{"report_id":"0a64788f-16c2-4866-b66e-2064cc7daf23","version":6,"status":"done","tags":[],"date":"2026-05-19T01:15:00Z","url":{"schema":"http","addr":"downaldtwump.lol","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"104.21.12.77","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"downaldtwump.lol/","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"title":"Downald Twump (Downald) — Token Distribution | Claim $Downald on Solana","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"downaldtwump.lol","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"104.21.12.77","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-23T01:15:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"downaldtwump.lol","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-19","domain_rank":0,"first_seen":"2026-05-19T01:15:01.360442Z","last_seen":"2026-05-19T01:15:01.360443Z","alert_count":12,"request_count":12,"received_data":785472,"sent_data":5461,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-05-17T22:18:09.532627Z","alert_count":0,"request_count":5,"received_data":231099,"sent_data":2768,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-05-17T22:21:01.756487Z","alert_count":0,"request_count":1,"received_data":15297,"sent_data":526,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"downaldtwump.lol/secureproxy?s=%2Fipfs%2FIY1NxDco8vvg6mLBmjmoGAefcfb122300e22ffe8242cabd3afa3c5%3Ft%3D1779153279346","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"94daf6f5a4046427ae83fc730f9daa48","sha1":"1153b6bb03564a2a19798e374db359a027ea3f51","sha256":"57d87ed2e522b1cc0d2e90c7b94e2dd9b2eb66bc21c51b3205350e4390110c27","sha512":"5e19f81a1d793de39538136cff1fccd792bd5375db61b93afbbc3d1ff0340878334e827c53a24999a6811fc308c8aa99d567f76e5660079792856ab9c20983d5","ssdeep":"6144:rh5gD0imdV6bIK1GzE2nT36RzaILAzrryoMo2w64HollUz7rBdBQo7oSYbwI4LQO:zs0immbNgTqmIMz6oD","tlshash":"79d4c6ea834e9777e08a22f71673447fefaa2d18856feae057c0ddd953c8b0214e4158","size":602439,"data":"","first_seen":"2026-05-19T01:15:03.79405Z","last_seen":"2026-05-19T01:15:03.79405Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/js/app.js","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1c0b9e258352f9871f5a072a61141924","sha1":"e060d20406e1f44701d3ba1c402b44d7f4d51b29","sha256":"6abc154e116fc7b5ab7988c1c9827e42a1d2464c4b457c444096d30515a75200","sha512":"bd8191967201eeef060f146d737aed11e9a3589b945062a8a1041d2dc39fafd02d6a8397a881a1fc650d60f4145bf3bf7d702bcb3f0988243471ae0771a589cb","ssdeep":"96:y3tuLIzgMa/E+9WKub7NFRSbxYS7h7Uh9ZTYp8lqKEqvtjiHfqbv1IxjzlIrV2yM:wtwIzuE+9PWNF0bxYS7h7Uh9ZTYGlqKo","tlshash":"38c142255a6a193709b14ee4cbe35015eb24a30b714296ad7accd28d1ffe540d4f79cc","size":5605,"data":"","first_seen":"2026-05-19T01:15:03.803768Z","last_seen":"2026-05-19T01:16:57.405178Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5aa884626fd718ff1c48b0471b5eab7b","sha1":"5fdbd8c7bc648d80acbecd3c632d7e8b9d7e4b53","sha256":"965e60df3541bcd10a75fb6344b0ef8f6538b50128c4b3f0ea2a5adf7e136487","sha512":"9d4431b9afaf61a88338cf2ceb7df0b4cbe6d3b2bd75b205df21d53f444b71953a4dc754cbe2736dc179807ccb8296ce0815b81645e6950e18343c9f359b4701","ssdeep":"","tlshash":"7bc02218c6a0cd30444c009b213412e934602b1a800a90c682fc4d8924ccec03a88020","size":186,"data":"","first_seen":"2026-03-21T05:46:57.300342Z","last_seen":"2026-05-19T01:16:57.418745Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"downaldtwump.lol/images/icon2.jpg","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:39.