","last_seen":"2026-07-12T22:01:35.249716Z","times_seen":8,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/sugar-rush.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.341Z","timestamp":1783893655341,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/sugar-rush.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"12dca-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HwDZOaPLeZDAIUcvvz0rXvEBDcdmbVeQIpj5MD6IKK5itgaHSZGxrzs54atxubVl4usH%2BsE9zukzZy2xRFZQ1TPqo%2B4a6nYYD0%2BR4AWg0GaOoBBZoXbYWfxHdT%2BJIQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1e943b4eb-OSL\r\ncontent-length: 77258\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77258,"size_decoded":78264,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bf41d2e5df715e30ae5765e27035f41e","sha1":"dcf2c0669dd20ad1b99ea77df4e3f6ccdeead5ab","sha256":"f737baadd156371777dacf433a53ad815758d08052959eb468d9f88e061ad90e","sha512":"b6993d81aab072729107d0d1d86fe16ccdf884f439d987f4cad006dc18158deeb30976237f695a306f65e299f828bee73d82148e2b0b09bb43249dede4c8558f","ssdeep":"1536:HMA87FnJmqOd5Zq0NK7TL4poJXAtB7QN1bbY:HpUnMq+u0NsTkoJXAz7+1vY","tlshash":"da7302d366435f630ec3b099ea9c8feabb66511cf0f602071e6a8744359c974a06eb74","first_seen":"2026-07-10T09:45:03.490538Z","last_seen":"2026-07-12T22:01:35.250373Z","times_seen":17,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/auth/session","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.295Z","timestamp":1783893656295,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/auth/session HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nContent-Type: application/json\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\nexpires: 0\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xyYU6agIJILyUjHWZioa4DBtYUilmYvsfGl%2FApA%2FcATyi1N4QsDkUTsagZP6rITivPOVEJPZktRy3j5LlHMUkGGMqiNGDPjamHKcGZvyB1p%2Fod9xiiEUIpjoJJHRyA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d7d9eeb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4,"size_decoded":1070,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"37a6259cc0c1dae299a7866489dff0bd","sha1":"2be88ca4242c76e8253ac62474851065032d6833","sha256":"74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b","sha512":"04f8ff2682604862e405bf88de102ed7710ac45c1205957625e4ee3e5f5a2241e453614acc451345b91bafc88f38804019c7492444595674e94e8cf4be53817f","ssdeep":"","tlshash":"b9300000000000000000000000000000000300000000000000000000000c0000000000","first_seen":"2023-03-07T01:02:14Z","last_seen":"2026-07-13T12:19:44.824921Z","times_seen":271594,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/vs20sugarrush.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.497Z","timestamp":1783893656497,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/vs20sugarrush.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"36fe8-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pRf6esU%2BOKgOn8se0LliTc%2Bh9trrr7sf6XdKSJ8fTiCFoTeK7Mtb0ni8uySjKfgEjx2oVDUU6evqFrfkp5Jcthyg8FhylCDnBMeBmc48VNtLD31QRXq7C58UuSwGmQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d91a06b4eb-OSL\r\ncontent-length: 225256\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":225256,"size_decoded":226185,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"f1e286615a1298fed8c67ffbb7a062fd","sha1":"6d101d982cc98fab857c1e865edaa0deadad422a","sha256":"89798d3dedbedf88f7c77bc34e8f649bbc9af94baa31ff893654d9450756e49d","sha512":"bc650fbd189a96f0ec8eaf892e0b2d36e4e9b3d34a2302b2eea30ebd8c5de179a62434607c84951870718c67d54bb6dec43594bf444c23b183627ca687db34aa","ssdeep":"6144:ClVeX67QHxSVJXJ9bCLm7Db2klkC2pLimOj4jIjrsT/kB:bK0RSrbCC7DbepLO0FT+","tlshash":"fd24234d2f7a4eade580b43a0f3e6eebae30d5c69036126656f501bc055b6f0911dc2f","first_seen":"2026-02-12T20:36:03.510033Z","last_seen":"2026-07-12T22:01:35.251667Z","times_seen":30,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":99,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/profile?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.553Z","timestamp":1783893656553,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /profile?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=03TwerlwOy4j48pX39anAIx7GxyUD9CXyf8tZ531PDVaNz6LppmmyBsTq6%2BHvXgjTi3d7POW7BbnzDNr4BSMKDGD9nGMN9WQ4Nauky7a0Hq1YJSnepak4SF5qJ%2B7FQ%3D%3D\"}]}\r\ncf-ray: a1a352d97a1fb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":154,"size_decoded":1194,"mime_type":"text/x-component","magic":"ASCII text","md5":"748bbf05207b6156f15cf17ba8133983","sha1":"dbaa18fb1807fb2871e0004bf3699c3c53efd1c8","sha256":"1ebe0a4a9f13aa50207ac26a36d9f51792ad04baad6b566811ee69fb6fea014d","sha512":"604509af3847411571ec0f98bb105c288bcfe41078aa0a0a65d95db63681e874fdde02f17f76f4488f4b553218e7f38f81e0173867e2223595b448d5e972a9c4","ssdeep":"","tlshash":"7dc08c23828c3ef6acbb3c8834aec60f660e810b30ca10f090928a10a7b702124035e9","first_seen":"2026-07-12T17:38:11.90966Z","last_seen":"2026-07-12T22:01:35.252625Z","times_seen":8,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.891Z","timestamp":1783893655891,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://varewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 36932\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 04:44:35 GMT\r\nexpires: Fri, 09 Jul 2027 04:44:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 321380\r\nlast-modified: Wed, 10 Sep 2025 16:31:03 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":36932,"size_decoded":37745,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 36932, version 1.0","md5":"7c87a648293fbb5b2924aafaa59e8aea","sha1":"c57593e0adc4cf99dd9e67cb782242220a061a9d","sha256":"9fea608a947e67020c33cad9a6fe3d60c54119dfb8cff87768a8117a15ed7543","sha512":"764ced325a768dca84e1fb0cc458818239ce379dbcbdb324ee8849bbe15f54e3f0254ae6e52ee5a92741840637b4f9885d246a0978af23176b3acfe5b9cec23f","ssdeep":"768:mMQPOAQQKW6GccoXQ+OGpHNzXgtDM0SVu7P3nqtPl9Bf2csDpHUjbYE8j2:mMQz4W5og+tpH6tDJku73EPlPOcs5U/l","tlshash":"c0f2f23e7ea5691487c2b0be506b00935344c9bd37c18121bbb953f44ea67addc5d63c","first_seen":"2025-09-11T17:08:25.889763Z","last_seen":"2026-07-13T12:08:36.203591Z","times_seen":29708,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/avatars/avatar-01.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.162Z","timestamp":1783893656162,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/avatars/avatar-01.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"7aa2-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i69b4h15iFGCMVNn%2BlLpgCYpVDY%2BHKfY5ydGJLP4xTLWDYgfeKnryeDk67vTULgtodO7fzzlJhhM95EJHFNxFrsvew43HybSjLsG%2BvVEcd0Z%2FhwL%2BZkTfRjwYRMbPw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d709d9b4eb-OSL\r\ncontent-length: 31394\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31394,"size_decoded":32401,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5509ff2b421b108162329e8480cbf42a","sha1":"3072d660a2b73a831d89a61be8422498eb70923a","sha256":"395e861b9886862ff3c0e250045d90084dee194225fa87649ff810a93029cf72","sha512":"9f23044ac22cde5a69e0c215d9bf1b2cc7cc81d9653b82b6caecf195dc9de2bdce6dc2fbe57f8d243fb042baf5bb7ea9ed2f18c81486635b520ff91123a4a576","ssdeep":"768:qLVZRKuBtND4jceGyr8Ee4m90bm9JIqXkeRDMB:qJK84HGysp9FX+B","tlshash":"d6e2f194db0488e1a2646f155fd0aa42131ecdba610a2f7f13fa4fc133eee6489f2591","first_seen":"2026-07-10T09:50:20.394431Z","last_seen":"2026-07-12T22:01:35.25383Z","times_seen":13,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/lipis/flag-icons@7.2.3/flags/4x3/br.svg","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.286Z","timestamp":1783893656286,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2026 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 20 May 2026 15:48:47 GMT","end":"Sat, 05 Dec 2026 14:48:47 GMT"},"fingerprint":{"sha1":"D4:05:C2:EC:C7:EE:2B:D0:08:68:0D:3D:33:77:48:78:43:E7:D1:E1","sha256":"ED:84:90:EE:71:BC:6B:5E:B3:D2:50:B0:23:3A:06:0D:E0:50:C6:B6:A9:09:36:E6:CE:FE:E8:66:89:EB:4E:C5"}}},"request":{"raw":"GET /gh/lipis/flag-icons@7.2.3/flags/4x3/br.svg HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-length: 2769\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: image/svg+xml\r\nx-jsd-version: 7.2.3\r\nx-jsd-version-type: version\r\netag: W/\"1fa0-F5abWsDNckUsWGPTTgDw9d7Bxs8\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\nage: 985154\r\nx-served-by: cache-fra-etou8220094-FRA, cache-bma-essb1270055-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8096,"size_decoded":3517,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d5fc3717384cd954040873edb3061a68","sha1":"17969b5ac0cd72452c5863d34e00f0f5dec1c6cf","sha256":"45531de3e2b3e8a7f6db53f8021ba18482176600bd5cf66e547b3e7fc8aa99ea","sha512":"8d13cd413061736f506d580b37924aa472c3cc472df3961cf5777e73b670db829359980ebf3f4f1090f2ab023a793a40790916e78649a348dfa8913dd236c92a","ssdeep":"96:0GRMoBsOat6xhf5W2JGRU7edrp39bgWT00zmkJ14JVK8jWLJ3pkREYa:9RMoyOait5W2JGZXn9efTOpeEV","tlshash":"1ef189bc466cc2ec9ea696bc9f3ac0e0920de1eeb1e5c351a76cc17026935c9e14f456","first_seen":"2024-07-04T03:51:54Z","last_seen":"2026-07-12T22:01:35.254723Z","times_seen":120,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/1067.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.513Z","timestamp":1783893656513,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/1067.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"49757-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w4ucc7P1s35FqiQS8tS%2BbvTQwo83wmtMqCV2WdM5U6HRIwwXMbga%2FUqTAgMEFawIP899i38KcKYQRJ00sEFJAHaEzreTLxHq4INQyTnmLNNqIRIYpNT%2FYfIyDOsnOQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d93a11b4eb-OSL\r\ncontent-length: 300887\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":300887,"size_decoded":301815,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"31c37a2907e35d4375e0b638edf13841","sha1":"c6b60c2614f0065b9756d8e291e91b838b8becb6","sha256":"c838dc775ec2347f27cedfc6d53de677d89baf2c21b83080a151e87c9621b22e","sha512":"9b17bcdd06836e066649809af59c5ba06e9eab3611a79b35df184ae3a57eb28ac44fef212f8d95239ee8b31fcd28475dbedd7cd39ef7887033a402736ba90638","ssdeep":"6144:6+LrAwhkatFw4LIQEuihxRfQXp3RYRIzw:zL0wh9FPiZ8BRYIk","tlshash":"6e54232ae2211b4677c267b1e4a329aed1f65d046228e3fed661417fc1482ee31f73d4","first_seen":"2026-07-10T09:45:03.444324Z","last_seen":"2026-07-12T22:01:35.25531Z","times_seen":16,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":101,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/wolf-gold.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:01:05.102Z","timestamp":1783893665102,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/wolf-gold.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:01:05 GMT\r\netag: W/\"e082-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GqdfEkfZhD7LdyZ1H6KKecYm3llH08B87OMZ2iZCXimqw1FaYq01zJObFR53OZoXKRkcx2mWNZry1AwCgf85NK2yYsLPr7mv6XuZ1KTcXfPr%2FFWk1gFsJNNI%2BXc8zw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a3530eee7ab4eb-OSL\r\ncontent-length: 57474\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57474,"size_decoded":58475,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6705cd397c489728422c0670b86b5901","sha1":"c4de9ddd398312a49b6851018b180cf61b0b7deb","sha256":"44d27f27efb951e48ffabb381be0b255de5b0555f7d257b4ab5b297bcff8d5a2","sha512":"3035ba279c99aec13340c48187b829d2ae8c47dbe888cf5eedf2c591db098d2b1538d7884adca587828e5878ec992b4e0471e5baf74d80779768462ea3cfe397","ssdeep":"1536:U37DpmX6h92fm+68Cf2g7OE3mWwpRAUiKeyUo6xTsL:UrDAX6HE8CE2WwSUiKe1Ji","tlshash":"0c4302c18280cf866909c979e8b441413463051aba97b5d6fe1afaa20bdf14b3cdf13f","first_seen":"2026-07-10T09:45:03.458684Z","last_seen":"2026-07-12T22:01:35.255734Z","times_seen":17,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/crown-logo.png?v=pm","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.331Z","timestamp":1783893655331,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /crown-logo.png?v=pm HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/png\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"f80a-19f43a76a28\"\r\nlast-modified: Wed, 08 Jul 2026 21:34:33 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rup6kreCCdLVWcU7gPIdsWjVqSscdgCxCDVYwG76wx%2BIQtY%2F4LSi0TJlNCuxzvLmD2EJrqn0HR4dZMuyup0hkJXJQwaCd4GNmdJjoxpV64YAiyKGgw4t3GaiZpfqvA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1d93cb4eb-OSL\r\ncontent-length: 63498\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63498,"size_decoded":64498,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced","md5":"a3c9a1078bc4e53205f6412d40341501","sha1":"efc5627b4a72ea439076435289258e1b79b8d57b","sha256":"1e901b8226f1eb9f404ed2ed750935526bfe4bc1bdc3c655a0795b3985838b8c","sha512":"6cd908a4215ed45291ac9bfa839657d53226709912983e6d91cab8240efe87f1fa5acbb73dda72e6828c22d5d7345da2851a6a9cd55c237b4b0357cb16c71e26","ssdeep":"1536:xd6Ed8fHrKzgDjlVb0MvORymKojhtWjt7qtvy6STdyE0:pyHDRdz2vhtWjNXd6","tlshash":"0d5302d4f4b4afbc3419a6bce6961d130fbb42646dfa40212e887e4d9d22465d9f38c3","first_seen":"2026-07-10T09:45:03.481088Z","last_seen":"2026-07-12T22:01:35.256309Z","times_seen":17,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/vs20olympgate.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.522Z","timestamp":1783893656522,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/vs20olympgate.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"3a86a-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AskZZIEuGf%2F53Y5NjeKmZgEqO3XFOiMIk7ICe7Dgn11OXPbOFDbh%2FtvQxm9Wst28%2BtGXgNyY%2FhKgWSH3TCEnYzTvooRBNtUrC5ToW4961eAmXa7ZCcwfq56xsQRFWQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d94a17b4eb-OSL\r\ncontent-length: 239722\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":239722,"size_decoded":240652,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"b35b2e8a7a9bd2a1a1a3f3410abc0b9e","sha1":"9eed673b17df07b5a18c95cd083bf70a6390443e","sha256":"9be0afa381a4a45438b694ea6274eb5dde604c78e2c73a29e6f90a01a7c6ca22","sha512":"df25a134ffba384be1f1b391c70bfce195f8f05af57102e4bfe93738ec3fa0617a177807f13adff85f3a944d8936af78078a6a5d7b9dfa08ffa92a73c86c2817","ssdeep":"6144:Re/CZmWFt/Sk0h8WB6H8/fL79MsmyAny6Tlc:RebI/9lWB6H8XLpjmXy6Tlc","tlshash":"c53423cc96dec83d1192865d889bedc1778875702b0a9281e16aa1fc153fdeedf0ed81","first_seen":"2026-07-10T09:45:03.575765Z","last_seen":"2026-07-12T22:01:35.25694Z","times_seen":16,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/predict-banner.webp?v=2","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.926Z","timestamp":1783893655926,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /predict-banner.webp?v=2 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"763e-19f43a771f8\"\r\nlast-modified: Wed, 08 Jul 2026 21:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B2GVDLBZcfvvi6Xb2eM1oclpli34P2oE4z0GozkG1ykQjAEYgCzY0w4d7mOATjtOO%2BdT8a2QxTAPLeYyjqLCLo0i6t9%2F3OFQmmeW3oksSsL0I8ERUgjrl9UUBRBq3w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d589c2b4eb-OSL\r\ncontent-length: 30270\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30270,"size_decoded":31271,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1600x893, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f476b1ccbc123437a7b7358274626d97","sha1":"d4c5e7152a7061a5b8931bef466bf9daa34897c0","sha256":"d1b4bf3a703a70b2d125e2ea489dde042d66aac73538bcb0f9c773cb16c8b819","sha512":"c6846787fd7dac1965d5792bc2102d6c2b7e2f0d2e1cbe179d0cceea985c7004f24ec26568eadd6db023d64499e227965f30ebd084cb78666391ff109f3fd343","ssdeep":"768:m0OJ99zV1m/W5ZS4QxA8e/WA0ik9E11OJW1amWRng:mv9SGSVmbLk9E12DmW9g","tlshash":"87d2f13a255e166f7ee8a814b1308017902fff35ca375e6f9c1052e1e9b2199a13469f","first_seen":"2026-07-10T09:45:03.557227Z","last_seen":"2026-07-12T22:01:35.257547Z","times_seen":17,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/promotions?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.212Z","timestamp":1783893656212,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /promotions?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R3ISGo1xQrBUvXqGQ6mIRlDANWxD5SCcR%2FmCvuxqjTnHsV6JexDwSndpGn66gC7CbLRPlPMpqs4IuiiUAT21c54DW3tmgkdY0Wv67G%2BvSPKIO3JmqmUkT3FnQaH6%2FQ%3D%3D\"}]}\r\ncf-ray: a1a352d759e3b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5070,"size_decoded":2637,"mime_type":"text/x-component","magic":"Unicode text, UTF-8 text, with very long lines (2646)","md5":"cd032c689be25bf20c62cd40adb31667","sha1":"d30d97a9d24deece6a051bdf7638ef8c6a8b5781","sha256":"5a9924872375800286a2fa24401e708baca4944251af6af662fcf218d68faf7b","sha512":"d0bc1f9f8583055ca5973f012ae5cea1cb689a5b73fdd42872d8ab3693296686e1b7583f240280ce29b38382a4e2680b997af853abae9657fc424848fed0e226","ssdeep":"96:W4SB6Z5ODVIAvZpeOdETypBnvXY49KhsG60ZiTllS9Qf35aY7qg7H7HDDVT:WpWODVIAvZcOdETy7ogtOES9Qf35r9D9","tlshash":"aba1333fab015e7fe6eb8141449f6349375c4b3bab14c9bac0dd4e1c028a66c3e953a1","first_seen":"2026-07-12T22:01:35.258114Z","last_seen":"2026-07-12T22:01:35.258114Z","times_seen":1,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/1352.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.515Z","timestamp":1783893656515,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/1352.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"37a2f-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SfXazdlOry97X6A3wlkMlHqA2AEVEDHmjkW%2Frmgx0%2BIJYlR94T7YCNQbk1tPzzXkqTREhtEdTVrn1bDvVpxKAeyemJPrm%2B%2FaqfI7MTEMvROw4ZptfUXPrWE8ORymxQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d93a12b4eb-OSL\r\ncontent-length: 227887\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":227887,"size_decoded":228817,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"73175af9bbb796c9ff980818588755af","sha1":"12fa456b38b4674f9af18c3fcdd7867f791fad98","sha256":"d8d021ab1afb609bb0ce1937610b4cc1029c01efe935041569c240dd686f204d","sha512":"b468a98d7f5b297af1ba4f37596ed133b2d90064148c3bbc33e7bc217e6e1a41220c9c1c4b26e079a13400dcde8097fe94748df7fd9b13825bd6ee0008128825","ssdeep":"6144:5qcAhqfzGIpDobWf1WWzvnX840aumhm6YDbod:72qYW9WWzf84dBhsod","tlshash":"392423903e33db65a2778e3458fd93583b66e9069060d62cbcbb48eec524f93450bb25","first_seen":"2026-07-10T09:45:03.498623Z","last_seen":"2026-07-12T22:01:35.259349Z","times_seen":16,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":95,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/starlight-princess.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:01:00.602Z","timestamp":1783893660602,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/starlight-princess.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:01:00 GMT\r\netag: W/\"17660-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r2H3NeqC4q2b0w6ZkRKd18prg4WKLcJF25xr5KnpHFEbnkhTsssKe%2FxAzWImoBUGlbphDjUyzCQ%2F%2BPPAetq4RGi7Yk00A34OawyZ3ISMfUWEzJwVFvW%2Bho0M4Qz0VQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352f2cc12b4eb-OSL\r\ncontent-length: 95840\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":95840,"size_decoded":96846,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9824b494b8ade7c0157812b4aacaec2c","sha1":"d57539bf59f9115e0ed688bf2a0d6c52463e8fcf","sha256":"6c5adb95eeb1a45770a8d30d019378335141a52e1af4472b0cf4b4645ed93f6f","sha512":"e1942c4af37eb41984eb54b63afdf61f4264b023afcec48b8fca603883093002d21f90db0aaec5ef65ff0bc485fa5991eba74393b18181ea1c146c039c058d42","ssdeep":"1536:HGXhI6Tit+KvC2DM768fnbxPExl0l9lWlXY+nuCnt+8V+b5I7GKI6Izs:mS6Tu+KvXY7JfnbxsDa9liXY+nDt+8YS","tlshash":"769302da9eb729e7f6419b36062479c256fd49dd66239e3032c9e18ccf740f442ce892","first_seen":"2026-07-10T09:45:03.50984Z","last_seen":"2026-07-12T22:01:35.260154Z","times_seen":17,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":73,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/polymarket-logo.svg?v=3","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.334Z","timestamp":1783893655334,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /polymarket-logo.svg?v=3 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"31c-19f43a76a28\"\r\nlast-modified: Wed, 08 Jul 2026 21:34:33 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\naccept-ranges: bytes\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jqd2keGIMI2NBliQWFJouNXNbVjjmL0CPdCMobFleFX903mFmqYgbVF2NGOflHg50jA8yaD%2BRHX2041Us6vv4FjIE9VjJDkNkHbhC9cCsMHJbDweLw2c1cYPwASeBQ%3D%3D\"}]}\r\ncf-ray: a1a352d1d93db4eb-OSL\r\ncontent-length: 441\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":796,"size_decoded":1487,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"96f4c35ae667bc254a3cedbee8fea5ab","sha1":"557c471948ff981c73c4baf00f14a24a8760d523","sha256":"51a29787758e3ae48fc9d0a9e982c7ddf1111f4c4967c4bc85e2067810b572c8","sha512":"1a41f905ffffba3a39763a85f7c55dcedef2c1f5a8c8c4f117976c753f3978822f32b5544f2480271815514109a7549a52204adf78a6879b8764ac483f9e4cce","ssdeep":"","tlshash":"ce0115dee044c46d5c1cca57cd3567dc6ca354f367d2461885159a1c7013bee9c036c6","first_seen":"2026-07-10T09:45:03.499638Z","last_seen":"2026-07-12T22:01:35.260721Z","times_seen":17,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/big-bass-splash.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.347Z","timestamp":1783893655347,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/big-bass-splash.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"105be-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wj2yec7aATV8OgKEgvP%2BpJTcfsFCIbV8iUGyA2zOqSFzffYCmzNc9xlQ%2Bov%2Fnvbt4pv8tssbGJvvtYQLmODNbd7c9oo%2FW66xy%2BLNoF01vxJEedSipm3mStYXG2F9EA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1e949b4eb-OSL\r\ncontent-length: 67006\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":67006,"size_decoded":68014,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"862f079aaebca7a9a7d6281477920833","sha1":"122ff8ea76c323dfbd5884d328d07a950af1703b","sha256":"917a5f0533529b7796b0d8e07cf304b7edec38169b6accaebd163c0775b8ff8e","sha512":"d6a81891abb189520f4fe8688057e024334449f28430778ca79e0c94e89cc944d141253448248766701e647cd11a957cf95d0abdd9d88d50cf9a5e1d78e5339e","ssdeep":"1536:Rj6UVBfMz71V3m5xMZs5u7v3XJtDFbBa4Bnp8CaE6j+CL8v1d:RbSz71VWCdJlX6iCYD","tlshash":"5f630297af62dce98f029830765ece909ba1c47404f780ac8f050e1eb7f87a97391c59","first_seen":"2026-07-10T09:45:03.563064Z","last_seen":"2026-07-12T22:01:35.261302Z","times_seen":17,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/sweet-bonanza.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.375Z","timestamp":1783893655375,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/sweet-bonanza.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"11110-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X9YDLgTlFBqm8lunABQ3qZWpatR4me7Gx%2B3aWeNCvrLa%2FVH6PuhlX3F%2FEcnhqvQck%2B5k571jEg7wRJgVa9E0w4ECyZWjTzMMucXsuSGbxaS8cm6i%2B5RFNchnVvGD0w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d21957b4eb-OSL\r\ncontent-length: 69904\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69904,"size_decoded":70912,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"721b6f52f6774f238e4849424522f47c","sha1":"d3080ed7ef65c3c03e2f93b18cc82756a8655b96","sha256":"d52f0c6f6681d1bfb2d399caefa084f38ce65e099e7bc22e61dc67dbf7ce5bdb","sha512":"510dedd7bf8c58f1b648f09f8c2b78f95dce5a0a765dde944e2d69d0b5511c63b1b5b107ed3d213e3682e73cd201f6f3ce575c0160d9a4a1a55f12aa107e24f0","ssdeep":"1536:BGgiPYdFt+tD7YcF6rZ9FiZ+gxAW7KHV1ynVCEB3M:BXikQD7OLIYgxt7KHV8VCE+","tlshash":"646302c07fa1ef0cd5f07bc362e76b64ecd21d95a22da1d629179f2356afa0214081ec","first_seen":"2026-07-10T09:45:03.510801Z","last_seen":"2026-07-12T22:01:35.261924Z","times_seen":17,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/reviews?locale=en","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.074Z","timestamp":1783893656074,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/reviews?locale=en HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Host, X-Forwarded-Host, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EAVKwzEak9zbZhQecIqhMmjTyJwAAgTri0Vlrk0cCmrBgt2uwh9%2BIlxdGe6DYkx4nLasBv%2BCYzKW1pvvd%2FwrKj7bX4QYbnAriaXkDxN0y9FpYVKLOe26fyTPlOIy1A%3D%3D\"}]}\r\ncf-ray: a1a352d679d3b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18928,"size_decoded":6359,"mime_type":"application/json","magic":"JSON text data","md5":"70db28cc479cb743633c7b5d1aecfd73","sha1":"b9548cf6b471c1fd5fbd7a170e07cbf17243d7d9","sha256":"119c1545ab9e35a6f8090299ef02f03b5d34a669e21c90cf9f828794061c6592","sha512":"c82a93a601951dc3f466c481f77921b0ae9c76d89e722390efeffd043337e0738641c7fd7fafe2ac9b7e4e954f5cc317b1a0016061dc3a29673f4d4cfeace173","ssdeep":"192:3uYAxkNej86PSnUYHa4TNuYdyUqVEYiFoMIVVnqWRUldQ4M23kahJzX1nF/6sYvo:ejx40jQASwAkahV0I7iAmi0DRhgEJOe+","tlshash":"d48253676518663c7a7320eac14b7fa4271cbd327306dca4ed1ecebe41e25f8407649a","first_seen":"2026-07-12T22:01:35.262917Z","last_seen":"2026-07-12T22:01:35.262917Z","times_seen":1,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/1924.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.517Z","timestamp":1783893656517,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/1924.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"33a9e-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JXxNTgmQ4K9I12s01xCErYufZC4Clwo0MRvZaZC6Mstr8eloXEVjBrXMVmSzlnmlHpQ1ruq7E%2Bd0S%2FAgPWrucZSlNhiYJ1hfwxvPyRDvzW4xSwJGjSxIQVMhEwm7mA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d93a14b4eb-OSL\r\ncontent-length: 211614\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":211614,"size_decoded":212540,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"af1db56f60120f307d2ba81818e8002d","sha1":"d70c970aabbb178488165af57e62c7fb26fe18bf","sha256":"3876d54e638854fb3eebd66d3687beb7553bc05ed25b050a9b4da9c021e66ad4","sha512":"25b6cd6a2d39d04b6e30e57f5186f9d9eb60d3817963540e1b3363f963a218bce3d0f7956b07cb8e9d4f7af163c23bacbdbc96a180c11721246bd56f4f7eaf94","ssdeep":"6144:pnwxvYgBDXYvD7qjbEwCAc2jkinaLeCfHEIdb9j7lsYa+2:pwxvYhLUnyl9h9j7ls3","tlshash":"6e24120259e88b5ff1bb1c658fca4c4a2383e2f129fed086154db37b25d0c996b5cb16","first_seen":"2026-01-31T13:42:56.720032Z","last_seen":"2026-07-12T22:01:35.264393Z","times_seen":17,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":99,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/vs20fparty2.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.518Z","timestamp":1783893656518,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/vs20fparty2.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"31246-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FjhnF3k9H3W5bpecwSGtUWXBcsxbMOINsfn9yQhLlyovr6kja1h9fR6aWs1%2F8Ebsp8xx8pFBm%2FqI22BN%2BlPdQMachUGafBen%2BNnT7pVPOWU4pHWyqxs5YQiCPdneng%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d94a15b4eb-OSL\r\ncontent-length: 201286\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":201286,"size_decoded":202216,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"4dbe1ad237ab45ef9472ddc3b8454d2d","sha1":"b393424472562ce7bcc2d214bede0c8b2653d069","sha256":"a4eeaad89a11e9c5fa29f6ae9e6e69cd75db74d4ebbdf8c00683942ba281188d","sha512":"d81ed3d39e11d3ca21a8b80fddccf9fa8a9d7fa810db7517f51432391ac3e0dfaea290a84c7dcef26f074d994525fd6f9ca0ca70efe7a0fdb025c3e20b400281","ssdeep":"6144:m+OD05Br44TS/a0f/9Wxf5wmlEquieLgj:PD5x44TS/ai/9Of5pEqPj","tlshash":"13142386764c20543fefde8c645a556a6aaa22b0ef825cfa01f3dcff804d105da16f52","first_seen":"2026-07-10T09:45:03.515685Z","last_seen":"2026-07-12T22:01:35.265291Z","times_seen":16,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/bigger-bass-bonanza.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:01:14.110Z","timestamp":1783893674110,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/bigger-bass-bonanza.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:01:14 GMT\r\netag: W/\"16198-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nmcTcc52dYWDiealXptb6br4%2BVxvISsnX7sjwk2Ark8R4XMZQDaQ9DpQuVNt61fSoGF7AYGn2KwyoB%2FiTo97AO5yEengppqlPW9PQ8qBi2pf3%2F2Q%2F1ulXmxs2TOZUA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a35347395fb4eb-OSL\r\ncontent-length: 90520\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90520,"size_decoded":91526,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e3f8e5841788bd266ee6bf17ec0475b4","sha1":"872069dd6f8ac718b46b581fdc46da24c2bdd3e8","sha256":"590941ede3a0091deb7626acf11bc039331d71385db4a14d486538f364e354d2","sha512":"c3c42e96c0801384e41fb01e016283ac61de9f779e3bd192a0829ac9734d86a561b7fbbb1c863481f9e00714509709c49f2d6185bb2cc3878aa953fdc6abdc33","ssdeep":"1536:BUDMnU+IWPe6sZLAn+87aIkQ/jusg5P+0SPqYJyqK9xcE8A7dlo:BUDKRHJC8+8r/j5gkrqYMaEP7dO","tlshash":"959312c9a739c27b656addc05e1ef2c466d7f346004776ba2a2463527f9072603f8632","first_seen":"2026-07-10T09:45:03.462318Z","last_seen":"2026-07-12T22:01:35.245968Z","times_seen":17,"resource_available":false,"data":null}},"time_used":1954,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":1682,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/avatars/avatar-01.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:01:14.113Z","timestamp":1783893674113,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/avatars/avatar-01.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:01:14 GMT\r\netag: W/\"7aa2-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2rCU7PWz%2FGxyyLluc9Q3BGDkBd6B3t5E%2FfMPZpyVGJHmNKGvvoonOomVEpblItn8S9DBuZzNtk%2FN3VYevnPY65cUdxnp09VAFaLJbTLp4Kqypg5JLZGCo%2BNHH6oNng%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a353473960b4eb-OSL\r\ncontent-length: 31394\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31394,"size_decoded":32399,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5509ff2b421b108162329e8480cbf42a","sha1":"3072d660a2b73a831d89a61be8422498eb70923a","sha256":"395e861b9886862ff3c0e250045d90084dee194225fa87649ff810a93029cf72","sha512":"9f23044ac22cde5a69e0c215d9bf1b2cc7cc81d9653b82b6caecf195dc9de2bdce6dc2fbe57f8d243fb042baf5bb7ea9ed2f18c81486635b520ff91123a4a576","ssdeep":"768:qLVZRKuBtND4jceGyr8Ee4m90bm9JIqXkeRDMB:qJK84HGysp9FX+B","tlshash":"d6e2f194db0488e1a2646f155fd0aa42131ecdba610a2f7f13fa4fc133eee6489f2591","first_seen":"2026-07-10T09:50:20.394431Z","last_seen":"2026-07-12T22:01:35.25383Z","times_seen":13,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/vs20fruitswx.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.493Z","timestamp":1783893656493,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/vs20fruitswx.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"31428-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p83F1KG2GI6Alb7rrUteXV4jsOGoPTLnAoFxlBvBHg3FeZtydAI4culzYrAbtiO2Sy884T3Rou4DiWtnRzNn1xppFaLgFxGlNg7bqCUBC3oM7kbcD1Hxw5xx0npk%2Fg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d91a04b4eb-OSL\r\ncontent-length: 201768\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":201768,"size_decoded":202695,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"ac08f5558650d48d9b0bd9ae72b1166f","sha1":"bedda2b400d8004617b2ff776dc48ff33144e2bd","sha256":"b0e126b697e15eae77aa8bdf34acccad7a301f473dc51b04ae6c4dd44c37d215","sha512":"ec81c53934e25981e45dabb5592f15846e43c839b6096d82a68f1f4a85b93a4b201153a2c7a534beafeeb3db948f311a86af6c85a4a46106fe1acafa1fea99a1","ssdeep":"3072:sTgm6MDseJcjCdRlu1CcmdRDKaD8qcPZQdr76p1+CGOjPZcBxWb+a4Z7zLj1xHxH:v+gAcjE2EtD87qf6GOSWb+aqzLhxHic","tlshash":"c41423d726dd2b3b9b6b4a7a07f7522f88fd054f9060cde0e3690500a65bee99f44702","first_seen":"2026-07-10T09:45:03.514755Z","last_seen":"2026-07-12T22:01:35.265894Z","times_seen":16,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/mustang-gold.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.343Z","timestamp":1783893655343,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/mustang-gold.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"127bc-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DQ2ED00mC86eobzdjc%2BbdLIo%2F%2FlS0QfMZZ3BL1PbikHsH8bhITetYAW2JXTTIka6lhgNZvn%2FamIdsT4PCzdg1qgK6EWVWE6f0jPbjo%2BKM5auFodVXAO%2FCCyPZJWkgQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1e945b4eb-OSL\r\ncontent-length: 75708\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":75708,"size_decoded":76718,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6ab241a7011336ffafef1ebd67ec8f1e","sha1":"3ca9a556b634622656866885324eaebf326f9368","sha256":"84c0464497b0d3865d6e034f1bac30e08fdd9bb511aea21786fc0b7201614db4","sha512":"a39af5b7e6cdbab5a5d79334fe1308205ac5657d4a379e639324523c4048f4e910f667b553ae09ac4d0f35f9630d250dc8475d97d65e5cb5e2abb3df1d87d29d","ssdeep":"1536:tI+PhCbNLoTfYF13LlEZeBu/KQRSV443SRSi5TwN9Qg3j:u+PsoTf4YgBGKRG434Si5TwLQ","tlshash":"407302efca561fc4c4432938759e31eadd13765e6ef13e961a0048755a032a1886efc7","first_seen":"2026-07-10T09:45:03.435418Z","last_seen":"2026-07-12T22:01:35.266508Z","times_seen":17,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/reviews?locale=en","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.960Z","timestamp":1783893655960,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/reviews?locale=en HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Host, X-Forwarded-Host, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fPAF2MHKTcsPn9rUcvj3do2zDSyrLOtNPKKzvk32%2Fuh8j0vJVAsxTAZ8lLcNTc9mKmeNdIdY2%2F2K46guVR9DOIS8%2B%2BtMNrVDzdzzb3sPcJETvNIbZc1k10WV9O18xA%3D%3D\"}]}\r\ncf-ray: a1a352d5c9c4b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18928,"size_decoded":6361,"mime_type":"application/json","magic":"JSON text data","md5":"70db28cc479cb743633c7b5d1aecfd73","sha1":"b9548cf6b471c1fd5fbd7a170e07cbf17243d7d9","sha256":"119c1545ab9e35a6f8090299ef02f03b5d34a669e21c90cf9f828794061c6592","sha512":"c82a93a601951dc3f466c481f77921b0ae9c76d89e722390efeffd043337e0738641c7fd7fafe2ac9b7e4e954f5cc317b1a0016061dc3a29673f4d4cfeace173","ssdeep":"192:3uYAxkNej86PSnUYHa4TNuYdyUqVEYiFoMIVVnqWRUldQ4M23kahJzX1nF/6sYvo:ejx40jQASwAkahV0I7iAmi0DRhgEJOe+","tlshash":"d48253676518663c7a7320eac14b7fa4271cbd327306dca4ed1ecebe41e25f8407649a","first_seen":"2026-07-12T22:01:35.262917Z","last_seen":"2026-07-12T22:01:35.262917Z","times_seen":1,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/media/26e4d6f824b54c33b0666324cd0f018a.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.293Z","timestamp":1783893656293,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/media/26e4d6f824b54c33b0666324cd0f018a.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GTkHesFMAugUpvJDia8q676I6bQooM%2Bi5P5N2sBYujTNBdRWz9G4IQoIRZO1D4hKgCupzrDz7ZdnHlkyHRu8usoateh41c6YAazK9GUN6G9uT5aIh951RHxAIi%2BKVA%3D%3D\"}]}\r\ncf-ray: a1a352d7d9edb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":99470,"size_decoded":100479,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x1446, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fa3411773d93f8de394a5fe5f7fc908d","sha1":"3b32dff53270a2f61728ba8e80162adbcbdaa7fb","sha256":"ab21d29fa80489dcd0c549b8fc1a86a3883854dd2ea4c542efbf2cc690d98fa0","sha512":"c4cd3c0f88a40855b1fe0d1991f19afc3f824c18313f57e6f9e0e2fd4cb7930831e50fbce50384f9def5a4f387ff2feff9766cf755397d7513a4899ab1bb470c","ssdeep":"3072:JyMQ+X9mOqggzDkOgvxoepuPWEBfS2Q3lXH:rQuAdDBgZuxc2QN","tlshash":"98a312b3d82196792d1a31e3ffd4a1f64341a4636b2cd8ec88d78721e57f34ea324195","first_seen":"2026-07-10T09:45:03.511746Z","last_seen":"2026-07-12T22:01:35.267146Z","times_seen":16,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/withdraw?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.557Z","timestamp":1783893656557,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /withdraw?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qg4OYtwpSBbWsS4dGfEHZONkHFxp5Ew8CF2l2WZik2ZdQHdxvNsjrTe3gHN4%2BVdCFTKLuxOujFcuKMwNAy7wUjXL2I8bBxH%2B8%2FJ2BR4r1L73aRXw88PyeRyqHgstlw%3D%3D\"}]}\r\ncf-ray: a1a352d98a21b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":156,"size_decoded":1197,"mime_type":"text/x-component","magic":"ASCII text","md5":"dcb549be020f0e7a3b103927874114bf","sha1":"b21576a9bfc89614dd34ec0d3389a3458f90c15e","sha256":"752f22910f45fdce9245374bd634c27fd5403d8ef4779bc0e2637ea94e7ff9ab","sha512":"86dd330c10a28f8805d3be9a8c3a7f01c16b290e26f56a5f35114ce9bb3375dd1d7a208fc7a5dd379990b3fefe77954e7f964c9bec4a64c40ad173467bf03499","ssdeep":"","tlshash":"41c0806141093df55df934c405bdc60f351d420b20d4d0f69057c5117b3701008075d4","first_seen":"2026-07-12T17:38:11.843779Z","last_seen":"2026-07-12T22:01:35.26804Z","times_seen":8,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/play/1309?provider=hacksaw\u0026_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.685Z","timestamp":1783893656685,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /play/1309?provider=hacksaw\u0026_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e9swAjravwr3Gnf8nC0cT8W1xzUqRUzhW5k%2FS0yx%2BW9yMxKxymX1WSOiCTdQ3BjHjm6BCmz2gqdBYsK6Bjb6AhjrhPlfKouIdCtgOUNT2PVstDNkOciR4ohN31sdew%3D%3D\"}]}\r\ncf-ray: a1a352da4a35b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":210,"size_decoded":1228,"mime_type":"text/x-component","magic":"ASCII text","md5":"61f86c62e5d4185f2cb14f4f1d7b8b6a","sha1":"0f7974d6e4c05b361224dc4e4396496458456f0c","sha256":"3c998ee62c0a9023e983cb7e7a4e0243fb99129f71add0a7c28b0ee95748b635","sha512":"2da772c21bad59375b7bdb73865a739b3abe7aff1adbcf613df43178bbfb5697ad6e28c22405b12a77f255fe7fff22a6cbef2defb24d8fdbbf86c8138948e789","ssdeep":"","tlshash":"f9d0a72647053af16c7a1884467dc64f791e100b61c80af190d35a31536302115036e5","first_seen":"2026-07-12T17:38:11.691866Z","last_seen":"2026-07-12T22:01:35.268591Z","times_seen":8,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/play/vs20olympx?provider=pragmatic\u0026_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.747Z","timestamp":1783893656747,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /play/vs20olympx?