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET /images/icon2.jpg HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://downaldtwump.lol/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 01:14:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 90214\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 19 Mar 2026 02:19:09 GMT\r\netag: \"69bb5d1d-16066\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OJ76Yk9h8bzxMN1tvkkS6k1opklCBzxBguO8f4yHzQh91%2FPAbCbHZIvNuKA4IKRYWX%2BEhMD51LKs25jy2kLx%2FIew53qevTEJRV7b93KP8C%2FQr2WlQsAbPDwJiZGf9rA35CwO\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fdf3efc1fb8568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90214,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 680x680, components 3","md5":"5dd7b0f95f031b125a2d8d3f4fcfcef0","sha1":"fdfa2e6b2f96650e1e3694e397b31d56e59f9ddb","sha256":"c741cf72ac505a6971e3b12755703fbfb1a47f0bef6d6fad0d697bf3d7d6a5ff","sha512":"32e09fd44f95d75badf2ee2bd3b5214d302cca74a112fe204686f4cc38038914a2f29f4132c344b9ea123a44b2e572d7f2861b6fc825bfe850f1983ec00677ef","ssdeep":"1536:O+H9H9I1LI41lr5mBIRMpWUh33G+zdw9znchXqPaCjfaMsr3iew:OS9dAI4cBI2ppc4N89aXu","tlshash":"f6931261b6a95e82dadef316029d87f59513ee10910d8b4b14012938eff937b3e781ac","first_seen":"2026-05-19T01:15:03.787425Z","last_seen":"2026-05-19T01:16:57.399492Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4208,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:42.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://downaldtwump.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 May 2026 01:45:00 GMT\r\nexpires: Fri, 14 May 2027 01:45:00 GMT\r\ncache-control: public, max-age=31536000\r\nage: 430182\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-20T07:10:41.931054Z","times_seen":188853,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":106,"dns":1,"connect":17,"send":0,"wait":17,"receive":21,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/images/pump-logomark.svg","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:39.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET /images/pump-logomark.svg HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://downaldtwump.lol/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 01:14:40 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 19 Mar 2026 02:19:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F%2B1nHycKPTHsv5k72cYqfh4Y0dnWS6oMUhRbophHy29ExAuo6Ri5ybVkE55FoJh%2BSSw8qTK68%2F7sXQOtH60Zrf35FvoPWYTRUVPHwGRNtiASycZGiPuEMjJhkeQcAHpiWb1f\"}]}\r\netag: W/\"69bb5d1d-a5d\"\r\ncontent-encoding: br\r\ncf-ray: 9fdf3efc1fb6568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2653,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7ac045d44726d3ecd7d70cc10fd98c72","sha1":"d3e2dbb1530f6a00a41c9467e977fb61048ed08d","sha256":"2c72b8e06bbd7be8823c2cce4bbe652ba7a36e35074b8a1b27fd668304816379","sha512":"488d3da62f6ba30a36f8bb106262c3342583a719402680e34ce6d99ba26db1aea5d14496d7427aa39544527a3d5f63a0030d6e32d48e4366e07aacd5db5d12a8","ssdeep":"","tlshash":"395171ff7b5448e5de86c2f8eb2a2adb782a24d97120464193d42f29780176c4d8ac93","first_seen":"2025-11-15T00:25:53.758655Z","last_seen":"2026-05-20T07:33:25.876638Z","times_seen":337,"resource_available":false,"data":null}},"time_used":1224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/secureproxy?s=%2Fipfs%2FIY1NxDco8vvg6mLBmjmoGAefcfb122300e22ffe8242cabd3afa3c5%3Ft%3D1779153279346","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:39.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET /secureproxy?s=%2Fipfs%2FIY1NxDco8vvg6mLBmjmoGAefcfb122300e22ffe8242cabd3afa3c5%3Ft%3D1779153279346 HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://downaldtwump.