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Om5leNcggO7fEKv8qo%2Bp533m1cnY4cDA9uoegR59pL3kPd7w5rGjAQWvep1%2Bu4yunYyIQXrjdxGkh8YIC0HO0ecj9U6WhsTUiPR6ThToiQMcFv2lhRW3BCB%2FgrdHfg%3D%3D\"}]}\r\ncf-ray: a1a352daaa3fb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":218,"size_decoded":1232,"mime_type":"text/x-component","magic":"ASCII text","md5":"d8a630dc6bded0f890ce0e6f1b87a2f8","sha1":"312baace2a8d4d83da7690fb50da433f3042fc79","sha256":"079ddc09e7f26a8bbeebf886b27703b895f36c9fb6ff8e721cbe410fb62fea60","sha512":"9e458527f0bba7c7d206b1e32f09be3d90948f3bfb3d08f1c92de16d0db041ce97bf265371c1dd8a23a1eece699ca9e4c86f93a53c95ce1e2c613e741d5dcfda","ssdeep":"","tlshash":"12d0a72642053af56c7a28c805bdd65fb51e519ba1c846f550668a35976303129035e5","first_seen":"2026-07-12T17:38:11.884346Z","last_seen":"2026-07-12T22:01:35.269174Z","times_seen":8,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/fire-strike.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.346Z","timestamp":1783893655346,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/fire-strike.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"108ae-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mJxAynXrr%2FxTJGSXgEI7DRl8ToAv8H4J00BDYAXhHvK6b%2BS%2Fj4QH0Ty3Gezatvr8%2BqKgTNSq4Srv3bjnWJ%2BmMknEoOZSjrNO81CsM%2B9NlZ3661EE%2FDlwlaqOt2%2BiMg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1e948b4eb-OSL\r\ncontent-length: 67758\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":67758,"size_decoded":68772,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b60599e0bc3952067e16891a5fb97653","sha1":"71247bc7e769a0c953cd6458ad536436f11098e2","sha256":"0a3d85ce2dcd6d1aa8b9be3ac6db4ccae0e4f3f832c06b46062df86fd4ab060e","sha512":"34671a695c0cd4a154c97ed5c030c378917af33ca0a5a95b5d7f789dcfd353af6b8c77df1a90e0098e3602936360583a93d1faaee5e9ab8064c7c4c116dcdef2","ssdeep":"1536:yqon/EW4B8UjSTy80dQPYtJ4HpUbsUQtIJTP45lqLbalx51jTos:WcW4BTSTy8pwtQpUbXVJc4w51Ys","tlshash":"096302b330e35429038019f2ee67f84f62a2a5898057115e7907d587cf36c0f52ea9ef","first_seen":"2026-07-10T09:45:03.466313Z","last_seen":"2026-07-12T22:01:35.269607Z","times_seen":17,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/images/payments/mastercard.svg","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.381Z","timestamp":1783893655381,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /images/payments/mastercard.svg HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"204-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\naccept-ranges: bytes\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cRljukXWt43B7UVd0NZYypci9ApvUdB8tHnDy2PO7cqAbT9NO%2FXvZdXZsnAtikEy218XKtgN%2B2p1uCwa7G07iypKmvklMGmesmj5RcMPIIyfbZ6izZLZ%2BpnTNgxjIQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d2295cb4eb-OSL\r\ncontent-length: 278\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":516,"size_decoded":1254,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5b10a5a92e4c713db4c2296ef3383274","sha1":"d4e8b3ffdd780a0e0ddd7b910410e94de00fabad","sha256":"228689600d87172162ceaaa0befff30ed32810abbfec1120b3a09613e37c4c9f","sha512":"567cd2a0882e6b1f9808a4a413db172f7f1b96bd82653abba4d578de6c03fa278d3f16ba0fb9cff5c0d93f7f669a371d80614253f01d002a1cef1e12524eaf9b","ssdeep":"","tlshash":"28f027a0e08790344819465c6f6410212e0fe2c8e344853eda52f5f53a686efe07b9ec","first_seen":"2025-06-26T00:57:44.560445Z","last_seen":"2026-07-12T22:01:35.27063Z","times_seen":22,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-12T22:00:54.631Z","timestamp":1783893654631,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\npriority: u=0,i\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sun, 12 Jul 2026 22:00:54 GMT\r\nlink: \u003c/crown-logo.png?v=pm\u003e; rel=preload; as=\"image\", \u003c/polymarket-logo.svg?v=3\u003e; rel=preload; as=\"image\", \u003chttps://cdn.jsdelivr.net/gh/lipis/flag-icons@7.2.3/flags/4x3/gb.svg\u003e; rel=preload; as=\"image\", \u003c/lab/hero/hero-crypto-v2.webp\u003e; rel=preload; as=\"image\", \u003c/lab/hero/hero-vip-v2.webp\u003e; rel=preload; as=\"image\", \u003c/lab/hero/hero-prizes-v2.webp\u003e; rel=preload; as=\"image\", \u003c/lab/slots/sugar-rush.webp\u003e; rel=preload; as=\"image\", \u003c/lab/slots/the-dog-house.webp\u003e; rel=preload; as=\"image\", \u003c/lab/slots/mustang-gold.webp\u003e; rel=preload; as=\"image\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-powered-by: Next.js\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GayjtTZJyKosVjvHTSyMNxVP3GrFs%2Bn6pDaHvGTh6oOKDMLjEJHGuV8z051q0%2FryKzUx2wbOSOFvW3k49lBOBw4FMnfH41qvq4EQrjUcia9qCw%2FiofnlVDHftdQQVA%3D%3D\"}]}\r\ncf-ray: a1a352cda8dcb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Webpack","description":"Webpack is an open-source JavaScript module bundler.","website":"https://webpack.js.org/","common_platform_enumeration":"","icon":"Webpack.svg","categories":["Miscellaneous"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Next.js","description":"Next.js is a React framework for developing single page Javascript applications.","website":"https://nextjs.org","common_platform_enumeration":"cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*","icon":"Next.js.svg","categories":["JavaScript frameworks","Web frameworks"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":145149,"size_decoded":19871,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (36374)","md5":"5325432be4b75b830016438ca8b42be4","sha1":"4b2fc18b38be9b57fa550ae3f7fd7af56635acba","sha256":"f23c300cf39a37f01d6f4b5e54d7231c8f1cc983eabe1b19506153de63b10c51","sha512":"3b643e675261cfed76df87dfd05909dbccd63517c6b109c1e2c7ea016cb6df7c1611b860809ce691f6ad4f3a575cf389d6865b8b1a6ee68cde5b9a37189faf71","ssdeep":"768:gsOVpxjnjXu/sBk5wTTwLcZ+4NTfmE1fmndfm6BpnWl4kR/yosbbhPVO7DTTvT4U:GLjjsik5wTTfNgjW0hhlvAJ","tlshash":"4fe3b931f2095c2d7033c585e5766fae70a9c116d32a4518f3bf6076e7c39faa6226c8","first_seen":"2026-07-12T22:01:35.271267Z","last_seen":"2026-07-12T22:01:35.271267Z","times_seen":1,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":12,"connect":21,"send":0,"wait":148,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/lipis/flag-icons@7.2.3/flags/4x3/gb.svg","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.337Z","timestamp":1783893655337,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2026 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 20 May 2026 15:48:47 GMT","end":"Sat, 05 Dec 2026 14:48:47 GMT"},"fingerprint":{"sha1":"D4:05:C2:EC:C7:EE:2B:D0:08:68:0D:3D:33:77:48:78:43:E7:D1:E1","sha256":"ED:84:90:EE:71:BC:6B:5E:B3:D2:50:B0:23:3A:06:0D:E0:50:C6:B6:A9:09:36:E6:CE:FE:E8:66:89:EB:4E:C5"}}},"request":{"raw":"GET /gh/lipis/flag-icons@7.2.3/flags/4x3/gb.svg HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: image/svg+xml\r\nx-jsd-version: 7.2.3\r\nx-jsd-version-type: version\r\netag: W/\"1f8-Fh7iCgp1uwbU8sqazbsTfZqWPOw\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\nage: 985034\r\nx-served-by: cache-fra-eddf8230141-FRA, cache-bma-essb1270037-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 284\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":504,"size_decoded":1050,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6dcadf6916764560c2f1fec586e2c1de","sha1":"161ee20a0a75bb06d4f2ca9acdbb137d9a963cec","sha256":"c8be1e7208798a4ae692ee1e937065d498bb29e741943f6172b29118b8ed8066","sha512":"b925b9042182dc31f953ebfe2bbe666822bb9a56411fc1045d46b5b20e68effe25bd6ce65cad1bcee3ef9008768bdb8221f66573d8daa27c60a8d004acada0a1","ssdeep":"","tlshash":"a0f09ec8d32d7045c70793104cbcf8e3d4d962ce559400dab4d09ae4216e7a7d8d7d91","first_seen":"2023-12-20T14:16:02Z","last_seen":"2026-07-13T10:17:34.001497Z","times_seen":3877,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":2,"connect":8,"send":0,"wait":9,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/media/393c7c15-55f1-4872-9e8a-8c4031c9fa10.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.288Z","timestamp":1783893656288,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/media/393c7c15-55f1-4872-9e8a-8c4031c9fa10.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LuTw%2B05gmPkPiSNVj4Fn8cIs%2BZRbnQVc6vVcFf3O4h8kibWazMGvs%2FF6520AGr%2BUoScAyNgmOd7fS7UEKmo%2FMuc%2BGwmitAgrWlM0hG1tJTFG2javAl0C41pJdU3bhA%3D%3D\"}]}\r\ncf-ray: a1a352d7c9ebb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":147468,"size_decoded":148485,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3907fc5dd8d6104080c97e7198a11879","sha1":"103438e410b11e541f5f565b8bffadf10fb53257","sha256":"418df053ff23662b34c7498396d726bc84be81982ee89cc1090161b23ec35175","sha512":"5a2bd52f9e64befa1bfc4292d5683f7a55ce12e7f27a371039be3dddb1598ef76de05ab64774813ecc2f850ff86de8b30ebcc8c43759484b548a1795889eca84","ssdeep":"3072:3dJOJt+Va89AFduFVRqBVjdpCJXOeKr61821ImD6IuxV:3dkPu9AbRPCJjK217v6I4","tlshash":"50e312a450a464d4c36163530e10d60ce8d86fb0962b0ae0f8e5bd8f786fe59777fe40","first_seen":"2026-07-10T09:45:03.571625Z","last_seen":"2026-07-12T22:01:35.273089Z","times_seen":16,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":75,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/vs20olympx.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.511Z","timestamp":1783893656511,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/vs20olympx.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"3e27f-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0iVqCbvp2tJYNy5EUwCtnHCtkzuOdkdyD6EAJmfwBIcdRgOM1fcEbyD7spdtpLiB%2Bi78%2ByFOv3EbAcfSFRMAc%2Bd81zlGepv6RVt0cj9ExWNor8ZKI5Z8OGLE8MvgOw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d93a0fb4eb-OSL\r\ncontent-length: 254591\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":254591,"size_decoded":255522,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"7257e7983f3fc7614dbcc9f60d78e675","sha1":"708154f72258ce55b1e1954a62fcff0d0fc8369a","sha256":"fc9fa196019d6323ea1284aeb52dbca0b466ecdd3c5f28cfdd0a7138daff2870","sha512":"7ca60d36efbb7f6eedca2c18f617f207f04c0fa79a06f9166ed0509e5dfd893b75352ffc31a73a209f1d4a4ea7a21feaf55964f20b51374b6ce6d63b1470a88e","ssdeep":"6144:CiN4IwkOCuSMJO5F14DNQE1+u5n+zY/PhLPhlAkzEe0+X+:CiNgXCuMMDNF1Tn+MBLQkWE+","tlshash":"0b4423b1d86dae1580bbfc317d6837eb2fad593aa9b32129c780c55c715e8dc970c218","first_seen":"2026-01-30T22:42:01.211792Z","last_seen":"2026-07-12T22:01:35.273749Z","times_seen":96,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":98,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/giveaways?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.550Z","timestamp":1783893656550,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /giveaways?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wjwGoFCPLFoKT11wEG5XjmM0fTbi3rcPwbZe20f7RR8ApTwiBfxClwgHiLYkRpxslLnA3GA4hN%2BtU%2FFgagld9U%2FiZhp6KfEuyEC%2F%2BavQGBJi%2F77Oz90fLj7%2B6rjEWQ%3D%3D\"}]}\r\ncf-ray: a1a352d97a1eb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":158,"size_decoded":1206,"mime_type":"text/x-component","magic":"ASCII text","md5":"0bfc3fd789c82ce146c5c12e2b511db7","sha1":"3bdeaf9b85ac35f5a912f96011769c56a1621960","sha256":"f1dde4c7e13818a4c848796b954ce0c1235716f5f2693b720dc202837c22478e","sha512":"f8fec6d2482f589d0d186e791ade1700e2eedd7a3bc078fe1424f7a0d70ad2457ee8fe491daa0d7d5095c346c8faa23b0b68f072c8e538df98e5a3251fcac332","ssdeep":"","tlshash":"7ec08c22420c3ef66cfe2a99286eca0f360e413b30c450f090e38b32a73b12008035ec","first_seen":"2026-07-12T17:38:11.809568Z","last_seen":"2026-07-12T22:01:35.274384Z","times_seen":8,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/6477-9e02b2a147e40874.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.308Z","timestamp":1783893655308,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/6477-9e02b2a147e40874.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"1f6584-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 97051\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aqber0JUgoF6qwfez9%2B7MH52UiWjTfJ%2BEF6TBUjtEFM4t6aqeUY7LruRjnSNtxLPP17l6kIinHiHRzBpFCzjuWhXdpzRWkNhi9Y1JOg4NJmdJAiYoEUp%2F94vK%2FeLvA%3D%3D\"}]}\r\ncf-ray: a1a352d1b92fb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2057604,"size_decoded":579587,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (58638), with no line terminators","md5":"b66b4adf96b34361e624085bac02f4dd","sha1":"2de8fbf5f39e235c724e087c37803769892783e5","sha256":"1a3cdfb687ced8dcc7ab9067134bd56a92782f468c26a9dbe595515555b9ec17","sha512":"7794ef09a3b5ad4c01e2c14b4f1e7723e8dc4b5e1ad6a148c4854ca3046fefb331e250302714bb016dfa238618c722f3cd56f8d87a0fc4f427227934f0dbc757","ssdeep":"12288:8YvBFTs8FN+95dzoX8i3UEPLBTXyXTUCI3184x1BZcWt/6BHsYfowoy+INtbkflV:8YvnXFZ848GYfowoH","tlshash":"77453918872c38b743dd33d136ce0f7aabec09b2a4d2d112dcbe952c62acd74616d659","first_seen":"2026-07-12T17:38:11.894837Z","last_seen":"2026-07-12T22:01:35.275068Z","times_seen":8,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/app/layout-3f0574c4e5d40333.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.321Z","timestamp":1783893655321,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/app/layout-3f0574c4e5d40333.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"7968-19f48011f88\"\r\nlast-modified: Thu, 09 Jul 2026 17:51:01 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 274079\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JKmt6EUEyx2J09uWwwxlRAvirZNR9Srwbc9lN0GCUwyRzeRsQhpS1uADPPQ%2BkvjYq5xfj6b5U0PSWo5i9JSNTxHkoGHMnS4mpPay1str7862%2FDcuSdosU4DlzBeNww%3D%3D\"}]}\r\ncf-ray: a1a352d1c939b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31080,"size_decoded":10077,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31076), with no line terminators","md5":"c0d11d52032af6ad193ca67a8408c35c","sha1":"8932c0ff9004f3317bb6d2e2c06693f5f855a761","sha256":"6165148d41738b1c671dce4457ec8f9742d6b4489d0de7f6c916b30a77d5f34e","sha512":"7a88391810320df94fc5f40b777293396b0f6fef64aac6c6ba2ac848997bf81dd11dc7cedbe7fbf16e450fe788117fe66f79dae4b072b67724e99c13c2590fdb","ssdeep":"768:+s5XQwaevuPsAc9kxPsAzea6AZZGSYY2pxJuFFdYnQ:+s5XQwaevuPxnpMpxJuFFynQ","tlshash":"80d21ba6920a293cb5b245e8663f910cb17f6b25d72e4414b7bf2c313b498cd92727cd","first_seen":"2026-07-10T09:45:03.495816Z","last_seen":"2026-07-12T22:01:35.275778Z","times_seen":17,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/gates-of-olympus.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.349Z","timestamp":1783893655349,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/gates-of-olympus.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"f0d8-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2xg0z62obYkhd64Ww93sJpomSSfhAeM%2FM1%2FpdYzf02l9R%2FDWVOMO0pbHO3YHYAI8BWag1uT6imR2qgR%2BzBUZc5bIkVXF%2FmIe7rQG6n80bo4PT9805UNYhyYD%2BF7K%2Bg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1f94bb4eb-OSL\r\ncontent-length: 61656\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61656,"size_decoded":62667,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5385dc5af3e323a64c8d460d53b38ea7","sha1":"afc4f25c210eac7f54158ffd13150d59beeeadeb","sha256":"5ffe571c58535b5f6923bf0b35f0b27c36c239359e768471b98115af0412fbd3","sha512":"c7a53ad11441621d6e599f71718d8688d94957852071c5599d29b56fd31de6c11780a9b5f21978ff6fdaad1893f2081d561f1687e0997b53186b26c744d0f1bc","ssdeep":"1536:GoHQqhP4lyxAukMALYYqYxxYw8XA6e4cr2Qfm:fhP4cWnMAI+xKXnc3fm","tlshash":"ed5302d492d4b92234c2583c7abb02585424e6e42712d59a737b769cfc32e89fcef885","first_seen":"2026-07-10T09:45:03.47386Z","last_seen":"2026-07-12T22:01:35.276397Z","times_seen":17,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/fx/rates","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.959Z","timestamp":1783893655959,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/fx/rates HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 522 \r\nretry-after: 120\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\ndate: Sun, 12 Jul 2026 22:01:15 GMT\r\nx-frame-options: SAMEORIGIN\r\nserver-timing: cfExtPri\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: a1a352d5c9c3b4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 7217\r\n\r\n","headers":null,"cookies":null,"status_code":"522","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7217,"size_decoded":7672,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (510)","md5":"6b7b0b80ff07c0f40f5ad9b546579b55","sha1":"6b8c0b4d306ab9aa129ed14bb37f09c7ef795ea8","sha256":"69878544c822748a4c0bbafd8fbde39bfc2b376e3f40c0701d64a951ad4ce4bb","sha512":"74635e80d29a4c7b6badca3273c21067353692bdefd115b9c46ab49744df16a7b8ea6de9e4f1724b27b85a8407e93dae7926f9a7655bacde29f6aa89208c6759","ssdeep":"96:1j9jwIjYjrDK/D9KUeSG4Fh8/G4FoI424F2+skKm/jotQmHB+dWSIp7RJlSaQxP:1j9jhjYjfK/BpeCcVyjoWQ+DG7vl9eP","tlshash":"2fe17572b1f5127a00a381923695fb5a79e0c617c7ef5494b3ddc1732f9ee85e903290","first_seen":"2026-07-12T22:01:35.277055Z","last_seen":"2026-07-12T22:01:35.277055Z","times_seen":1,"resource_available":false,"data":null}},"time_used":19508,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19508,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/8347-2cdd515f34b89f12.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.304Z","timestamp":1783893655304,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/8347-2cdd515f34b89f12.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"20f6-19f2fbf1600\"\r\nlast-modified: Sun, 05 Jul 2026 00:48:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 598358\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YkyyON9vtu0CGjNSPSIhOgWs88Q9H2h40ojMqeus5eggJnww7RYE%2BOnMN7icOqwDK3ioq9B3K68cqLxVu9W0Wg5JDjDMmMvD2gP0Ki5sKjx4VHfTPWGk%2BbdSm7EVWg%3D%3D\"}]}\r\ncf-ray: a1a352d1a92bb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8438,"size_decoded":4202,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (8438), with no line terminators","md5":"49950202b034f7c0521d2f2129c83c84","sha1":"b39a0b9a93e867cf8675f483507f08d29d1375f9","sha256":"b35f82e8ce5a7a8b3b1083a9731c3d7351973f866106ebffd0c69b90405e5db6","sha512":"e40aac677169b6d180e3fe9b824cb491c49e9c1298c17f6a222b00343907f3ae29daa5d7b2a5c9af388e54bfcd0f92611283a303bb310752b5721c51c943be04","ssdeep":"192:njk3KSwJQV71am/oOJZBOcIkQmAYxDvLZNIw:jk3z1D/9JZQkQmAYdvLZNV","tlshash":"8f02daf5b762383149ebc2d6b5722942f318078e6628d81051f50d2e7358e0eea52fd8","first_seen":"2026-03-03T22:08:14.650035Z","last_seen":"2026-07-12T22:01:35.278324Z","times_seen":27,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/hero/hero-vip-v2.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.339Z","timestamp":1783893655339,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/hero/hero-vip-v2.