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 01:14:40 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: max-age=2592000\r\netag: W/\"93147-EVO2uwNWSioZeY43TbNZoCfqP1E\"\r\nexpires: 0\r\npragma: no-cache\r\ncontent-disposition: attachment; filename=7FUlWIDHzuIMDVhGj6YJNg.js\r\ncdn-proxyver: 1.53\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 05/19/2026 01:14:40\r\ncdn-edgestorageid: 1056\r\ncdn-requestid: 32ce031dea91843c7ce27431724fdfcb\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2Ndp%2FfiQzIR%2FnUvTxNq5hcT7n0pGxSUI%2BqaMORfh7juREXhXeGrL3cEZCxdT6s7vLSV21vf6zK5Vs%2BktL3xkP8NvrzvKxsfDpOC0Fx1g22vhW71EN65ifOTH%2FbmnK988Jifr\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fdf3efc1fba568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":602439,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"94daf6f5a4046427ae83fc730f9daa48","sha1":"1153b6bb03564a2a19798e374db359a027ea3f51","sha256":"57d87ed2e522b1cc0d2e90c7b94e2dd9b2eb66bc21c51b3205350e4390110c27","sha512":"5e19f81a1d793de39538136cff1fccd792bd5375db61b93afbbc3d1ff0340878334e827c53a24999a6811fc308c8aa99d567f76e5660079792856ab9c20983d5","ssdeep":"6144:rh5gD0imdV6bIK1GzE2nT36RzaILAzrryoMo2w64HollUz7rBdBQo7oSYbwI4LQO:zs0immbNgTqmIMz6oD","tlshash":"79d4c6ea834e9777e08a22f71673447fefaa2d18856feae057c0ddd953c8b0214e4158","first_seen":"2026-05-19T01:15:03.79405Z","last_seen":"2026-05-19T01:15:03.79405Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1480,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1370,"receive":110,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/robotomono/v31/L0x5DF4xlVMF-BfR8bXMIjhLq38.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:42.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/robotomono/v31/L0x5DF4xlVMF-BfR8bXMIjhLq38.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://downaldtwump.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 32796\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 15 May 2026 18:21:59 GMT\r\nexpires: Sat, 15 May 2027 18:21:59 GMT\r\ncache-control: public, max-age=31536000\r\nage: 283963\r\nlast-modified: Wed, 10 Sep 2025 16:42:52 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32796, version 1.0","md5":"877722deef76ad28ea1ae5cf5e265a94","sha1":"ede7afbe887a70f22993d3a7da10b09fd58ff33b","sha256":"b81cd55177300649be8f95b3b747d721ce607e8ed2856e25bd0c630cfd631faf","sha512":"57d45f99a461633961fa7b10b5779001aff30c52d1bd1140bd0ecfe3b1b69da4e5c0120bb6d6d5fb0f06c344d0805c30e2aa08fcb2542a028611a2a264366d00","ssdeep":"768:+kWXmeGFcvj07i6aR4m0oaUEWNvZcjhsHlX2G/dS+92Z5NuI/L:+L2Lzi6aum0NUEW9ijhqXl/dSlZ5jL","tlshash":"72e20258d8954f3cebc4b572c0879bfccad58023f89d5564a47f4ab0e089e1f1934967","first_seen":"2025-05-21T16:47:22.796758Z","last_seen":"2026-05-20T06:35:11.916997Z","times_seen":5582,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":202,"dns":1,"connect":28,"send":0,"wait":20,"receive":2,"ssl":170},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/favicon.ico","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:43.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://downaldtwump.lol/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 01:14:44 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 19 Mar 2026 02:19:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Krl6H5GTSs5WfvglMHT22M6P%2BEw8T5iIw53OlEcsS9XsP8FaFSh0F6SmLh6I4Bci9Ad%2F%2B0HxLs5B4fLtmrHf2SzjtMv1Txe1VsozJcgcBVFcQZ%2BnlBdNLmaBKLzbtMIDV4pc\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9fdf3f1368c6568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20500,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5764)","md5":"32dcf982016d50638d667008de364281","sha1":"5994bf8032299927dfd39886b0248a4d38486214","sha256":"44aa81ee02630380fa8d1b918d7480ff47fd45e224454365a4bd425d5e9e946d","sha512":"bfb9a2b6bf6add34a9a0569d0ce0d3919c7d48cf236f510e5ee37db0c9644a5f00415d3324da125371f4195df0c24ce526d7a59dfc0ace0ee956c0650825b245","ssdeep":"384:ntl68EKqdqRCXSDIIdU9EKb8EKqdqRCXSg:tliGRCAIIdU9EKZGRCr","tlshash":"8092e8e660f462a6d60387f0c5276c323e1f18bf9b974114f7ac49901f5a98acdabc64","first_seen":"2026-05-19T01:15:03.798801Z","last_seen":"2026-05-19T01:16:57.400485Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1227,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1226,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/nodemailer.compat.js","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:39.