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"12118-19f1fac3ba8\"\r\nlast-modified: Wed, 01 Jul 2026 21:53:29 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BQzDVV6CP4DC2N5rcIHZibCLaiVVSCYetYnzTyvGwlMgbHOoEKom4axIFfD7kQ8CKQ9rkSXf718xX3LqeWeorK7VixvkLOiI55j1g5Om4JwLkdyDI7fLaTD%2Fsd8XcQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1e941b4eb-OSL\r\ncontent-length: 74008\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74008,"size_decoded":75010,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b3619e2f0f7800d3951be34c267663f0","sha1":"b998fc7861c09dd7964f6ec1f5d49b793efea76b","sha256":"289834e4120de421eaac532dac21b56392c4a8c1fe499da2497b618be35d51b6","sha512":"2accadec8cd6e89ce82a2bef3cd057df9f742ff41561ad08d51aad21a3f532a2a6b380799fef0379dbf0b0748425a3317352943994626d95b83c3d04d79e7bf3","ssdeep":"1536:91HLNi5Iv2jucGwBgKvRVTSy4w5jlD/rLWIh36OLm2:91Hw5MaRLR5S1wjA2","tlshash":"257302ebba9b23cd5914bbbbd3004c06c72db345858d5aeb36a512c22a071fcaaf0515","first_seen":"2026-07-10T09:45:03.54267Z","last_seen":"2026-07-12T22:01:35.278992Z","times_seen":17,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/images/payments/litecoin-ltc-logo.svg","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.380Z","timestamp":1783893655380,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /images/payments/litecoin-ltc-logo.svg HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\npriority: u=5,i\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"1e9-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A71auI8klLuQo4Fspbmmvhfah4tUuCSv%2Fl%2F4tXxKW8uzG6JXJSsMfUgIihq9U2we1pXpRwELqq5Tl6Mjm6%2FjF%2BIquQvrRARbdrIIJhK6QpC7ytqtUve5ZDH5xH8Qcg%3D%3D\"}]}\r\ncf-ray: a1a352d2295bb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":489,"size_decoded":1263,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6046cca14ef5741d48469675250f8d1a","sha1":"e5d3cb531aa29112387e94a9d68a1ea583576c8b","sha256":"20dd004b22b76d98151807b3ca99196f84edf24cc5d66c33e3aaabfd9ada6d19","sha512":"e4153f5893945f12cf4bcb8b0a66e1b360fcbdd62be00058ec3e6d32452e3aaed2913e3328ca99a3067acb5ed5964df60796b7e56199dfb316790bc413877b31","ssdeep":"","tlshash":"f6f0d47bdb50ce2ddb50472cc0c2b50210704542f1c24294ef97012cf80b8b3747c9c2","first_seen":"2023-07-06T20:31:16Z","last_seen":"2026-07-12T22:01:35.279612Z","times_seen":793,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.662Z","timestamp":1783893655662,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://varewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 01:48:42 GMT\r\nexpires: Fri, 09 Jul 2027 01:48:42 GMT\r\ncache-control: public, max-age=31536000\r\nage: 331933\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-07-13T12:18:10.107777Z","times_seen":233449,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":29,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/lipis/flag-icons@7.2.3/flags/4x3/us.svg","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.292Z","timestamp":1783893656292,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2026 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 20 May 2026 15:48:47 GMT","end":"Sat, 05 Dec 2026 14:48:47 GMT"},"fingerprint":{"sha1":"D4:05:C2:EC:C7:EE:2B:D0:08:68:0D:3D:33:77:48:78:43:E7:D1:E1","sha256":"ED:84:90:EE:71:BC:6B:5E:B3:D2:50:B0:23:3A:06:0D:E0:50:C6:B6:A9:09:36:E6:CE:FE:E8:66:89:EB:4E:C5"}}},"request":{"raw":"GET /gh/lipis/flag-icons@7.2.3/flags/4x3/us.svg HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-length: 308\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: image/svg+xml\r\nx-jsd-version: 7.2.3\r\nx-jsd-version-type: version\r\netag: W/\"288-N6tykxPUfRT2NzJqFDLuAuYttUQ\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\nage: 985130\r\nx-served-by: cache-fra-etou8220072-FRA, cache-bma-essb1270055-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":648,"size_decoded":1054,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1d23b9509d0a0a828e3071096b0d2edf","sha1":"37ab729313d47d14f637326a1432ee02e62db544","sha256":"e7be4240cf57987926673708f09233be1ab6bdf35acc7b86bd32a263f197a2a7","sha512":"b658ce1342283e8c9155e9f626a9ea094bbf2c7094e59459b3bc262384bdfd65b170b6110935c9d3a2989cac6e24efdbbf06e73f9fa9fe74119e60595d8e8650","ssdeep":"","tlshash":"80f0f4f1d2ece5a8851136cd1fbdb6a823d8bea806400dbba04c3c6c2425d7667835e8","first_seen":"2023-12-20T14:16:02Z","last_seen":"2026-07-13T08:02:39.907134Z","times_seen":4057,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/app/(main)/error-e76e5ecab04323eb.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.318Z","timestamp":1783893655318,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/app/(main)/error-e76e5ecab04323eb.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"23d3-19f48011f88\"\r\nlast-modified: Thu, 09 Jul 2026 17:51:01 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 274079\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ncjc5zaPnvEzGViiHjks8tWEj0jOoWToZ78hlkrP5y6iX%2BIcHEME8FZn8WlWkcK7THz7qYDqYmpPmHfuPyIq7QbrDzWf%2FrPslfHUoZSFUuhgpJcXG%2BdGNDpaISI5JQ%3D%3D\"}]}\r\ncf-ray: a1a352d1b935b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9171,"size_decoded":4213,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (9171), with no line terminators","md5":"ea37a6907bbf49850fbc241b021b98ac","sha1":"0c4b73cae7505f9098532e047b378bfae64317ac","sha256":"38ad85b1457519a9dc72e54394f3996d7560f3d34e3398ec2ec72a9ed62253aa","sha512":"dc3684031a1dfd4df683fa10824f12e47c829ae2d20a92efd4820e6ad9e55732c6a9784530685c9356a7af34747a1a16f700f036f08e09d75bee9b15f06256cb","ssdeep":"192:lTzTFtTCTnsHTTYTetT9TYTFTYTcTLATnPtpSTiuTQTp6TPTSDTETzT3sToThTF9:lTzTjTCTsHTTYTmT9TYTFTYTcTLATPrw","tlshash":"681224fe5f9e25ce5512c3ccaa4ba040d7de0338365e4821a58ea8b9c241956fd77f24","first_seen":"2026-07-10T09:45:03.528266Z","last_seen":"2026-07-12T22:01:35.281579Z","times_seen":17,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/wolf-gold.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.353Z","timestamp":1783893655353,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/wolf-gold.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"e082-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1%2BEyoPgJ0cSujV9PEeKs1JOvseAbK0%2BfjpQq0F%2B3KkAcDxFbN9Jq6jXd24KAQPwL87o%2Frvf6Q69q2QjVsJK9PKybIrBwmfBep5p9730EcvL8kuDOZC8M%2BVq6yqGAUQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1f951b4eb-OSL\r\ncontent-length: 57474\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57474,"size_decoded":58481,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6705cd397c489728422c0670b86b5901","sha1":"c4de9ddd398312a49b6851018b180cf61b0b7deb","sha256":"44d27f27efb951e48ffabb381be0b255de5b0555f7d257b4ab5b297bcff8d5a2","sha512":"3035ba279c99aec13340c48187b829d2ae8c47dbe888cf5eedf2c591db098d2b1538d7884adca587828e5878ec992b4e0471e5baf74d80779768462ea3cfe397","ssdeep":"1536:U37DpmX6h92fm+68Cf2g7OE3mWwpRAUiKeyUo6xTsL:UrDAX6HE8CE2WwSUiKe1Ji","tlshash":"0c4302c18280cf866909c979e8b441413463051aba97b5d6fe1afaa20bdf14b3cdf13f","first_seen":"2026-07-10T09:45:03.458684Z","last_seen":"2026-07-12T22:01:35.255734Z","times_seen":17,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.659Z","timestamp":1783893655659,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://varewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 36932\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 04:44:35 GMT\r\nexpires: Fri, 09 Jul 2027 04:44:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 321380\r\nlast-modified: Wed, 10 Sep 2025 16:31:03 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":36932,"size_decoded":37745,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 36932, version 1.0","md5":"7c87a648293fbb5b2924aafaa59e8aea","sha1":"c57593e0adc4cf99dd9e67cb782242220a061a9d","sha256":"9fea608a947e67020c33cad9a6fe3d60c54119dfb8cff87768a8117a15ed7543","sha512":"764ced325a768dca84e1fb0cc458818239ce379dbcbdb324ee8849bbe15f54e3f0254ae6e52ee5a92741840637b4f9885d246a0978af23176b3acfe5b9cec23f","ssdeep":"768:mMQPOAQQKW6GccoXQ+OGpHNzXgtDM0SVu7P3nqtPl9Bf2csDpHUjbYE8j2:mMQz4W5og+tpH6tDJku73EPlPOcs5U/l","tlshash":"c0f2f23e7ea5691487c2b0be506b00935344c9bd37c18121bbb953f44ea67addc5d63c","first_seen":"2025-09-11T17:08:25.889763Z","last_seen":"2026-07-13T12:08:36.203591Z","times_seen":29708,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":55,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/crown-icon-512.png","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.995Z","timestamp":1783893656995,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /crown-icon-512.png HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/png\r\ndate: Sun, 12 Jul 2026 22:00:57 GMT\r\netag: W/\"3d605-19f1a0f2520\"\r\nlast-modified: Tue, 30 Jun 2026 19:43:48 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MvkaDbiTbFwlaaBmYmQLHWLkWtMrCkHdqkJ%2Ftc59i0mrCMaEgz6rzFvLdcIqlDE%2FuXfmpkUAKayBSoU3L10PwCzMQBZYerA28W7ZVELPkRci1BN%2BQ2RC9nDik%2FNIKg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352dc3a60b4eb-OSL\r\ncontent-length: 251397\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":251397,"size_decoded":252406,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced","md5":"80d4744555e10615fd0705451496696b","sha1":"cdbb7f742437134f1a5d60165acf86ad5213db97","sha256":"6e73823fa9392ebc0bf9d73a2d4125b570b38729f8d9ea310afa814fd6256abd","sha512":"c9bfda11e02a25c4582ae239c6e168d59accaa434e697ce2aa6d510edf759e3a24f623e9219961edf63a7a4a1f0dca027a8f06f505a2a544c73b0d3607457b3c","ssdeep":"6144:NVPLp8eA7j5PdHoachilP1Odjbn36A3EHgbmODh5d/FJH4VAvLX:NJNEtPh8ldjbnKTcp15ddZ4VAvj","tlshash":"8534232db096f918cc4e7f515e3d4f4a95b773eec97db804619865ae8a3d29030c4b2c","first_seen":"2026-07-10T09:45:03.470767Z","last_seen":"2026-07-12T22:01:35.244679Z","times_seen":17,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":98,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/fire-strike.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:01:18.611Z","timestamp":1783893678611,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/fire-strike.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:01:18 GMT\r\netag: W/\"108ae-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UUlIaNgws9pomRMqfR0GEuezQ2IFfBd6bqG14OUrs87MAgjJaqKRbYLawTMGDNP4izp%2BauACCBzxwVc4RHG69nIJqxPXQYJXvi7PxJ6sCUP7iV%2BnTlQgSHY65doCPA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a353635b07b4eb-OSL\r\ncontent-length: 67758\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":67758,"size_decoded":68760,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b60599e0bc3952067e16891a5fb97653","sha1":"71247bc7e769a0c953cd6458ad536436f11098e2","sha256":"0a3d85ce2dcd6d1aa8b9be3ac6db4ccae0e4f3f832c06b46062df86fd4ab060e","sha512":"34671a695c0cd4a154c97ed5c030c378917af33ca0a5a95b5d7f789dcfd353af6b8c77df1a90e0098e3602936360583a93d1faaee5e9ab8064c7c4c116dcdef2","ssdeep":"1536:yqon/EW4B8UjSTy80dQPYtJ4HpUbsUQtIJTP45lqLbalx51jTos:WcW4BTSTy8pwtQpUbXVJc4w51Ys","tlshash":"096302b330e35429038019f2ee67f84f62a2a5898057115e7907d587cf36c0f52ea9ef","first_seen":"2026-07-10T09:45:03.466313Z","last_seen":"2026-07-12T22:01:35.269607Z","times_seen":17,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/hero/hero-crypto-v2.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.338Z","timestamp":1783893655338,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/hero/hero-crypto-v2.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"dfa2-19f1fac3ba8\"\r\nlast-modified: Wed, 01 Jul 2026 21:53:29 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HQ4rY6Wt%2Bq7bA7STA8fZfutyB4WuCbDtlpU%2BJUXZQY7p5OmtNb4YCOuaiIKZxhpyrL%2B3mm%2FP3zLeOTdpu8cWb%2FrORdYLNKb%2B%2F%2FY2nlWmG2gnRc4cmBmiwyn6297%2Fzg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1d93fb4eb-OSL\r\ncontent-length: 57250\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57250,"size_decoded":58265,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"56c58dba7ad45338604758c52e42af70","sha1":"491d07877f76c506fcadfc44a78f9de50271b96c","sha256":"6ddf7100c55662774a5dd5586a4895e0beda986e0ebb317899bc4029afd121cb","sha512":"b59a876576f35c880216286c5df93e91623335010175890c89f64e8e3b1ffa27a9bc7dcc4729ea30bf503ebfd15e9599fe2e73e96c91c115eaf81168fdf384d5","ssdeep":"1536:xywBsATj+mNGuSdV/idOIuArwisjvouYmptY3:xDTjltvdH/wiKvoZmptq","tlshash":"3543f1193565594a2f015cf9f56b0ed68eec835608ec18635df6714eaceb3430e32d62","first_seen":"2026-07-10T09:45:03.452699Z","last_seen":"2026-07-12T22:01:35.282632Z","times_seen":17,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/avatars/avatar-02.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.285Z","timestamp":1783893656285,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/avatars/avatar-02.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"88c0-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lhRxHtDeQKSfyaU%2B6M4Vgr2RUATQ6HhJaLSWgk1rKG8%2Fj0uv%2FNx2FAjo12KnSH%2BzuYVgrS%2FzeXJzGi0gi%2FgX97CfiYhQMn6lIyenofckiw92oaZ0RJroONQ3A6k3sA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d7c9eab4eb-OSL\r\ncontent-length: 35008\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":35008,"size_decoded":36017,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e24a10a59b8477837b5c35ebe08bab8f","sha1":"8fe74c26ad32ec7aaf96ba81351dd927422fd32a","sha256":"8e6e00abcc1788dd41e9d7d17fca30cef3556aacec8fe332b81f78d694282228","sha512":"cf3153db4a58a8ac1ad8c27b900fbda406340d20a6715d6ce1339f26242aef3f68acafedc3f87b787d029c4c5fa9cb7ec70ab1a495fd29db7945f09e3b6706a3","ssdeep":"768:r4q8fc4wlex68jL0fXMNTpWxjJN6MfnVTMiYd:rmO06CYXglUdgaVMiYd","tlshash":"24f2f1400d366927ff80a08bb92d255931c0fcb79be814a688ed79f2860fcd756b935d","first_seen":"2026-07-10T09:45:03.442356Z","last_seen":"2026-07-12T22:01:35.283457Z","times_seen":16,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/avatars/avatar-03.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.290Z","timestamp":1783893656290,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/avatars/avatar-03.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"b4a2-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U%2BIU5Ft75PuJieP3AjNvCgIDg%2FlDt8ikDuHjDfHr5vdGb558aefVNsLp%2BfKmD%2Bq%2BHSIq5worzq9BA8WvKLuYE%2Fe68HakapwP4gtYhhhglXwF%2BL1dQYpnO1%2FBoNRtlQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d7d9ecb4eb-OSL\r\ncontent-length: 46242\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46242,"size_decoded":47255,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4fa74b80fc23a23ba9722e49be63a1e2","sha1":"1528f3b571fa660a31c45512b9e03553e98196c8","sha256":"b1bd6d8981b4f1567ab01976abfa8ced2a98cbaa78c8797b705353358a037545","sha512":"e1dc691b8ce5b9a5967c0a68b07789240f8780229c66086a289d3111a3e5bd532d6a8e98f012a0eeda7b18766b9945d49e1983fc9c5dbbbf79ec0d165d2b092c","ssdeep":"768:w1QjAVPlh5VliciOsObs+1nZSlK7NVOv/FtdM0tPKiHHvKo6IkECeVW0D4bq:wh39imbfbOvvC0NvKo6mbxDy","tlshash":"5b23029f7b51abcb0970a3b1545f8bda7e58f43941e27337eba10d908fa025d0825c6e","first_seen":"2026-07-10T09:45:03.501591Z","last_seen":"2026-07-12T22:01:35.284527Z","times_seen":16,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/1309.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.500Z","timestamp":1783893656500,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/1309.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"2ea88-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qV3PldkxTvzP8INxYXJ1A3tG7VsV%2Bnvy3EfnLnqEvCeMuIB2KTiRpMGnsaFpYD0qU0hT3yek8g3JZ9gd3oPg4%2BIpkEc8nZgempbry%2F79K%2Bs1RaXqOhqY9edKQ09uqA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d92a07b4eb-OSL\r\ncontent-length: 191112\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":191112,"size_decoded":192045,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"67de634afd975632ed55c97a46274d7f","sha1":"266f437d9a77778edf3648153208b5ab234d482a","sha256":"2dd2997203a4aed12599d29f3b7acec417219602caf5ccefac1e6412de958224","sha512":"39bc73e745ca4e806f46bb88fd497f0da2c6b409d7f5e5e09fbc132688afa610080ddcb1928509636b1feb3cce304a7b4a2b656ccde12c295e0d21fc889edbc1","ssdeep":"3072:DfXnSkyhQNXDwrkbAF8UqsuJj5CMvQ3HrtjpnwzQr4YQ3iNekbEG9iBwUB2:DfX/+QNXDwAbAAFQ3Hrt9wzQrciVn9iS","tlshash":"bf14239ed7c056511be03a4b00d69f49a0afa22465f81af1c9fd35dcf1242ff82a8728","first_seen":"2026-02-02T19:22:04.376431Z","last_seen":"2026-07-12T22:01:35.285214Z","times_seen":39,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":76,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/play/1164?provider=hacksaw\u0026_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.691Z","timestamp":1783893656691,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /play/1164?provider=hacksaw\u0026_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vVxXzQUfdqhzcLI5vxwy5PyZzsQhRcRCFoHOGBvGAj5wAgeb4T%2FBsSLoQqtGHOnG6aKzsMv521ifuSYGqjeJIYV%2B4tqzvvMj%2BzPmuejduNBZe4mMust0%2Btn21dXTaQ%3D%3D\"}]}\r\ncf-ray: a1a352da5a39b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":210,"size_decoded":1232,"mime_type":"text/x-component","magic":"ASCII text","md5":"98ae05ea98c842962bdab96741a49fda","sha1":"169d031f7e1948b0ababbc917473af5542ffe560","sha256":"34e651b58ba6694c48b3fd74a6e3d7472b646241cb668a078a9d2841496b4c4d","sha512":"009407db9f0ed842bf9eec889100a22d5bcabaa0ed8bd2058c3639f1c793ad111fe9bd9dfa5ed0eb6a46966c8db8377ba18d7926b8530cc7d26a8f737726b7ba","ssdeep":"","tlshash":"4fd0a72647053bf16c7a1884457dc65f751e100b61c806f180935a31536303155035e9","first_seen":"2026-07-12T17:38:11.922317Z","last_seen":"2026-07-12T22:01:35.285833Z","times_seen":8,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/4038-49fdd8ae32fa9982.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.310Z","timestamp":1783893655310,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/4038-49fdd8ae32fa9982.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"1415d-19f51bbb178\"\r\nlast-modified: Sat, 11 Jul 2026 15:11:23 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 110049\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IdQNuXj%2FA6BcppCqV7pfP5%2BDg1eqKhkyqtti%2FuUvxXTc8Kln%2BwemeGit2JndiqHqrjzC92%2F4BfSPUvSj84n%2B06i7Zm%2F4gekvBAWSAin0oFiV2FUj4VHDHGIrjSl56Q%3D%3D\"}]}\r\ncf-ray: a1a352d1b930b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":82269,"size_decoded":25782,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (60669), with no line terminators","md5":"fcc0345f008acbe8f529de677f7ea0b8","sha1":"4709ac8c02289d17f1a27caf9f719c3199e33199","sha256":"94702b098b138dcadab4016ec2aaa5431ce4daf3592629f2b1bd4bfea2c18363","sha512":"40efb9d579d53f9a2b66c219b459d80829c15026ef38f76021613ef87027131a8a09f3ad0c4cbc7d7421f37e3632c419088eeafc6f2907fd8b471081a65c4f18","ssdeep":"1536:kjI+qNzajw1Muc9T05eMK89JgRPWSEtmfPjvss85QxnpYQoQCsdZ:k0plajw1Cez9JgRPItmf7v85mnWRmdZ","tlshash":"178319256609315cf17bc58872cfd91db26e362ce61ac578bf3e7829179a0f4b126f80","first_seen":"2026-07-12T17:38:11.838423Z","last_seen":"2026-07-12T22:01:35.286472Z","times_seen":9,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/avatars/avatar-04.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:01:18.614Z","timestamp":1783893678614,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/avatars/avatar-04.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:01:18 GMT\r\netag: W/\"94f0-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HUsSeLZh%2FsJEpwAMTs2E65C1ryEi6OfiRdEBf4Fh7xYSSAhHewzqG068xKPCgpJpnSa%2FFH3%2FL4LWHKS2UriVdmurRnLZdTo9WM2uUQzGn2aZjSCDqlO6MOfCiXlYeg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a353635b08b4eb-OSL\r\ncontent-length: 38128\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38128,"size_decoded":39131,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2d1c641d7f049af251a09cc0612e3d4e","sha1":"78322f070a54ebf93d74d7a8c0866f7db2881f51","sha256":"648865fa8c4429e627aaba9d6d51567f845c8aff7b8342ba684d2e014e4538b8","sha512":"31349595037ecd2825a344ce198fc486a4839bbe2ed62424cc1dcc6eca865ea42166a414b44da70e78d2ef646f1dd60f49e0e7613794ab0f4d127c3a71821f88","ssdeep":"768:7RA7zfI1kCGn8v2gRs2OOq0UY5paW/1xlY5njEaClicAsp3JLgwhzR:7RmfAynLge2OOPmM17YuaCli4p3JLLl","tlshash":"7e03f115d030bf43b8a5c5b5c7cfd8c62e9adba542bb83e152540a8410af1f1bfa2d21","first_seen":"2026-07-10T09:45:03.517578Z","last_seen":"2026-07-12T22:01:35.287301Z","times_seen":15,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/webpack-88bb21cc9b698da8.