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET /nodemailer.compat.js HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://downaldtwump.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 01:14:39 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 19 Mar 2026 02:19:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tHVhytzal%2FjZmIlOTUs1L2jUE2fKAVeVavvt8kJddH1INoA3qRIYL8P2SEMAVbUnWLrDld1fEWaDPyXizYiUMbyyQ%2FdV2dhu2bXB3xZUSv2IIoy6tR0KnZmbQgYRSGy2vCTw\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9fdf3efc1fb5568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T07:12:38.30117Z","times_seen":15474118,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/js/app.js","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:39.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET /js/app.js HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://downaldtwump.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 01:14:39 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 19 Mar 2026 02:19:09 GMT\r\netag: W/\"69bb5d1d-15e5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nTLLRBiHeK7RadqCONJbkgeqRW1YC%2Ft45vrWa7xCit8fw7DYJ4kyOZEGtUoD2RZS3W%2FNDOOX29FwKwSNHXJ1unnymJgZnNIJAMM34AxbGTRmA3iIByWRT8vGpa%2BF9kXxx7Tq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fdf3efc1fb9568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5605,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"1c0b9e258352f9871f5a072a61141924","sha1":"e060d20406e1f44701d3ba1c402b44d7f4d51b29","sha256":"6abc154e116fc7b5ab7988c1c9827e42a1d2464c4b457c444096d30515a75200","sha512":"bd8191967201eeef060f146d737aed11e9a3589b945062a8a1041d2dc39fafd02d6a8397a881a1fc650d60f4145bf3bf7d702bcb3f0988243471ae0771a589cb","ssdeep":"96:y3tuLIzgMa/E+9WKub7NFRSbxYS7h7Uh9ZTYp8lqKEqvtjiHfqbv1IxjzlIrV2yM:wtwIzuE+9PWNF0bxYS7h7Uh9ZTYGlqKo","tlshash":"38c142255a6a193709b14ee4cbe35015eb24a30b714296ad7accd28d1ffe540d4f79cc","first_seen":"2026-05-19T01:15:03.803768Z","last_seen":"2026-05-19T01:16:57.405178Z","times_seen":2,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/secureproxy?s=%2Fjmpd%2F","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:41.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"POST /secureproxy?s=%2Fjmpd%2F HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://downaldtwump.lol/\r\ncontent-type: application/json\r\nContent-Length: 1422\r\nOrigin: https://downaldtwump.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1422,"data":"{\"route\":\"n9POyFeFG1tUtiSU-z9JOx3n\",\"payload\":\"0hqM-6_N52QB1gIbAyAAFwCwAsYCJQD7AhYAAgEAMgMAAO8nhn2XtsKCAVQKe0LX45NtC2PdKWcCAACPhiQDQn8VxgBk9MWoLVuxLF9AJKSrlW2Rv8mtrZELwie04gMaJe4BI0kwACMjNjYK9iVLW0Xq62srn1A2duHQKRgIXeEtsADPk3jg2bXrmoQP94LENS5AsB5_BG_-UFvaDlUF_B-RKP6jziS4J3ptaXgMl_6ajRSb4uftC24PVL5wN6vq1uRKM1FU0p2NAewBogm5MHcuMusr5v2fdEX2A3b8sYiGkdj_gYISWsW5bb6irBiOot7xDiD9dZ4I3Zvu94hYPT3dha3sw4JyXSK9JrcOSbVxaInM2DKqmmkbZe7_h4w2J27rHa7SQi3DyeiRUdCFkvehN_fR4pYPw_VjW2lsoySsCCEvvbghSRVjzyvmSRTU5VLtxvFTR0s8jEJwj8UvhMmlO-L34djBsTNrNrM4-yA-ucVj4rwQ9lt9f8wSgY1L4DSKdYvZv32gJvRGtnE7AV4BWOFPbxxGcystXDZwg35EbW-a0xfKE7jtiFbrch6gCfnYI1BVwhV5UcOo_Ljdo_aEZG0MGpJc6inCis-xygaGI-kCMREUpNMnyMXbbhJhD3nNlMQxvXJIrltdykcJxC2gU06rq2N9ErRzBLK-uh376GTAdywDdnaTWtWfFOxbWtM1GEbvdHq21TqvRQ-fZ58NexiIvs7HsSzC4XIB-m2Gbt9uImfm1RiD0vF8JJtRyhFwJqWJ5EsTtGTyZC9h-teoIa4iVDFDp-3bGHH5-0kqw05P1bWbbPLNWZ_LU7DKrU8qZCKh-jGTw63EHAXXmpaxhNNWoDsPyWbQpLqsL0a1-pRudDs58ze8EXpi3P3lofmtnFHvxR-tV5TKbPD2O45TQQ_5fS9RzVhizAp8l7riJWXdr8YnWwOBgU9S9Fi8Erum5cT1OwmsNqWy3PIcT3Ke2nsPov3mE2LyOYOQ3iRoCjvW8WkquQ6-dqZ9Bw2FK8sldcSdorQNm-D797Nge4qly2XOm1WDMk-1Ba3ItQ1ClWWXNzzTL-oG2vEPBFqhgQMQGEiq0b73nXSFFLB_quidNItRqGINBB97Quf09FbvSgVy22yENQe-EAqLCiCr6NZLMO01TMzzsuy7OJfHjk_p0ptv6eba6C0t349RYLbFAVyFEA\",\"challenge\":\"eyJpZCI6IkxVZ0p5a2FFYWxGQkYxRC1KUVAteWciLCJub25jZSI6MTAxLCJoYXNoIjoiMDAwN2U2OWZmNTg2ZTNlNmZiYjEyM2JhOTIxZDI4NGJmZmU2NDViYTFmZTFkZjYyOTI3MGI3OTQ0YjNjN2MyOSJ9\"}"}},"response":{"raw":"HTTP/3 