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.297Z","timestamp":1783893655297,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/webpack-88bb21cc9b698da8.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"d78-19f2fbf1600\"\r\nlast-modified: Sun, 05 Jul 2026 00:48:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 598358\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fhYb%2BDbEbRg1QYzWcbDHt%2B6FscahcR1jqcfO7%2FCwfoNHTqFOXl%2FEFzq1qrvVLhuS%2BSKJPeMayyFoyQ1yJon9av07r9FTHMgLICmKRe6a6L3k7wyUo%2FZaKXIanQ5OYw%3D%3D\"}]}\r\ncf-ray: a1a352d19926b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3448,"size_decoded":2748,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (3448), with no line terminators","md5":"a6e899e41a949fba95deb581bb003e29","sha1":"89ba1afcdead5a1d29e3f536b345fae2dba1b13f","sha256":"6e412f48b783c41ca2068b946c56cd6312c80b2d3abffb6dbfd140e72c87ba60","sha512":"37f42a21cc92480d8f99693a786fa2152a4eb6e87e9543a80d7e50e46bc07d6baf311b4dcee59547fc6bb6e1af56aee9c0ff37c864449797ef34c6bfe4d4b052","ssdeep":"","tlshash":"0a6195a93625f9b556f108868c7ed142f21a6037051af8a0e717dcf9b464ae20562ff3","first_seen":"2026-07-10T09:45:03.472302Z","last_seen":"2026-07-12T22:01:35.287927Z","times_seen":17,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/8602-8018835a2b8c6467.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.306Z","timestamp":1783893655306,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/8602-8018835a2b8c6467.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"39f9-19f434d24c8\"\r\nlast-modified: Wed, 08 Jul 2026 19:55:57 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 352637\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DXOWAeoFEGoSZJoM1YSwWcXaHgcqygbvuFwp%2BMlZVGB%2BA42bQFxj6fon4NqsRGuwTOau9ODA7BdlyCRLTqxvWvN%2BNhY5xeQZetcARiXW4LK%2Fo2nW6k%2FTWH5Km2atjg%3D%3D\"}]}\r\ncf-ray: a1a352d1a92db4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14841,"size_decoded":5892,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (14841), with no line terminators","md5":"f366648bcf45d5debf0c1b40cf7d2f5f","sha1":"0b1a9b153106e4fea89f7cac44766d059c2e5941","sha256":"673a7d8aaeb6a9b355d1054015014fd544c8be225843d7bc37d39210d4caf7cd","sha512":"87bc2980f9da79d98616c2345107d092948b85ff882e652aee6ea02a2b3e01f9f8a2f49bd4835069e0487ce71bb42d9591bcd223fe11cb936a9d27a489040e70","ssdeep":"384:iTrTbTaTUnT74TeTVTwT9TQTkTz2uLSD8Tl4rmN2tTRT5ToToT3TuTcTrTP8TQTz:EP/MUTa4NOlu6zVmD8J4rhVxJ22jICPz","tlshash":"936286be77dd348d5a02e2e8d92ba0039bae0138264c4434b14ee4fd5958947987bf3f","first_seen":"2026-07-10T09:45:03.507605Z","last_seen":"2026-07-12T22:01:35.288512Z","times_seen":17,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/starlight-princess.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.351Z","timestamp":1783893655351,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/starlight-princess.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"17660-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SIGPsQUlhebW8WvZGvDHAS5%2FVQ0tRJBz5A8K9sCVa2UG%2BWVXkv%2FKUwF9pxBauWSIK9moyeNGuDwxXxk%2B0PVtG5Wo4brEzFAofyVIo7tDTCVIENKsbvtbF26jhHBPQw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1f94eb4eb-OSL\r\ncontent-length: 95840\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":95840,"size_decoded":96846,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9824b494b8ade7c0157812b4aacaec2c","sha1":"d57539bf59f9115e0ed688bf2a0d6c52463e8fcf","sha256":"6c5adb95eeb1a45770a8d30d019378335141a52e1af4472b0cf4b4645ed93f6f","sha512":"e1942c4af37eb41984eb54b63afdf61f4264b023afcec48b8fca603883093002d21f90db0aaec5ef65ff0bc485fa5991eba74393b18181ea1c146c039c058d42","ssdeep":"1536:HGXhI6Tit+KvC2DM768fnbxPExl0l9lWlXY+nuCnt+8V+b5I7GKI6Izs:mS6Tu+KvXY7JfnbxsDa9liXY+nDt+8YS","tlshash":"769302da9eb729e7f6419b36062479c256fd49dd66239e3032c9e18ccf740f442ce892","first_seen":"2026-07-10T09:45:03.50984Z","last_seen":"2026-07-12T22:01:35.260154Z","times_seen":17,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/avatars/avatar-12.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.281Z","timestamp":1783893656281,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/avatars/avatar-12.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"12bc6-19f126f7068\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:01 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LWDDuCWRXTaUNhREUR4iTXv%2BCpsEPpOXMnDnY68xqquMcPsgiB0eMMcAFSSj1gmol4nOSrrQZbpfes2KV6U5VFU7F0BSEEXcgdcDkDKiIm3t3DPdRlNsQ0vNihv%2Bdg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d7c9e8b4eb-OSL\r\ncontent-length: 76742\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":76742,"size_decoded":77744,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c35c1f1f8d87f2422799f9d9af427033","sha1":"5093a2f29b0632465cea85b65bb78d294e740de7","sha256":"ddd3bae877e7d338d3b4f7be9a49fd75bc81b80cf2a01f3832c390dfda1c53df","sha512":"1a62544cda0cabf2f240441ae1df8b87ab97f99d1dda8c161afa0ea5cb105211cb8055d5a20e3a8a60144c4e4896cd2aca94881c1583b2f5ead543b225ff7040","ssdeep":"1536:KZCv5oKqfLXRczTUnZFdIqTXsqqDQE6giYWyS:1BoK6LXKfgdVT3/YWyS","tlshash":"4c73028e9af50172e91dfbdd7eebadb1e79a71c625d7d0aa38040a00b05061720dbd0f","first_seen":"2026-07-10T09:45:03.502567Z","last_seen":"2026-07-12T22:01:35.289066Z","times_seen":15,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/2032.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.516Z","timestamp":1783893656516,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/2032.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"13a12-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bilu7CJX%2B4Kx1vIHoF2GWcMbRa%2BzhiBEDVlC%2FbhNdaRVmGkxKvUqyGfTNmvyCR2vn4JoOwsXWqIAS2Zqb8dZ%2FGhuvLnYXVxI8wdtL10M1IX13pJy%2Ft0EZ3FJ7zUWNQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d93a13b4eb-OSL\r\ncontent-length: 80402\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80402,"size_decoded":81333,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x1714, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e7dc4522e10474c081773974610ab511","sha1":"3181b650b874a6f00af8cec083cc17dc01c003c1","sha256":"3c6e6e37ff2520c65c5ad44b99b019b5089360f30b99a435b54e11d80908704f","sha512":"3756ec09c7d883607f9bedceabc3d21dd409db40a12bdef1972a83395e851e570d605bfe51318ee476215efe60ff6a1416ab09a70a33914efcde43b792f04c47","ssdeep":"1536:MYPvqxixFFUpIiaxvmXukpnHyAlj5EYGw4n68VVHiP2:PPHeifxvmVHDOyO68fCP2","tlshash":"617312f11f9a0df6a1ac63a05a91c95e33bc1b5de1c745ff06c58e28f62e04642e4e6c","first_seen":"2026-07-10T09:45:03.513887Z","last_seen":"2026-07-12T22:01:35.289626Z","times_seen":16,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/news/how-to-buy-crypto.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.525Z","timestamp":1783893656525,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/news/how-to-buy-crypto.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"137f8-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ds09SfY5wVxUmbvOQMPl%2FUJjTWkIv%2BwQk5x9JIcWKUJb5vBf%2FDgcyxF9KiCTWa%2FTdG%2FJq4Ijj410VDKwlBG1c8sh4lfkPU0ORF6PE4Fi%2FlDuOELoL428pftfJCa8hQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d94a19b4eb-OSL\r\ncontent-length: 79864\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":79864,"size_decoded":80874,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1376x768, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1107d21122506f88e0850792ab1fcaad","sha1":"30d895ba8c7434e748ded830911cc67a502baa28","sha256":"9704548ed0dae59ff4ce90cdde49cf54d0ed4bdcf9c4347235d4fa2da39265d3","sha512":"8a81780ea3078a9edb6cd267091142643ff671411b5152501df605d03186e070012be84c5dea9406f4067c07ef7c5ccd50aa399ec90bb3c7bcb65030d7cf6234","ssdeep":"1536:Hg62YCdvJWD5zcs/FGAFmu2J7hLSFAmdNb2V6WEvwpVkAPWWr33qM:AtxW5zcssBVJFLNCNb2kzkVkpWrnqM","tlshash":"91731222c523bf9908717e948403d04bb9205562d2e43b0a97b26adf6a334fe39d5ff5","first_seen":"2026-07-10T09:45:03.461412Z","last_seen":"2026-07-12T22:01:35.290266Z","times_seen":16,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/6820-e593c9faa2a09980.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.305Z","timestamp":1783893655305,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/6820-e593c9faa2a09980.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"29fc-19f2fbf1600\"\r\nlast-modified: Sun, 05 Jul 2026 00:48:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 598358\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6fOKhFtB0OoHa3SV3uZ6e8vL076k4LsQoJCT0eu9XCGQASeOh8Uj1hYk8wi9ncxi4G5lKnmbVbVHPitb2af1v6s2YUZuJ3o%2FxHGcuuCHooZeVZmAWKxNTquXX4w7lA%3D%3D\"}]}\r\ncf-ray: a1a352d1a92cb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10748,"size_decoded":5245,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10748), with no line terminators","md5":"5c1e6130f49137ec5692ac319914a3f5","sha1":"e2db6215232326cd4d627e0f60c9a2c0ebc01c74","sha256":"131356516768ecf2507d0f76b9a7e9908b01e31dfc8df88329705d2e2afc3222","sha512":"d69ad7e662752ba1072c4de3574746de1675d7c123fc8c86dc45531e3ba9df2435998247276573ffc511590437f9cf1f4a3eab9c59d8e0ef9dfb3fc717e73b12","ssdeep":"192:WL9p3LRi2cihbDVksxQTu5c4tMSojxugZNYOHCh0wMcGW0T2vJVkwkFFtzQj:WL99Rx2Tu5cAMJVjiqwMcGW0T2vrkXbu","tlshash":"5422c8d9b5d1f8a583ab4090443f100bf2795d75281e5184e3f95ceab9a045ca2f2fa9","first_seen":"2026-07-10T09:45:03.49158Z","last_seen":"2026-07-12T22:01:35.290779Z","times_seen":17,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.326Z","timestamp":1783893655326,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-type: application/javascript\r\nexpires: Tue, 14 Jul 2026 22:00:55 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PMhJo5aasXNRjA3HrW4RR1Wxj%2FPOys3BhzdSmBtkMsF%2FIuz99eK%2Ftg5vsK%2BnBUH1m%2FjLABmdgdXp7jEnwVPyQs5J3%2FOBk4fRA7ol3bHLsczI5BUGuDgtkFuVmsEWfA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\nserver: cloudflare\r\ncf-ray: a1a352d1d93bb4eb-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":1294,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-07-13T12:16:58.694482Z","times_seen":394696,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/games?category=slots","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.069Z","timestamp":1783893656069,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/games?category=slots HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IPI7nlSpte9qnMx7SfPf0F6h18VBSAfyUBst5amm8FMSC5Uzz%2B4JaMRFmkzlr7BmnU6tK6bny55pkTtbb3wCrKhDDO0k%2BF7V1DJcaxLt9i%2FeoZW%2FB2zTBqGrMy78tg%3D%3D\"}]}\r\ncf-ray: a1a352d679d1b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":63477,"size_decoded":8405,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (63297), with no line terminators","md5":"c331d5f1893b478d08375b0bc50d68ff","sha1":"aa4291784773588400e363945c81680f3e1ae4ff","sha256":"bc505cd7737b683a57a012a20e85c46d010189a631ccb63361275aa4fb937f75","sha512":"edec89bda7b3603a530390dcf158707897973ee6e2d4f1c39b48884ed1de2b20a2b4c25bb22ea7af76a2ac30ef4956618e640b21bbb68d10165fdb5b38103dd9","ssdeep":"768:jjQHfWdheJwziaJM7HQ4W1XqOyJZu4Ylf7mlzG/b5UQS324z0ozqAr8yXApxEHV5:7ex3oxateO69c","tlshash":"b953633d7a6cfca4c78a88c655933ec9d52cb55752000c25ba4bcf3cc8e48fa6e1995b","first_seen":"2026-07-10T09:45:03.570635Z","last_seen":"2026-07-12T22:01:35.291909Z","times_seen":16,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/vs20doghouse.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.508Z","timestamp":1783893656508,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/vs20doghouse.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"c71d-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r8SPWSt%2Bqj3%2Fj%2F8TnIoHuDl%2BpzyN71zhSsJdKdlW5fSXMnuHtgU2chZXRPWGWCCf7ZOWSmawz1T4m8s0KS5WVV0oOJOqmUpnegCTXZUuDuGA12F3Oh5XiDQm4mTfCg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d92a0eb4eb-OSL\r\ncontent-length: 50973\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50973,"size_decoded":51904,"mime_type":"image/webp","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 360x472, components 3","md5":"e01e7dd2ed5b17e02bdeb34c09d2afed","sha1":"2f200ecea22af3478756569edfb30b72e45dde54","sha256":"1d195ef122b4e40d3305fc65cefaa7c5c967c1688533db98da9a4bad93a2c7ef","sha512":"038a542ea1cf08126b558d06a1025b3f4751c3af2bf7a388bd79678c8f5867c88c596513cd4d1a8035632783c8deddfc0999e9261742d81bf6ce4883c2063b14","ssdeep":"768:hYyBIClez5YsfIlCTuxHhs4QVz4cQ4ZgXrslVtBzLsaJc3sg2UlQlm90bE+VJp5p:h9plemtlpeDVzxos8Sc3zCweNfvv/31","tlshash":"3433f2f3bfffd21bf879f235c0a925f1433916b61329925bf1591b2c10906c8295984b","first_seen":"2026-07-10T09:45:03.447671Z","last_seen":"2026-07-12T22:01:35.292417Z","times_seen":16,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/news/vip-program.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.523Z","timestamp":1783893656523,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/news/vip-program.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"fd78-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=idEkosb1uZxzfdaS886AZsQu%2FByUkycwE7Hqo2aAUy0aKPDBBhX%2BT4vC58ePzpFRgr38Ju0ZyIuNfudGYOpGva%2FiBz7ZhF3V9Twosn%2FkD%2BM9sMxR3SEO9LhWfVtvMw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d94a18b4eb-OSL\r\ncontent-length: 64888\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":64888,"size_decoded":65895,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1376x768, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"88ab20969a88612e5b824dc2ffed874f","sha1":"317985035c8e49154359d6f5a4b94e2a0014d5b6","sha256":"cbd580d7fbb3883f97bbbdaab03e539d2157d988f17588e34fff5cad2673f88f","sha512":"ee565e3ab3f1e3ed850cc0775f581d609f90eb72759c92f07158f38f6ffc7b6d9c61bf59008aa573061aae49c50605edbc5c968d0c0873fe6e81b3f8a0259022","ssdeep":"1536:ot4847WWBWi2e6kdL3TL9pAZiYcwrqVK2t7QHL4l4DYvR88:ot4lCWsi2yLP9pA5rqV3tkslZRF","tlshash":"7b53f143b743358d304fecb1809b3ba88aa9ce769c45dfd8c54ba8851e7538076cee49","first_seen":"2026-07-10T09:45:03.439321Z","last_seen":"2026-07-12T22:01:35.293218Z","times_seen":16,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.657Z","timestamp":1783893655657,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://varewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 36932\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 04:44:35 GMT\r\nexpires: Fri, 09 Jul 2027 04:44:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 321380\r\nlast-modified: Wed, 10 Sep 2025 16:31:03 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":36932,"size_decoded":37745,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 36932, version 1.0","md5":"7c87a648293fbb5b2924aafaa59e8aea","sha1":"c57593e0adc4cf99dd9e67cb782242220a061a9d","sha256":"9fea608a947e67020c33cad9a6fe3d60c54119dfb8cff87768a8117a15ed7543","sha512":"764ced325a768dca84e1fb0cc458818239ce379dbcbdb324ee8849bbe15f54e3f0254ae6e52ee5a92741840637b4f9885d246a0978af23176b3acfe5b9cec23f","ssdeep":"768:mMQPOAQQKW6GccoXQ+OGpHNzXgtDM0SVu7P3nqtPl9Bf2csDpHUjbYE8j2:mMQz4W5og+tpH6tDJku73EPlPOcs5U/l","tlshash":"c0f2f23e7ea5691487c2b0be506b00935344c9bd37c18121bbb953f44ea67addc5d63c","first_seen":"2025-09-11T17:08:25.889763Z","last_seen":"2026-07-13T12:08:36.203591Z","times_seen":29708,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":50,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/predict?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.207Z","timestamp":1783893656207,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /predict?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TXPmDNcaNJlWvW5Xe%2BdlXvtdXybKMX6M2QmcLpbNiG8cK0lzvQCnofMR9JIFT%2BlNvIhXTo7wXKG5tvyF1mFgONWeV4RsAi745VUyB3jSWwZHOkHmtifn6Y2xE8HbvA%3D%3D\"}]}\r\ncf-ray: a1a352d749e0b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":154,"size_decoded":1194,"mime_type":"text/x-component","magic":"ASCII text","md5":"427ba4325d78cf1b03cd9964bebd615c","sha1":"a319f409b20da4e7d3634bf3205cc481bac13b3e","sha256":"8f1e1cd448797cb2d551ffeb3ce2489a5189923888b37b971e38affc2562f8fb","sha512":"5d900b3a39417f099124fe928959ddba295143e3adfecb9c1329bbfb91722fd9505a1d8f1a59b41f965b2ce8a504f9c13d78c9bff486e348d5344979fed95c32","ssdeep":"","tlshash":"fac08c3a420b3ef5bcbb28aca4aec60f360e410b21c418f0d0924a10a73702105039e8","first_seen":"2026-07-12T17:38:11.79463Z","last_seen":"2026-07-12T22:01:35.293885Z","times_seen":8,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/app/error-33d1788fed5ffb4f.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.323Z","timestamp":1783893655323,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/app/error-33d1788fed5ffb4f.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"93c-19f2fbf1600\"\r\nlast-modified: Sun, 05 Jul 2026 00:48:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 598358\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=phIiy6kenV5eZ23Gnub9ljZd3lEPWseFIrvvZF%2FP35sKKj9xcMocAXilTa12466N5MRgr%2B8ktsbzJU585LLh9ED57q9LBSl%2BR9eVCahpPhaOIP07IZ8syi0603uM6Q%3D%3D\"}]}\r\ncf-ray: a1a352d1c93ab4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2364,"size_decoded":2128,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2364), with no line terminators","md5":"5127c8a0bf18bf19c981c4c0f5fd3b5d","sha1":"f812e3d7611042d8be29a2491fa3cbbaf991d54a","sha256":"937b53427e51b436510f6512d504cecc2f6b5478328d3f8e1ce04c45758345b6","sha512":"46314691bf04c743c678ec3b850bf7fc634132b3102eff1279ab430bee9398efe937e8b5021231f5193dbaa3e459cdc12bfcd4e31160df42ac8d8f7fdebdba59","ssdeep":"","tlshash":"cd41621766056e18f437c94877ff900c71eb4428712ade7867a89d3a11d64e53a2b7d0","first_seen":"2026-07-10T09:45:03.569736Z","last_seen":"2026-07-12T22:01:35.294604Z","times_seen":17,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/wild-west-gold.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.344Z","timestamp":1783893655344,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/wild-west-gold.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"1267c-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OO9U7I3ybI4GS%2F5Qx36GvE2oeRS4WsQkjwfIyfRv2fb8721XkkbXoXrl%2BID32wgdynipCXCpPB5cDKt0%2BrVbmZ4c%2B7u%2BoWpkMaFavXz3Wm3qCR3UlmN8d2iA6X4xpA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1e946b4eb-OSL\r\ncontent-length: 75388\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75388,"size_decoded":76396,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a4d08f2ce7d608f3f8c032b0822a72b1","sha1":"4af5325f2834e09cbac50c22145eede287e20ea0","sha256":"3f856fd2ffad9148db6e06b06306c8753774c51fe02bb3f189702b14d0be6a30","sha512":"e182a41e1df5f49e6bcb4212c0ff417ad34a0534fa86c3f5f8350230b00325b85b15f065202c4745694b6e742793208ffd6ef59fef11f2b3f62f212f1ecb72d9","ssdeep":"1536:xCht2pj7iiYngyCZguVap90E6+dd5QHIyJtiQj3Yj339wQOVMP:whYp7zIDuVapeEjdd5QHVt78j3tIOP","tlshash":"c77302ac830ce2953ee17c7bfdd56457c0804ae6326b5ec92a01b4d61737ce5cad3a1a","first_seen":"2026-07-10T09:45:03.496757Z","last_seen":"2026-07-12T22:01:35.295138Z","times_seen":17,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/slots/trytostart/games?limit=2000","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.075Z","timestamp":1783893656075,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/slots/trytostart/games?limit=2000 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ylbxlfz%2BMmBgtlUl0A%2FzBHU8Ycbt5u0o1i0wG7bhwXOLnnlSRwSRS1Fp94X3tUk6BWi9WZhs5v7kdDPKv%2FNOhGKttC4N93uObxP8rOENrjC7WtKATUTEYOwvdLBZKQ%3D%3D\"}]}\r\ncf-ray: a1a352d679d4b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":180338,"size_decoded":26392,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (65414), with no line terminators","md5":"d7c45617cb85a52adf093f316fc7d45c","sha1":"d763185a59e74e7a1530d393816bdf27ffb6fc7c","sha256":"f93e5113f827ce3143447538d37682d26223c5a08f19b1cfda71f535a14c02fc","sha512":"47b38b77e2c4ab2aa78fa751bb0552d0b8ec7750a5d3484feda461f299f5d36badba906fd0067bf2645e4c6943c6f04ea65ba92d3672ea4baabffb4fb632d5b9","ssdeep":"1536:l4bLnxB3csxYr5PDZsBTBvUkB0R0UASGtdyDtQ5eb4aei5QfQ7Q2MZsgmTHqBUc8:nnLhBld1y4Fk59oJga59XJ","tlshash":"6e04376bf85ca96ec53cae82adc34f9ed1dca24251815c0d60c68e3dd1e2ec31a19fd5","first_seen":"2026-07-10T09:45:03.500531Z","last_seen":"2026-07-12T22:01:35.295639Z","times_seen":16,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/play/vs20doghouse?provider=pragmatic\u0026_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.746Z","timestamp":1783893656746,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /play/vs20doghouse?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YR5lxd7hg6jJ0EQaqmcYO5jS72kLlUBxD6TBnFj2qKEBxoe62sKcS385SOgxUKqABWBlWdejLWFyzucPh%2BfdXvhCw72%2B5pR3jQAwErvgNxR6vHWqv8EiBfHOFoZNew%3D%3D\"}]}\r\ncf-ray: a1a352daaa3eb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":220,"size_decoded":1232,"mime_type":"text/x-component","magic":"ASCII text","md5":"d120a3dd10cd04cdaded6f8651558d72","sha1":"ff94165ee7679977ab16f4be9592f4c56316eb14","sha256":"c829a2a6598f90e23a2233b34f8287e3c80b8ba6715dbc0d9660c68ee3d4dcc0","sha512":"65fd30ddbe8d7856f6e86bd8a620e9fb7440e39b6fb799d8de2aa442dc4474ab81d45ad071b71593db908cf70ba3ca0bba37f53d0ff209c572187d343ee04227","ssdeep":"","tlshash":"7ed0972202053bf16c7e2888007cc68f740f104ba0c802f180624a3593230311a035e8","first_seen":"2026-07-12T17:38:11.679649Z","last_seen":"2026-07-12T22:01:35.296243Z","times_seen":8,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/avatars/avatar-04.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.163Z","timestamp":1783893656163,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/avatars/avatar-04.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"94f0-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BUko2AkYFzmA%2BZsZKCdZnyifb%2FLZB1ZgINRhk67%2F4Lqj%2BVXSpdEsDYu9O%2BmdfhrChmR7JFOud08MV859EAPOnCb%2BOqUH3UQbAx%2FK%2FySPt5ZWap6PoHb2bgtqeR0vhA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d709dab4eb-OSL\r\ncontent-length: 38128\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38128,"size_decoded":39143,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2d1c641d7f049af251a09cc0612e3d4e","sha1":"78322f070a54ebf93d74d7a8c0866f7db2881f51","sha256":"648865fa8c4429e627aaba9d6d51567f845c8aff7b8342ba684d2e014e4538b8","sha512":"31349595037ecd2825a344ce198fc486a4839bbe2ed62424cc1dcc6eca865ea42166a414b44da70e78d2ef646f1dd60f49e0e7613794ab0f4d127c3a71821f88","ssdeep":"768:7RA7zfI1kCGn8v2gRs2OOq0UY5paW/1xlY5njEaClicAsp3JLgwhzR:7RmfAynLge2OOPmM17YuaCli4p3JLLl","tlshash":"7e03f115d030bf43b8a5c5b5c7cfd8c62e9adba542bb83e152540a8410af1f1bfa2d21","first_seen":"2026-07-10T09:45:03.517578Z","last_seen":"2026-07-12T22:01:35.287301Z","times_seen":15,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/vs20swbon2500.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.520Z","timestamp":1783893656520,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/vs20swbon2500.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"7652-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F3GFUVZn30NG9GPuVabM47irLAYBgWZSegcqqyQ77pRidzIlrTk6XS%2BSvrP9CisB0opcoGJcOB3Ou45C6eTzVIMlLNi%2B8vT1BZ43u%2FiAtJDKALOMJFvoyohWx2p%2BYw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d94a16b4eb-OSL\r\ncontent-length: 30290\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30290,"size_decoded":31218,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 408x546, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ef7d1293c15a0467300fc4ec94aa0962","sha1":"68b0e661714180d5e68942a2537189d272038cac","sha256":"67a835363fd4f746517982066ee9325d6f4d5f7b2f551318194e1476b4fbf805","sha512":"a627528c36d388eebb82ddc6e357cb5973d96cbb94f1ffcb40c09b1e1a2f4e016cbfb52796b6621f5554fee680fdb3835c5f442e0b3c9ee468bad9a65b236b17","ssdeep":"768:a/wZJQB/bTR3E7oM3TXlsKiyp8ILpVz/t3/EtFBtheZyK:8wvQB/bZE7oM3Tl7xyILpVzl3/EPBth8","tlshash":"ead2e16738a19715e14e0373c15b88d0c74fd50ab883357e807786c5b0aada692e4ff7","first_seen":"2026-07-10T09:45:03.43836Z","last_seen":"2026-07-12T22:01:35.296805Z","times_seen":16,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/branding/crown-loader.mp4","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.460Z","timestamp":1783893655460,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/branding/crown-loader.mp4 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://varewex.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver-timing: cfExtPri\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: video/mp4\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"38c7a2-19f1a251a38\"\r\nlast-modified: Tue, 30 Jun 2026 20:07:47 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncontent-range: bytes 0-3721121/3721122\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Lfrg96%2Fs%2BXAoVd5BWCPGV%2F6WKbwTfxNQVRNFmwaHHGQ6sSXGo4IxOjNAq%2FVzuxsWfaocmprSr7SriEWebhZPZXYzYtkcWqLt0ld8P8AyJoNsBw0xZ611Ws%2FTtAiy%2FA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d2a969b4eb-OSL\r\ncontent-length: 3721122\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3721122,"size_decoded":3722155,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"3a3c1bd7ef11371fa3862eb00bf4b609","sha1":"a132818eeeb6f0250691ca8c45474e0a92426897","sha256":"d089720c9cb4c13801367ed6c65dfdc0265af460d3275162c29134599759b65e","sha512":"101d5d2e3e29d961ae1a220b69df3fa5e72d84f48a2625a725b27a803d96c734efca12c8b13dcaf21f542fde6a4d94b9d80ba62f46203a743108aa735a111462","ssdeep":"24576:c86szvinuPYZLGtBdv+I0q7k0z7R6u9DJal6751INRU4w:menPBTdZDk0XMu3O6sUZ","tlshash":"2a2533d0c70a88dbfb55637c82489e433fd38ebdc60a06ea95d62945deb887671b13d0","first_seen":"2026-07-10T09:45:03.54451Z","last_seen":"2026-07-12T22:01:35.297322Z","times_seen":17,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":162,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Rajdhani:wght@400;500;600;700\u0026family=DM+Sans:wght@300;400;500;600\u0026family=JetBrains+Mono:wght@400;500;600\u0026family=Fraunces:opsz,wght@9..144,300;9..144,400;9..144,600;9..144,800;9..144,900\u0026family=Inter:wght@400;500;600\u0026family=Caveat:wght@400;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.471Z","timestamp":1783893655471,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:24 GMT","end":"Mon, 14 Sep 2026 08:37:23 GMT"},"fingerprint":{"sha1":"85:D0:EC:C2:01:33:25:23:96:FB:2B:54:90:54:84:07:0A:49:1F:03","sha256":"9D:7C:1C:9C:6A:25:1E:17:E0:DC:FD:42:95:CA:47:3D:C1:9C:20:FB:22:47:02:E3:27:EC:7C:62:03:30:83:BA"}}},"request":{"raw":"GET /css2?family=Rajdhani:wght@400;500;600;700\u0026family=DM+Sans:wght@300;400;500;600\u0026family=JetBrains+Mono:wght@400;500;600\u0026family=Fraunces:opsz,wght@9..144,300;9..144,400;9..144,600;9..144,800;9..144,900\u0026family=Inter:wght@400;500;600\u0026family=Caveat:wght@400;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 12 Jul 2026 22:00:55 GMT\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33010,"size_decoded":2222,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"32e4dddb9ddfa22e604b89feb79021fa","sha1":"85662379533538a20c85b10fbcb103096a5c0f96","sha256":"f2b588ddc7fda434d3958e3290a0ce63b7a78155d9aede23ca79cb2fb55fa7f7","sha512":"6b3f36bceb7273ac0bd5b7574692fc5a64d9331e937271eaf31b1bc253a029e9d4fbe24db0f7f24e332a5d6639f6ea56c7cb1b9f6ab78c74350ae29547668589","ssdeep":"192:pRZyKjgRgPKmZwi+EwD+rw8+Owl+M0M0MEJMwpMpMEUMwXMXMEeMw1M1MEoMwWME:TgDkisM+N7xTXuM0pxOGC6Ca","tlshash":"5ee22191042ba400eb831cc233cf7e36ae8e61556085d5b99ffe1c98aceac7a537475d","first_seen":"2026-07-10T09:45:03.555282Z","last_seen":"2026-07-12T22:01:35.298168Z","times_seen":17,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":2,"connect":16,"send":0,"wait":40,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.660Z","timestamp":1783893655660,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://varewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 01:48:42 GMT\r\nexpires: Fri, 09 Jul 2027 01:48:42 GMT\r\ncache-control: public, max-age=31536000\r\nage: 331933\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-07-13T12:18:10.107777Z","times_seen":233449,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":21,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/deposit?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.554Z","timestamp":1783893656554,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /deposit?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TLER82k41016q8xDm3TuwGg1eLwKogmNxGRy4AhKqgBrlNSIFTuQFN%2F1pelfiWYnuIJMpPKMFGmg8wxQ30LOIEfx0n0ccbPmcYRDsGmXfESXVUvzNOoqfyef6HKmDg%3D%3D\"}]}\r\ncf-ray: a1a352d97a20b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":154,"size_decoded":1193,"mime_type":"text/x-component","magic":"ASCII text","md5":"9876c10da7ccffbf190536b98dd3372e","sha1":"e514dc4db0e327e868e419c1d127c2751249764c","sha256":"0b92f700a78f7e4589dd7a1033cecd337cf04e41b2a2fd4c475f0173218bd3d3","sha512":"f0090ee4f182e4278813a920edee2da3fad2083e2c5e1ba3fca8ff791919278a02178ffd24e7fd7fdcfa5aa5e0e6272e9a372bc46a37dddff7c391f14063daa9","ssdeep":"","tlshash":"a2c08c2142093ef96eba3a88656dca0f260e410f21ca18f4d0925f20b7b702204075f8","first_seen":"2026-07-12T17:38:11.665541Z","last_seen":"2026-07-12T22:01:35.299012Z","times_seen":8,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/avatars/avatar-07.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.165Z","timestamp":1783893656165,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/avatars/avatar-07.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"450a-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nr4QLEWICnPiH0%2F5b36T8f9rz41Vkw3sJD9MCNaJrPP6c6WeLREuyAbeNEU6HztvWor2PIrNApfwLLnfHRbarRNKtzdKaAzrcNcogYLe%2B2wr2dDGv7luA9gQMJ%2FqnQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d709dbb4eb-OSL\r\ncontent-length: 17674\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17674,"size_decoded":18677,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2f04ece7f55be80ca5c7c5a84b68a4d9","sha1":"19c15be6f6ccba61003ca2bee22fda50982d6453","sha256":"e892676bd399ec5732a3a5232893070177cf3f4a252990f59d2d9ce96e2424e6","sha512":"6c749d39b3e718788b42c0067b1488e0e989bbbc1c6b8bf75de9811acf26cfcdf47bbae2a6fbfdf5c8e0377747b62025fe28a59a3e246892eb1330c90272d619","ssdeep":"384:WLsoy8QxUzRTQBlEXypgyXGS2HxN/XhA/YDmNAB+:WL5yNxUAKyptcxN/09","tlshash":"3d82c0b1e3cf6b19e5b19e3c9c94b24248ba8949661d023da4ed1f090f84f475647772","first_seen":"2026-07-10T09:45:03.493916Z","last_seen":"2026-07-12T22:01:35.299506Z","times_seen":11,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/vip?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.549Z","timestamp":1783893656549,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /vip?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y9r4EVhfK1rvEKs7CiQm24e13gknBoHws0fqKYtK9s6qFrW3gt%2BdLpjpgd27ebkWD3s9dJdKvSPr95D9L9Fw1QrKYflQikVxp1ZJ9LwqGOdIq1PWcCDOODqshjT9Mg%3D%3D\"}]}\r\ncf-ray: a1a352d97a1db4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":1188,"mime_type":"text/x-component","magic":"ASCII text","md5":"9031317fd0e3ec6aeda46a94c6ed7377","sha1":"9a8ea25a9dcc5262d71d07d196082de5048cf31d","sha256":"de9c10d92f2ceb5be34715f7c33ec394dee95576adaf6d07ba05ed243a05de2b","sha512":"76ef7a530b2231604ff64a7a961a4c91548aa2cdf60c998c67f571a2dba109f4cb84860c2d5582bef620b24aa0ac9d86baeb4863ff1e2d8250a9b7df9368d9c8","ssdeep":"","tlshash":"e8c02b3146083ef66cbe2898456dc70f360e420f30c810f0f0934a10b73b02028075e8","first_seen":"2026-07-12T17:38:11.801639Z","last_seen":"2026-07-12T22:01:35.3Z","times_seen":8,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/1255-c32318a942e40e3e.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.301Z","timestamp":1783893655301,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/1255-c32318a942e40e3e.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"2a3d3-19f2fbf1600\"\r\nlast-modified: Sun, 05 Jul 2026 00:48:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 598358\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S8JXFmIAXCt33OisZP4r2EFazN5R0svn47yO%2BWHz5A2VNFo%2BViONtfCft0NST767SvJLMBdieNbtwmmk%2FSotnLCWqc3RaHKcwMIFNQ9vNqUyvxE2jw2uVPvIRcxzhg%3D%3D\"}]}\r\ncf-ray: a1a352d1a929b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":173011,"size_decoded":46828,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d0655ecf061ed2032b2ed77f5fac4960","sha1":"bd73869341e65531e389db448125d6aa1b94dc73","sha256":"da0b6bb480869080c97b8a651145be0afa28d583e9f61fdbf836fbaf22be5ce3","sha512":"848f838f84fef605ebcdfe400206de7557e437dbc80169c2fd494308da5747a6fa93547706a1a590b39d20aaf9587ea08e5bb71a162734255329beb93bad6485","ssdeep":"1536:bzigN+8/BhcO5HYHqLVcXo7yIzPr6Q04ToTlTx1p7eChTtaocZXxreXRNIrky/Sz:379LmA+sy4r904Aj44RN0z/Sz","tlshash":"f0f3dab636d0f8d107a780e5843b400af3291c3b146f74a0a3e6dcd975645dea1b3faa","first_seen":"2026-03-28T22:09:22.209351Z","last_seen":"2026-07-12T22:01:35.300715Z","times_seen":26,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/hero/hero-prizes-v2.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.340Z","timestamp":1783893655340,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/hero/hero-prizes-v2.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"155a0-19f1fac3ba8\"\r\nlast-modified: Wed, 01 Jul 2026 21:53:29 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9B0%2FkAvOnPWdEVcEJY8JzmWMa%2FcfISZRSlNWjNbZbnvARgoAoV3p2ciDULc0sgwmqR0Fpr4kFkbz98Z3FhI6tnD5DBBlAzTO0PEQy%2Fd%2F8S92rZPOUOA4iA1A62ObKw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1e942b4eb-OSL\r\ncontent-length: 87456\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87456,"size_decoded":88462,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1e7ed6564b4d9f84e96781b9f7f3d7d8","sha1":"1c1b5e8bfbd1b7909859580dfee74bb9861ebcc1","sha256":"339e7f1e59b63184d606ae519a9ea274592c7b4b34020e875c699314d0cbf9e8","sha512":"cd39a863674a89ab3f65991de5f0120671fd82ce40a75c40506d65c05a7d30d934e44423afdd6c8ed8298ac1584a931bf56b937e9e278f34802971bad23a072d","ssdeep":"1536:1lclA3b1Jy6Q84I1VZzbTRDN8hc0nvFITLbleMrKHMGR7Q1q:HclA5JdQ9ItfhuVvGTLblbG1Rp","tlshash":"9c83021e431f503eee71f1e4b3b461f7c11ae1a822d8b4f6f45a48411b196ab4abf948","first_seen":"2026-07-10T09:45:03.577676Z","last_seen":"2026-07-12T22:01:35.30124Z","times_seen":17,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/avatars/avatar-09.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.160Z","timestamp":1783893656160,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/avatars/avatar-09.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"3b6a-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pCFF1vSM5lJAEhqLaNTLA4%2Fd14Wt7bXlqMR%2FE%2Ftap8QLVijTfjbigHORthW7xIRrjmyRd2VB4Gg2y2pI%2BiKLI%2FLH%2FT53Cs4gVB8H8c4p24gxSDNKqkIx8vaThElD%2Fg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d709d8b4eb-OSL\r\ncontent-length: 15210\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15210,"size_decoded":16221,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a78743d1476c3c31c278098d05aa442","sha1":"0171fe525153dd0fb03255535502ecf1262e0458","sha256":"c3e6f099611d8d3faf622bf7a6f48302be66da2d4a26e2463f8977462024ae11","sha512":"415db81487d3880d7725c004ae56deee7809dbcd6a946761bd15aafa00ddb2d24b21a2a48c93f3db855114b2d4a698115d3612473cbd7f13fbd95668d4e776c3","ssdeep":"384:NbMdd3BQ7u8wpujsdFXaNfo+PQ615yq1jQS0w:NbMdrQ7ubkwdFX0PQlqpQS0","tlshash":"f3628d09392245a4dfea2bbafaac160f88338c773c2105ff8d3491167503d91d7b9b24","first_seen":"2026-07-10T09:45:03.573888Z","last_seen":"2026-07-12T22:01:35.301749Z","times_seen":15,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.209Z","timestamp":1783893656209,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZXmCWZallumLJYGD8otc6QUUxvEcZxlL6iFmRoeH13Ej%2BYP%2F2etNI%2FhTQj0YvR%2F%2BFI2bZsk3KFnulY54pT1B154XBZH35BWzjBa6gsB%2FPz1PTPOcBeVkEX3dv78DLg%3D%3D\"}]}\r\ncf-ray: a1a352d759e2b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6494,"size_decoded":2730,"mime_type":"text/x-component","magic":"Unicode text, UTF-8 text, with very long lines (3468)","md5":"a28936fe4b1fb45d387a39907443d355","sha1":"6972a28c6aab3e498038d29fbaf3ab34b124d036","sha256":"220aa6a6baad3fc01a29f4efe7baa43e362d2bb39a1d4e5674badd59221f33ef","sha512":"a1f26e4c76c7690ef3652de312f15ab4c143302efbaa714806fbb5f1459ecc1098c74802e0f58879bfb3a9ad116407b08e85428083788b29e06793f81c32bfa7","ssdeep":"192:Wp9Id4t5LqJgXf8N9NuNfNoNRNSNzNMNFNHN2NFNMNbNaN5NQNMogtOES9Qf35r/:W8IiPQl+rchK3tY3KpEzmEsm","tlshash":"90d17b3fa6024a6fd6ff4142445f1289771c4f3eeb60ca66c0ed1e39068a99c7f89365","first_seen":"2026-07-12T22:01:35.302312Z","last_seen":"2026-07-12T22:01:35.302312Z","times_seen":1,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/lipis/flag-icons@7.2.3/flags/4x3/nz.svg","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.283Z","timestamp":1783893656283,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2026 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 20 May 2026 15:48:47 GMT","end":"Sat, 05 Dec 2026 14:48:47 GMT"},"fingerprint":{"sha1":"D4:05:C2:EC:C7:EE:2B:D0:08:68:0D:3D:33:77:48:78:43:E7:D1:E1","sha256":"ED:84:90:EE:71:BC:6B:5E:B3:D2:50:B0:23:3A:06:0D:E0:50:C6:B6:A9:09:36:E6:CE:FE:E8:66:89:EB:4E:C5"}}},"request":{"raw":"GET /gh/lipis/flag-icons@7.2.3/flags/4x3/nz.svg HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-length: 642\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: image/svg+xml\r\nx-jsd-version: 7.2.3\r\nx-jsd-version-type: version\r\netag: W/\"87c-kuVFN1aapGTztuQPN7yl3EBdFaM\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\nage: 984711\r\nx-served-by: cache-fra-eddf8230113-FRA, cache-bma-essb1270055-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2172,"size_decoded":1388,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"229d2fadba8d00df102927eae199d46f","sha1":"92e54537569aa464f3b6e40f37bca5dc405d15a3","sha256":"794a2c8c09796090ab748a74bc35aed825e701eaddc46b138f300401ac9a25cd","sha512":"30b43f270300cc3e8cd4aea0f4e234c24dd5028b71dc9cf33d199fbd6479b120c92db29a4c7741f26b156ac7a561460b46fc37664eb01a32d23f1b19ba9ea70b","ssdeep":"","tlshash":"8b41a080a5d6001dc9399300c7ccdecc9a1fe0db92432a97f6266dca67796d64c9a38a","first_seen":"2024-07-30T15:59:14Z","last_seen":"2026-07-12T22:01:35.303292Z","times_seen":199,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/login?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.630Z","timestamp":1783893656630,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /login?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fs7v0zdhEYzWwTGP3sZJSxo%2FbyLc7ubkFsErgwC7aJTXvE0vvV5KE4TiVMmEa2KcsV7%2FxnqU4FxI82GMpUE7SnY%2FD1HZV%2FecIyG2tZ%2FvhVSkTbs2Uleu2p5mxzYvRA%3D%3D\"}]}\r\ncf-ray: a1a352d9fa28b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":130,"size_decoded":1189,"mime_type":"text/x-component","magic":"ASCII text","md5":"757bd258af89053ef88d4e973f43e89c","sha1":"fa2d69810ed2575455cbb8c822eab15f54f417c9","sha256":"40cfb2a00717929e54dc53bb7372baebc53d67ca4fcd31c0a8c4912fcb494b72","sha512":"1676769f2db650436ce9f38dc74ac43ddc7277afc5d20b3c616a0919f82f6328d10839e3544455b48bd6c25dfbed9b7cc26b06cd417ef19e1987adf8c5e2d61f","ssdeep":"","tlshash":"b8c09b31870d6df55cfa25c1421dc79b761d430b21d459f4d1b15b106f771215a475f4","first_seen":"2026-07-12T17:38:11.666876Z","last_seen":"2026-07-12T22:01:35.303828Z","times_seen":8,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/register?_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.633Z","timestamp":1783893656633,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /register?_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eOPROEIJ5hkPjxFl9O5dk4FfzvDrfhkjUwrl0cUFL1ZWabK7telmG3VDZTsBK39gpOjpvVFiAQCREZ7Fc2AXgt4RvjPCoW49gWPn5%2FrqihhQ6TEGROAEH1xJ2%2BGEig%3D%3D\"}]}\r\ncf-ray: a1a352d9fa2ab4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":189,"size_decoded":1207,"mime_type":"text/x-component","magic":"ASCII text","md5":"a32d94d91933902b4b05f3c8a735b560","sha1":"8920b174f43f30bbe53a5915b17f6ccfea6df3a0","sha256":"61e50f01d990079ece93a0c44410d3219ed663a3dcebb1fae2d4093bf2336dbc","sha512":"f4d80ee278294aa87a8a3ad34739cebb09409993c23c82e4c397b4fc7acb0aa0bc739c8ffd649aba0c45384582d03351f7f41cf2255e1ee289e7b4e685b7aff1","ssdeep":"","tlshash":"fec01227860c29b75cfe25b8042dc60f661e853f239454f0d1912d75ab771399d471e9","first_seen":"2026-07-12T17:38:11.797511Z","last_seen":"2026-07-12T22:01:35.304475Z","times_seen":8,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/app/(main)/page-1242cbe80559576f.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.312Z","timestamp":1783893655312,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/app/(main)/page-1242cbe80559576f.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"111bc-19f48011f88\"\r\nlast-modified: Thu, 09 Jul 2026 17:51:01 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 274071\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NcP%2BqPZIEe2M3VJmVT5p85%2BSsnLFE4lM72y4BLWkU5zKYNFRjVuZjDHo0FGS3vdGHZIPy8gKYGjIeBnf2RrR3oWMolcDN6yrE63Qh7NfIdDSLtZ2D7J8J3M%2F2f%2F1zw%3D%3D\"}]}\r\ncf-ray: a1a352d1b931b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":70076,"size_decoded":21636,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64865), with no line terminators","md5":"2ee880e294b488be8baf2ca00c36378c","sha1":"8097afdbc5ddf81116d40b3ee666e00de6c6f3e0","sha256":"ef032dd04b290288f2ae2edc7770a8d5b9326fcef21f5bc58b25227269543da0","sha512":"3eb17709c4aec980db281cba79a3b2a34ab80a6faa5937533e6b892184a66f54ccabf143dbee2d30eb530a94f2627e766a7452702e844f442e436f1d413dcf8c","ssdeep":"1536:7cJf0hkZ9geTeIY6rGa5cd1Q8g993275WBWVQ4u:7y3ej6Ka58g993UZQ","tlshash":"8863193a975a7918f837ca8c769f410cb16e4528a34e0db4a7bbac3113854f4b667fd0","first_seen":"2026-07-10T09:45:03.50869Z","last_seen":"2026-07-12T22:01:35.305089Z","times_seen":17,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/images/cga-badge.png","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.382Z","timestamp":1783893655382,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /images/cga-badge.png HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/png\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"407d-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4UJY50e2Lsx70CEnS56Hi%2B07fHqNHCaEIz85qUU8c8Ni6YxcGa4N1WEMrEB4Y60ud7BNV0xNSMLyYcCx0NrK3EokZsUXNf0up7TdxQnM9dwvOBv%2BZA1hL0%2F5cz8kpQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d2295db4eb-OSL\r\ncontent-length: 16509\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16509,"size_decoded":17437,"mime_type":"image/png","magic":"PNG image data, 625 x 388, 8-bit/color RGBA, non-interlaced","md5":"af14168ff77d6f9b2b12bd8654d4ad86","sha1":"fcf4136dd6768b58f4b741581aab701c5bb4adbb","sha256":"90e8c0ae68316e5fca1da08d89a98338c37826f820c77ca856940636778f1de5","sha512":"28514fde7aac1c74c0f011aabad1044cf20887f80cde86e246168221c19081aadad105d28622fc7a1686c60cf100a5079b7b61765df574ecf2156f99df9fab4f","ssdeep":"384:B99999999bFek/E6fhVC9FmgjhUZskdtMwAf999998Jy1L2+pkqQyynJSh:nek/EUhIjhydtMw56BynJSh","tlshash":"fc72cf39b745a91fa1a93dc26911c7f2b63c51c1d028535b1ef3cc8c26e94cf6c22ea6","first_seen":"2026-03-09T20:13:42.379668Z","last_seen":"2026-07-12T22:01:35.305622Z","times_seen":27,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/play/vs20sugarrush?provider=pragmatic\u0026_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.661Z","timestamp":1783893656661,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /play/vs20sugarrush?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZnWtMnkrkMCcIJri7ceql3ciHtG6yNZDRdMddPvIHI%2B0kYziCrfOMZHW8Fj073RauPX8KBb7PWqYer5gl1bmtyHGiO8EOBtiWeYLvzz1R%2BpPmdZAHYWwPpN7RZBSDg%3D%3D\"}]}\r\ncf-ray: a1a352da2a2db4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":221,"size_decoded":1231,"mime_type":"text/x-component","magic":"ASCII text","md5":"3265ea94b8edb331a659b21a81b3dc58","sha1":"059dc8e2cbb1f35c1173149aa46cefe41d434496","sha256":"d8f61083983fe755eb10faa200381b32507c14be526670b4ed95098efb1bc9ff","sha512":"8e74af12b0e99f74e926575dd456256ede8b5e09284bf3f19e3c662f54bb95acc3ceb714dd1802f5ed5601f6a1ac08ab1cf6514b4fca322b69e7beb0a363489a","ssdeep":"","tlshash":"63d0a72643093af56d7a2888457dc65fb91e515b61cc46f150934e35972703119036e5","first_seen":"2026-07-12T17:38:11.75351Z","last_seen":"2026-07-12T22:01:35.306431Z","times_seen":8,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/5708-926a5cbb3579d1f7.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.313Z","timestamp":1783893655313,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/5708-926a5cbb3579d1f7.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"6924-19f3ecb2ad0\"\r\nlast-modified: Tue, 07 Jul 2026 22:55:30 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 398657\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MdrbcEUVBlAkbAqavSXBfc6ELtCPnkaiPQW2VhIBZPckbWQPyfB2OdC%2F9K%2F17OxeHtq1XiqIYe%2B9mS%2FVIQ%2FoTDeOlqI%2F7%2BVNAf90XIYaGj%2BTgkNxR43ZqX3VwQ5LFg%3D%3D\"}]}\r\ncf-ray: a1a352d1b933b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26916,"size_decoded":7056,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (26916), with no line terminators","md5":"b58d901009e5dd078ec84a30e48e151d","sha1":"f871fd5e9a02a283c8e31a9be700e4ae15715e17","sha256":"0faa839769526c3620c7c8f7bc9b4b78004ef9980c103cd365079fbbedff3ab4","sha512":"b31d347b922a69e047655ced69bf8b14f63967d19b9b2df4b68726f51b5462170295305ad351d502bc84613fa23d89898c53400e8ce7adfa908d20f7c8ccf899","ssdeep":"384:u4daU8llCsp4PSOIX+lhs1UW5KRJ2YE7d2BzS+k0JQu2U67PMvia+MT/BuM+Mn4U:u4davGFu+j22","tlshash":"f1c27019aa4ba4bb87f116ef697d0b8401af075ff548ce17e529cf183347a252c91e2c","first_seen":"2026-07-10T09:45:03.479914Z","last_seen":"2026-07-12T22:01:35.306961Z","times_seen":17,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/big-bass-bonanza.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.352Z","timestamp":1783893655352,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/big-bass-bonanza.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"169c6-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2F6attBFWCsN4vvz8oK2N0F%2BZOCNBlzidYt7s9qo5RuAmkmF1TWL%2FhjHRnfXIz4%2Fa%2BHhwzTmrIsREvqj4e3leyeFvK5ifBuRkJBoq6d1K7FdM8C1y%2F%2B%2BQAWZuuOJlxw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1f94fb4eb-OSL\r\ncontent-length: 92614\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":92614,"size_decoded":93628,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"443881f8c79d4de0a637df4ce96b3c19","sha1":"cbd10da798bfd8caf5d234360dc274c93b600900","sha256":"2e4b3955d6828099b57a5ccc9d325301b8abb126295de75f5317130d43a76691","sha512":"4d88e453ae4284e8fb7c32ebf84c645b5999e417279bccecc045871908df72432d08792bff06f102720ded6ebb7c282c54939150ce7d9125c2cb1b63e9f0bf98","ssdeep":"1536:bxW89UOQSeptnJIDxEwfsD6bM/o6mcf/CVu87qON304H+1+tydijszMYrFVGL:bxWMUOaudPs+bMA6NKfX304HNIdig4Ya","tlshash":"619302db442be59d773b0bbc7aa98f7669db11446824d316313ca0253af826184ec1f3","first_seen":"2026-07-10T09:45:03.456319Z","last_seen":"2026-07-12T22:01:35.307519Z","times_seen":17,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.655Z","timestamp":1783893655655,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://varewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 01:48:42 GMT\r\nexpires: Fri, 09 Jul 2027 01:48:42 GMT\r\ncache-control: public, max-age=31536000\r\nage: 331933\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-07-13T12:18:10.107777Z","times_seen":233449,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":4,"connect":50,"send":0,"wait":23,"receive":59,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/auth/session","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.963Z","timestamp":1783893655963,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/auth/session HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nContent-Type: application/json\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\nexpires: 0\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nset-cookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; Path=/; HttpOnly; Secure; SameSite=Lax\nauthjs.callback-url=https%3A%2F%2Faurexss.com; Path=/; HttpOnly; Secure; SameSite=Lax\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4zdFnmFgoTOU2de%2BRYf6jxNkigpmhU2eA7B%2BXTlvHjALL5HcBp0bdgU1C3O7MTWEviVPN9%2FL3yre4w%2FFLVut%2BhZ8FbUi6yM8lqZ%2B8fH7WYgtRiBGLV%2B8a8wvRLiYqw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d5c9c8b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4,"size_decoded":1374,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"37a6259cc0c1dae299a7866489dff0bd","sha1":"2be88ca4242c76e8253ac62474851065032d6833","sha256":"74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b","sha512":"04f8ff2682604862e405bf88de102ed7710ac45c1205957625e4ee3e5f5a2241e453614acc451345b91bafc88f38804019c7492444595674e94e8cf4be53817f","ssdeep":"","tlshash":"b9300000000000000000000000000000000300000000000000000000000c0000000000","first_seen":"2023-03-07T01:02:14Z","last_seen":"2026-07-13T12:19:44.824921Z","times_seen":271594,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/domains/siblings","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.182Z","timestamp":1783893656182,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/domains/siblings HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yu41GGShc%2FC7zvWsQiZSLo9J4gkhYO8g1t9ylRiS84AIBBtHWoKvzja%2F%2FiXnYwknVRDZ7kIAHnmjnmSlXf3pAwd23vRKtwT%2FARAb6LoVOMJnCWtJJalZJCE4toYhMA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d729dcb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":251,"size_decoded":1158,"mime_type":"application/json","magic":"JSON text data","md5":"8d2e752349e0b9afbaed92083ec720c6","sha1":"75aa7969405eb390459d1b94236e66ba301a91e0","sha256":"91da133e534b56574ac29142f2a30c525b514945b3b3638710a95ecdf1ff5a9a","sha512":"d41949edc6306609935242ecf4bd39dbad7847277c319cf46f016b3aa458fa7b9faef580e939e9148be04161446aa211a8b6f35149c2b5194db23d4cb9492b25","ssdeep":"","tlshash":"9fd002049b4885a44a450575b47e4e8475bc1cf5c718c6f08572d101427b38e1c6c8cf","first_seen":"2026-07-10T09:45:03.539295Z","last_seen":"2026-07-12T22:01:35.308268Z","times_seen":2,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/vs15godsofwar.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.496Z","timestamp":1783893656496,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/vs15godsofwar.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"43894-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8tOtX5tuwb2ySWfNzayGEFjzGZ3Q1inXc%2F76CnL%2BQ%2BGgzZmJF0RfJtvCXbfGy72wYj9XFvHnNbcYx%2FLfjcfF9uFKorO1rv1%2BRDxvw%2BBw7DgHy7%2Fnpt80VQNVR8IfZg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d91a05b4eb-OSL\r\ncontent-length: 276628\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":276628,"size_decoded":277567,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"979852fd6da5e7b15cd1f5f92a961106","sha1":"9d485e3fe899b422b9adc4b0c620eb144f335352","sha256":"f4559971ce6d4019c823558f1c57616e238fdbf96dfb35c8fd6583332ecd3636","sha512":"4bfa3b9e5e68e2765661c2baec88d68a3af81387d7cc1c463bd4a80679170ce9a6ad3ee840e604ffb99391dcf971bb26cc5d500dc5e79703f986cd0526580b11","ssdeep":"6144:mIeEt/tm0YtyKztgChb1k9q8OKrGs0fpltbEFatc+cahe:mBEtwNthtPhb1kBjN0fpv/cr","tlshash":"9a442356ff3970a651bbefb4aa0012d20b23ae7864ef33dd309655c10a4c5831a9b7dd","first_seen":"2026-07-10T09:45:03.512611Z","last_seen":"2026-07-12T22:01:35.309255Z","times_seen":16,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":98,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/vs20starlight.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.512Z","timestamp":1783893656512,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/vs20starlight.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"36ebf-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gE%2B7oshPaEcDmNR0yInsZP24J7kFQ8b4PSqzTRp9hKKKDjbT35Ak2knzcUfiUzyFBmMH6%2B0FIpPbTVfNSWcUXmpL%2FbGNDePrHlVAxrhN%2BTfNsjIqmOlHgdSI2lSXuA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d93a10b4eb-OSL\r\ncontent-length: 224959\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":224959,"size_decoded":225892,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"4bf449fbfc039659ef34b9962ff3701b","sha1":"2da641dd7ea3cf3a23ce2c83561ae2ae2b0a9551","sha256":"b24676e15e785bad29cbb46cb5004ac2b2269a9477e9d32f78fdba386c3db3ac","sha512":"a60e70ceed2475517455e4d82f906db59c3f621bb408e7837a2bd475b621146856c799db265b184cb81a3d2d188b0c76f7ba59d7aeb518e602a02db3ff8057e8","ssdeep":"3072:zD4dZDNtiyjIyL1Q+kQtPQLQlNGqdZZL51YFbYqPCAYOss4R22g4ZXSNa/GnH:YfiAIuCQPmQlNdtYFwsL2lNr/GH","tlshash":"5f242349923e6d5f0a121787b8109e9dbabb33a74fa9043d70441be558340e1fbf1e6b","first_seen":"2026-07-10T09:45:03.532903Z","last_seen":"2026-07-12T22:01:35.310082Z","times_seen":16,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/4bd1b696-100b9d70ed4e49c1.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.300Z","timestamp":1783893655300,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/4bd1b696-100b9d70ed4e49c1.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"2a3e1-19f2fbf1600\"\r\nlast-modified: Sun, 05 Jul 2026 00:48:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 598358\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vclfOFepHfv1OK2mjTnHhEHJl2tw7aTgq0FyEjPFnx9adyWJEsmGL6ojfa7ol5i9%2FjYgNImDE3%2Bnh1ZMlU667LdFUOEasjkkWb6TufeuIcLNgihYMbqjQGKFF5akYw%3D%3D\"}]}\r\ncf-ray: a1a352d1a928b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":173025,"size_decoded":55369,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"2a9c2166a0ae63c27a466c7fb5903d80","sha1":"51f1c90c3f1e1d32d0c81e836ded7ed5ba0601d6","sha256":"5421e13a91a9389517b66179f3b4b5eaa0d95245438066d4d7b19ac30aeb809b","sha512":"8dc6274f2637076f1b5c4cd3f61b14259ec5552d844245c8b93a64f19c8b6b7347554a03b994b0f880b7dae74ad65e54eaa00be81783c2cedbae82a7fd4b89dd","ssdeep":"1536:DWET9Lwegcl2MywYleojBFOQLfioEV7hNc7lFlgXGhJx4bzZc5zg5tgW/zAe6c0:Z9LwzMyh1vLEE7RgXOQ5SIA1","tlshash":"ecf3f8ec3999e611aeb342a700df28037378261b240d4d60a614fd9ea57845bb17bfde","first_seen":"2025-08-21T15:49:50.637902Z","last_seen":"2026-07-13T10:45:18.945199Z","times_seen":13110,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/9792-bbed82e0e875a1e0.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.320Z","timestamp":1783893655320,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/9792-bbed82e0e875a1e0.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"2479-19f2fbf1600\"\r\nlast-modified: Sun, 05 Jul 2026 00:48:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 598358\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wktImJH5GMynypSWeIKpYKkrLwbTv2ZDfrFxa2Ih6sSqt7UfGyNVMLGrXedq3biYVvOg2wVA3deC%2FfYKoPaOqQ0rOnRjDOKUlaRYbPd53L5XbWInbfPqdUN%2FUPjJzg%3D%3D\"}]}\r\ncf-ray: a1a352d1c936b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9337,"size_decoded":4406,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (9337), with no line terminators","md5":"b082208296b9b3705076807c6a765752","sha1":"df9d0a8602debe4cc087445f2f2928428a8dd8f8","sha256":"e5cc5cd6fd587fd300815648759a627ef8c4dc295d75f12440f6d27de6b02924","sha512":"44a1bafc5746c002fc285d55b8f9240e4dc493c65c631114334e52b732499504fee8c0449fbebf9d50205593347c073ebedd5e48fb1e606a37f7cb474066b846","ssdeep":"192:O3Yaic4We1aowaYz4n6rUGUCKbLgcJ/t/ml/6/hYmPE:O3LuWsYn/8rc/8E","tlshash":"76121b92baa2f8b291bb6552683703863130277b790b4441a3bb4cac2354f59b4d3f5d","first_seen":"2026-07-10T09:45:03.521341Z","last_seen":"2026-07-12T22:01:35.311525Z","times_seen":17,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/bonanza-gold.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.350Z","timestamp":1783893655350,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/bonanza-gold.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"19894-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QKteEgfv9VxGPBdVBud%2FNBPgKGNlpQeHqtbc5qnvvV22lnuPJR0SQV1G83JbzjUcJ%2F%2BM9mDPlJNNwzx6yWEMb%2BSNVFR5CKX1OB9M9sM3cO%2FivtHe9la3KcCTL0EVxQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1f94cb4eb-OSL\r\ncontent-length: 104596\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":104596,"size_decoded":105605,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"41a60a105c2cfe76d0467a5b09ae0a33","sha1":"551e9c83845fba6fc18db7a4ac086c215ff8a179","sha256":"b78350512b1d85e07b3ef58b82aad59ddb661cb83c0575faafe676525f215907","sha512":"1ea5a610329876344d027bec3868e54d569ea08899bf3bb565e0750b3fc468a48d78b675344162e4555d61112a30c161a8a4430502547898cee97fe320c5ec38","ssdeep":"3072:4kSF2Y4Jf5pFoQqvZ798oWHprJMkhu9uAvX5iQjgw1H:pSUX5A79dWJrJMkhuZvX5g4H","tlshash":"60a312c579393f7d83899a43ec1da0c3f026f9e51edd2f42dc4c5606ea3182918a4b67","first_seen":"2026-07-10T09:45:03.469823Z","last_seen":"2026-07-12T22:01:35.312172Z","times_seen":16,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/vs10bbbnz1000.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.506Z","timestamp":1783893656506,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/vs10bbbnz1000.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"31661-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ojDzaZvqDyWRiG7Zgln1FkUUw%2FJFX32JBbhEoxp4LR435v0E7CXqn6KT5NIJjbcwPhTFAPghOZYnRqbxQbYW45z3h%2FvNNSv4MNQ%2BLlPIwAL0MelJLlUZyKSifZViaw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d92a0cb4eb-OSL\r\ncontent-length: 202337\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":202337,"size_decoded":203268,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"fc682a01b30969c31b5d2c66887d4be7","sha1":"605e59716ef7353dc35d0e7da342a8ee2a6b52df","sha256":"07a2e1c144e07f1aef4ef295b983371d4014290fe0386df6d89a2d63c600fe22","sha512":"e99d50df16f3783df87afd21266d31c1679b2718c11cdbb620c570be8339b4dd634b6869063c7eeb3e55c654eaeda751ef886809fe4ec45edbff01e5e8128258","ssdeep":"3072:+s2K0+E1BVyXNZdGahQpX10H3gIu4BgAKGMUy4e+qB3TxTp+K4ay62bB6+TDWOXd:FB8F0XgIu47KGNHzqwuy6qBdTDWOvA2n","tlshash":"d714227b36df3816e6c2a0768d7c5d279260a9e602f728d62c6173ead1358cf5017fa0","first_seen":"2026-07-10T09:45:03.494863Z","last_seen":"2026-07-12T22:01:35.31273Z","times_seen":16,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":75,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/avatars/avatar-09.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:01:05.105Z","timestamp":1783893665105,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/avatars/avatar-09.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:01:05 GMT\r\netag: W/\"3b6a-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sI5k4V5UZgpSeYj95A2JPS2YNafZRKpF8%2FebpGKGk9nXoviMjCcDVc94TJMoHKdZ8QTmtFOitGrcXw3Jfllzrq0%2BGnKP%2Bb919G1NaSvpXE%2BbbQk187zsR6jeW%2FBddw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a3530eee7bb4eb-OSL\r\ncontent-length: 15210\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15210,"size_decoded":16217,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a78743d1476c3c31c278098d05aa442","sha1":"0171fe525153dd0fb03255535502ecf1262e0458","sha256":"c3e6f099611d8d3faf622bf7a6f48302be66da2d4a26e2463f8977462024ae11","sha512":"415db81487d3880d7725c004ae56deee7809dbcd6a946761bd15aafa00ddb2d24b21a2a48c93f3db855114b2d4a698115d3612473cbd7f13fbd95668d4e776c3","ssdeep":"384:NbMdd3BQ7u8wpujsdFXaNfo+PQ615yq1jQS0w:NbMdrQ7ubkwdFX0PQlqpQS0","tlshash":"f3628d09392245a4dfea2bbafaac160f88338c773c2105ff8d3491167503d91d7b9b24","first_seen":"2026-07-10T09:45:03.573888Z","last_seen":"2026-07-12T22:01:35.301749Z","times_seen":15,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/app/(main)/layout-4d27638b938b6895.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.316Z","timestamp":1783893655316,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/app/(main)/layout-4d27638b938b6895.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"e184-19f4d8d1f10\"\r\nlast-modified: Fri, 10 Jul 2026 19:42:02 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nage: 154054\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=84V2Fc90qg0O1u0Xzos0oiEzy2IU5jmeyOiRVceAo%2BKKFApTPddAWeAVwiMym8L10O3xd2UhCbfVwSFCJHGFw00kdnNSiPnsIFJOv2dN3eRRHZY4bwuuH%2FEoovppWQ%3D%3D\"}]}\r\ncf-ray: a1a352d1b934b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57732,"size_decoded":17939,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (55907), with no line terminators","md5":"bff7621c687cd5d0f66ebf66ca833cfd","sha1":"cd1f50b353365d253742afdf6ae67fdf39795351","sha256":"d28666a9634510936f8d64bbba35597f853a668c80009cdb3607125168eefc37","sha512":"b25b6d5745ac6e3165fcbcf29518a315ad942447a0a7dd97c02324c08a791d30f9eb178fed39ee9f4b5694defbccc9c1b7ec56764182c26bcb50a4158aed6dfb","ssdeep":"768:f4f66H0enWAvs3/94888itgZ6E9hHnIiTuJWxdlBLdvHT6tyaz3DXE7ir3zeZ6z:fcrnWAkva888itgXhNrT5eDE76zeQz","tlshash":"f2430935aa073d18f63f81c9778f550eb15fa924fa4f4538ba7e2c3212584e4b226bd4","first_seen":"2026-07-11T14:42:52.99703Z","last_seen":"2026-07-12T22:01:35.313706Z","times_seen":10,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/play/vs20fruitswx?provider=pragmatic\u0026_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.635Z","timestamp":1783893656635,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /play/vs20fruitswx?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=geGSoZ3n7%2FVY8nRSiDjKzkWIke5SH8WDS05gSeNdZWkfC%2BBqOhNa7ftaz6xW5WrMo0tEGDlHH8NXfjro3cWupnhDobblVMrEdo1k8dcgh9MNlNBJIefFVNGfu%2FXMaA%3D%3D\"}]}\r\ncf-ray: a1a352d9fa2bb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":220,"size_decoded":1234,"mime_type":"text/x-component","magic":"ASCII text","md5":"2675fc4afee7fb6b05ffa88a3581019c","sha1":"904320710be35897d3ec0da7d94360aa1e5ff375","sha256":"aa988bca74c9242da6e9bcbeca46be91b4e19202379f310419d31fcd588bf554","sha512":"2dd94f8248bb2264fd118c18fc53b3c0120398692a34f0f3e3904c1f2a48d2f3fb3deff0f559f260027aa9c2743d8fa88f9063a0bfc721f74dd5e35f240f649f","ssdeep":"","tlshash":"06d0a72643063af5ad7a2888057dc69f751e515b61c946f190574a3593630311903ae5","first_seen":"2026-07-12T17:38:11.855689Z","last_seen":"2026-07-12T22:01:35.314519Z","times_seen":8,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/play/vs10bbbnz1000?provider=pragmatic\u0026_rsc=1otn0","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.694Z","timestamp":1783893656694,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /play/vs10bbbnz1000?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=45qRmwdY%2FKxtbhsVDnbobIFUGUfMWmDVMwNhHHNPQvJMegRGa8aKGdBgLF1mxNzBzsCIqCgFOQb%2BsfHZfE9FnjFtTnOz4SKHRDuSGit0%2FVRwMPx%2FIGeonGYwTJb2Yg%3D%3D\"}]}\r\ncf-ray: a1a352da5a3bb4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":221,"size_decoded":1235,"mime_type":"text/x-component","magic":"ASCII text","md5":"ba26f32ffcaf2831d8ec0ac54f7d4872","sha1":"b9ee1b9c7f10092556bbec51149a9e459165adcb","sha256":"1402a8c710ad9f71fd8233661635a2433ecb2f6997bd53062856cc9bfbc34f7b","sha512":"c9a460d044be181512ca5abf0df6e510f4d42fc07a0362a7c46dc329473f9f7eae4a353c6546ed2a6b105127437d6a7ffb1b6ac820c14d2814fd162867d6bed0","ssdeep":"","tlshash":"e4d0a73a42053af56c7a2884057dca5f751e619ba1d846f250525e35976703119036e9","first_seen":"2026-07-12T17:38:11.676985Z","last_seen":"2026-07-12T22:01:35.315169Z","times_seen":8,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/the-dog-house.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.342Z","timestamp":1783893655342,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/the-dog-house.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"109aa-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lFHTJ89jGFfM%2BpBtkWa8SBFs7uD3mpKCHA6FDZTiYg2aGYtyvvtRLAk3vAQmSZhPy74rFsLu5cMBrZJcix5FdivULxQG1%2BBvyQ3NoHgvd48PbtNc%2FpMyhNhYANRsIw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1e944b4eb-OSL\r\ncontent-length: 68010\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68010,"size_decoded":69014,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2b9f8d3634b33f67618a2165bcfc9e64","sha1":"b78d21e115c70e802749e0abebd64d281960e839","sha256":"31dea2a3414638bb40323b0f736714adea89c3a4ec792a2633def6a031f40abb","sha512":"35236b4d268abdc18417458a9904855a347ccbe0041e51959d3773c693be9aed557b066748ec37e1a7fcdc0880b51c14bd1237ff0b7b66873d2b1c84dbc6219c","ssdeep":"1536:ZFyfU4Wy6d20OqYMZTQo/PklvkPc8tXK2Uba6sDqpGJb8fuLzg4E5n4OJM:ZFWWyZNqYMdl/PxFcb3smpGJb8f2g4EK","tlshash":"666302f75a996667f20b02bedeecebd8beed8a03c1b7d124096455b005374c343a5836","first_seen":"2026-07-10T09:45:03.457398Z","last_seen":"2026-07-12T22:01:35.315655Z","times_seen":17,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/aztec-gems-deluxe.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.348Z","timestamp":1783893655348,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/aztec-gems-deluxe.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"1d528-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pcSboqosnjyzQYSVHzXZX1SBUBQfgL%2FZMaWKJ6hjVe3bpI3VG3avAzRl0RGyGN3kJED2sTg6YEPPRezC9xTgYFd08TMghs9kD4WJjFWvD%2FU59liQ9NcnFmVCcF%2FaQA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1e94ab4eb-OSL\r\ncontent-length: 120104\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":120104,"size_decoded":121109,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"33a0becd3951ca3fdd35c7dd1da54efd","sha1":"a17632960f7cafb9b4ef525b69cbc0e14895364d","sha256":"4277a6f42779711e0e082be210ca816b7e1246d82b944293b069fb7c0523ce4b","sha512":"889704cb60a85169d9c20b1477000d987223e145510da6bbcd12f03b7edcf1cfcea299b0b6cf25e9eb9a73da46280201cfe594a6caed250ac2de13b1687c6d74","ssdeep":"3072:+gIA0CnPgRcql+4/sEs9QsChmvHRo/3aNJ5PvU:8YoP5BMQs8mvxWsDPvU","tlshash":"b9c312966367a2c3fc6a5f5c6a8d9d29adece217388b935f4d7c2163de40122cc5e403","first_seen":"2026-07-10T09:45:03.518594Z","last_seen":"2026-07-12T22:01:35.316474Z","times_seen":17,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":73,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/wild-west-gold.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:01:09.618Z","timestamp":1783893669618,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/wild-west-gold.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:01:09 GMT\r\netag: W/\"1267c-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GnrSFYP72dKmujeEdSApmsh%2FOjnm2MS5Go8ra5oBD2ixLH2Gq65mgBgxJBa3jrzg2K%2B2fjaWKxSfJmfnE1N1%2FXg%2B08za7x2pPQPQbU0gkdetaSqf%2Bn6pHOqekhkI5w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a3532b2844b4eb-OSL\r\ncontent-length: 75388\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75388,"size_decoded":76396,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a4d08f2ce7d608f3f8c032b0822a72b1","sha1":"4af5325f2834e09cbac50c22145eede287e20ea0","sha256":"3f856fd2ffad9148db6e06b06306c8753774c51fe02bb3f189702b14d0be6a30","sha512":"e182a41e1df5f49e6bcb4212c0ff417ad34a0534fa86c3f5f8350230b00325b85b15f065202c4745694b6e742793208ffd6ef59fef11f2b3f62f212f1ecb72d9","ssdeep":"1536:xCht2pj7iiYngyCZguVap90E6+dd5QHIyJtiQj3Yj339wQOVMP:whYp7zIDuVapeEjdd5QHVt78j3tIOP","tlshash":"c77302ac830ce2953ee17c7bfdd56457c0804ae6326b5ec92a01b4d61737ce5cad3a1a","first_seen":"2026-07-10T09:45:03.496757Z","last_seen":"2026-07-12T22:01:35.295138Z","times_seen":17,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/slots/fruit-party.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.376Z","timestamp":1783893655376,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/slots/fruit-party.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"13b8c-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H29uc5zm1YlOyFCiQTjffMCktiy9x5wv%2BvHeoopy0Hi%2FlDQax4%2B2DRBo8V9mThQI%2FQkd5wEdInJsCDgaPqSlYBcfdeRt4tg83oZAIW4tITCNhuCIs1KfqtPOVpFefA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d21958b4eb-OSL\r\ncontent-length: 80780\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80780,"size_decoded":81786,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"76124d66fd092f1fb46a2fd2d5baea5b","sha1":"a018a643b11d58fae6dd05ab45649a1b1ed87654","sha256":"898d2a436e53af8b4b276cdbe618f1bb8180726af0f59360789b2b2a9d8f9604","sha512":"6d50bd5aec5f9831e6f2c6a83f347530b1849abbccbd6120f11c32ca00b916cfffe9d30fbaed1538f3fa94372ca75ce6c3cd992fdf2bdc76bd353fdc9263a59e","ssdeep":"1536:FQsFiQFgi0PoyiGjaRt8HPYQ+3elQO0+Cyf+klBCsRR+PWVpWwhxP5EqUncxT2:FQkPT4iGjaRt8HPYGlQb+aSR+PWVpbVw","tlshash":"198312289c92e5274b45d345c37e570ae89f0de77d032ad6e40f97d2cac1639f82ac68","first_seen":"2026-07-10T09:45:03.482021Z","last_seen":"2026-07-12T22:01:35.320765Z","times_seen":17,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/news?locale=en","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.072Z","timestamp":1783893656072,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/news?locale=en HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wXJ%2Fz7tWcoIUt0KPkhpTge%2B%2BjvffdVgsKesEDNdOOnZWZOwVb6C2GsMqjB1nRMOFi071AVml%2B3y6V0QHxI9bbpxv7%2Bjt3o7MugSAipTTLkaHJzrOLOHG8ecwlHjsMQ%3D%3D\"}]}\r\ncf-ray: a1a352d679d2b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9990,"size_decoded":4342,"mime_type":"application/json","magic":"JSON text data","md5":"dbbd633ba2174e0e5c4477000592a2a5","sha1":"94b55540610452e55172b8f694c8d211023567ed","sha256":"5d4f2f6a920a9a3299da5cec7a65b490359b2539503092c8ed47c3c4769cbf80","sha512":"ab2e84fe7076c5805df542982b8462a15921a3255c75049ceed709f936eead2b6a519ed68e3c0f178137db7cedea4e5f0a71388d48bf49665a62ffd64e9369f1","ssdeep":"192:izTK2z9OmGLTNM+ny0xXAbu0JDL45yNsLzsfrEyl:z2zoz5dPxQDL45yNsnsjHl","tlshash":"0122b86d037918a4e73d0290980436af9a4db7f2e1fc7d5d2f89cb5d688989cc7085bd","first_seen":"2026-07-10T09:45:03.538242Z","last_seen":"2026-07-12T22:01:35.321706Z","times_seen":16,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/api/media/ceb9e344-a5ce-43c1-8ffc-22302cd910c6.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.284Z","timestamp":1783893656284,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /api/media/ceb9e344-a5ce-43c1-8ffc-22302cd910c6.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g81OanQ0LTgOfEosvlp9v3KeSzVqKbE4wRkn9ecqE%2Bkw1DBuYiGbNTaOm2HhLfQ%2FS14jWy3%2BAipECQ8%2BtgVjYu0NMOBvBndf%2BC4zQ6EccPKyVqQte%2FB3BhdfvjTokg%3D%3D\"}]}\r\ncf-ray: a1a352d7c9e9b4eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":164394,"size_decoded":165411,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"137cdedc2f1c8db70aab54aa6e011b77","sha1":"29c0216d3b5508c9066886910e3d1c549f1d3a04","sha256":"bf004b731aac1a183833df63844be938cb69b2095b647428d48ef00ed9bdd051","sha512":"6949a5f01e83762591535d1e4042bd6907c2a877a2fd4463d029d021c751854dababc6e87876e1d8c0520ee2d273b2228349bcef02197204b014b6d23d89a204","ssdeep":"3072:eHo6l/e1LtSYcVQCruv14MTZC2Me+pgqE4y0NXowhM8am9eCrJJl:eHc9tSXbruvXZMxpDQAX3bam9eUl","tlshash":"31f312e6bc5c49935922540ef501aa0bb449e8486bfdfde5bd30ed5ccb6f630088b58d","first_seen":"2026-07-10T09:45:03.572616Z","last_seen":"2026-07-12T22:01:35.322231Z","times_seen":16,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":75,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/_next/static/chunks/main-app-f3336e172256d2ab.js","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:55.303Z","timestamp":1783893655303,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /_next/static/chunks/main-app-f3336e172256d2ab.js HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 22:00:55 GMT\r\netag: W/\"23c-19f2fbf1600\"\r\nlast-modified: Sun, 05 Jul 2026 00:48:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\nage: 598358\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xFdrOB6fBJ%2FOz8NnRRuPDjUT%2FulLGtp6gbA%2F2rBiV1ypa%2Fk%2BGQmVGndjrMq2Hl%2B2h4snS7CbpTLE7Ko9EqDUQARXoUIZ7PtJ55u%2FfTiuRLIhUWNdYbEqpDdBbHxgkg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d1a92ab4eb-OSL\r\ncontent-length: 239\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":572,"size_decoded":1273,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (572), with no line terminators","md5":"39016df7484bb925b0b0fe1905ddbceb","sha1":"088ce59eb609b8c19e00e2d93e10d33b75578d7a","sha256":"91801d552d3e97ad6aabb535c2d8eeff31bab152fb2448b8556373894e7d7215","sha512":"41618a49d22f65beb83086c769a8c67e5ba76cbd01b838ee2ef88857171a333a9ee680d08d182a3ef65393eef1b4d2984c122e3d4d0913e82c0f0e9ee004e46b","ssdeep":"","tlshash":"8bf0d69a4f0cf52f5d26ad65fe97ace2245f4175202b4e606901ee613c23bacd270404","first_seen":"2025-09-01T15:30:28.522834Z","last_seen":"2026-07-13T11:41:26.835456Z","times_seen":634,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/games/trytostart/1164.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.502Z","timestamp":1783893656502,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /games/trytostart/1164.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"3b07d-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tvvG5u8b4BA93SvswXMhboz2FerS4l9ol6CUNTiRHZiHIr2vNJa5Na%2Bgjv5RypfiNk8R%2Bt%2BlDDZEUpc2xxsr7tk8qr6PEc9rQepYXqwct%2Fjq%2Fq6VnxcuN7%2FtqXoVCA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d92a08b4eb-OSL\r\ncontent-length: 241789\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":241789,"size_decoded":242726,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"a22bee73d837dc2f4a18b7ecc93e521b","sha1":"9a9aa32d2ac85065925026752b2809670a73c586","sha256":"732b9916293e927de8a418624133957e9a2607fb891ecab95de2ba842aaa2641","sha512":"777e29c39d285ea5ede5543a3f4b5611729dcc61c0e0eaeb0fde66c5d4f9a8d3a227127a96e384d1071ba936aeecf7c4865363db6dedec3016b2e7b5c72140d3","ssdeep":"6144:T8vn7tHyt5P7xVpBeZ7RLlTeeZmI+qYuozxO24EfjO/1XNJc:TinRymZtLlTbZmJ0ozxO9EfqTC","tlshash":"da3422cad1c441b76c6a50882307b3d29fa064f7b97654eca4bee73c732e25ba523117","first_seen":"2026-07-10T09:45:03.5234Z","last_seen":"2026-07-12T22:01:35.323364Z","times_seen":16,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"varewex.com/lab/news/provably-fair.webp","fqdn":"varewex.com","domain":"varewex.com","tld":"com"},"ip":{"addr":"104.21.30.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://varewex.com/","date":"2026-07-12T22:00:56.528Z","timestamp":1783893656528,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"varewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:20:06 GMT","end":"Sat, 03 Oct 2026 19:17:29 GMT"},"fingerprint":{"sha1":"50:E1:85:8F:65:F6:78:CD:DB:21:E2:CC:73:E1:FC:0A:10:CC:B9:1C","sha256":"B7:E1:95:55:99:3B:FE:84:E5:CA:C1:10:F3:48:06:78:8A:F2:82:29:21:AC:1D:C8:6B:23:27:47:4A:9A:9C:2C"}}},"request":{"raw":"GET /lab/news/provably-fair.webp HTTP/1.1\r\nHost: varewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://varewex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=0a7dcb8330ae4146fc86dbd15652c28a08bb1f3dd158e25d498a6bca368ce833%7Cdd18ad1bec1f9cc5c28d89f6560ef065020d67362649dfff64f2ef5d4648845d; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:00:56 GMT\r\netag: W/\"c05c-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W1emES%2BUHFPC%2B6%2FmDPmieCt%2FooZqhn1Z6Q0p06wDvp%2FMxtg8cc9XovIOrmOnTB5FLjGTnEkuel9vhwIHfkBoCa3rFuBt4R1UBiqGPSc8Q68pwWaLAnRawzLYbq1Y2A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a352d94a1bb4eb-OSL\r\ncontent-length: 49244\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49244,"size_decoded":50251,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1376x768, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7cb9cd43359de54e7564c725bb9517d3","sha1":"1245094b8fc133d439c2612cf4dd9fb47e3184d0","sha256":"8399ac55ccc149cc474c6441e1bf099afb1d89dcac48e6898df23203e13388d8","sha512":"e4a6ee358263129d6fd50c7e98367f83d92955c35abe7367b8e081757483319934cf8c10c76a54cc91e3ebdcc1562b4f16c1bed6bdaa6014c22319a457669783","ssdeep":"1536:dc7h8uOGfEiIWwtbwyn2ej2/4/S4uyrhXaetd:dMwGy2es4/S4uyr4+","tlshash":"152302dcfd0b7f91e3172448c110d0a5b5f565fa93596e825398d883b68a83fc6f428e","first_seen":"2026-07-10T09:45:03.524343Z","last_seen":"2026-07-12T22:01:35.323973Z","times_seen":16,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"varewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}