204 No Content\r\ndate: Tue, 19 May 2026 01:14:42 GMT\r\nserver: cloudflare\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: no-cache\r\netag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nx-ratelimit-limit: 20\r\nx-ratelimit-remaining: 19\r\nx-ratelimit-reset: 1779153342246\r\ncdn-proxyver: 1.53\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 204\r\ncdn-cachedat: 05/19/2026 01:14:42\r\ncdn-edgestorageid: 879\r\ncdn-requestid: 49b8717cd44ac413c0c0d5945fac6924\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=el7ANzyZ3npEqKrbJ6TocFdTTW3FvrrFF3oYCbd8BG5D5pwQLjBIQ1fYxsBDoSGfV2HOJqm8ndYiHS7DQY0lYlya%2BWB3%2FR1e%2Br9k6dtCP6xbnhSkVX6l5%2FUp%2BGr3heTo%2BETP\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9fdf3f0bfdd9568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-20T07:12:38.30117Z","times_seen":15474118,"resource_available":true,"data":null}},"time_used":918,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":918,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/images/logomark-banner.svg","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:42.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET /images/logomark-banner.svg HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://downaldtwump.lol/css/styles.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 01:14:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 19 Mar 2026 02:19:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N4K0qCscXzth1PipdnOizbOJRF%2FEkOydco%2F2%2FSSyNguM2TWrE7ukr7hZqKqgXrOdmjVTG2aBb2p0tynyF4PkmovIVH1S5AoFdKsp6Ev4N7fzGEDIEdl8P95sTrplurpAMiDQ\"}]}\r\netag: W/\"69bb5d1d-274\"\r\ncontent-encoding: br\r\ncf-ray: 9fdf3f108fb4568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":628,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e7c6c5e124e5bcfcf41da81b03d36b26","sha1":"4f3f02cec1dd11be106aec585ffb389f44b4c0a6","sha256":"330e0e5a995d1fb5154efa1f7ff014637597aac507ba10738126d35de762f603","sha512":"a12223813c3beb2407c9af64fb720b854dc7cbd100db1ebf6e0a6232f304f54097d7ce8fd200d1260083c8d0a07f3cae18e6798c2bc7b99fcd1b54ec79679e44","ssdeep":"","tlshash":"89f044f23564e064b74ec925bf6e08ae353578ff78d502cd8422e01073a47d2e886a3d","first_seen":"2026-03-02T13:34:54.043025Z","last_seen":"2026-05-19T01:16:57.409578Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:42.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://downaldtwump.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 May 2026 01:45:00 GMT\r\nexpires: Fri, 14 May 2027 01:45:00 GMT\r\ncache-control: public, max-age=31536000\r\nage: 430182\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-20T07:10:41.931054Z","times_seen":188853,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":117,"dns":1,"connect":16,"send":0,"wait":23,"receive":11,"ssl":97},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026family=Roboto+Mono:ital,wght@0,100..700;1,100..700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:39.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"25:C3:78:A0:E1:97:BA:8A:CE:43:FA:9C:BF:89:EF:DD:A3:CD:9C:40","sha256":"C1:18:7F:C1:92:8E:D0:83:CA:E8:62:DB:BE:FE:89:B2:84:13:70:FA:0E:40:65:D2:B6:8C:09:37:73:46:4D:4B"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026family=Roboto+Mono:ital,wght@0,100..700;1,100..700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://downaldtwump.lol/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 19 May 2026 01:14:39 GMT\r\ndate: Tue, 19 May 2026 01:14:39 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14611,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"06c826681b8944f98824b4c99776916b","sha1":"22deb6b4433cd7868499d5716f80a95d34d0faaf","sha256":"d3f77b397eb0d964f5a4eb958c2af5ab876b3bfea213f611bd161fd094c055ce","sha512":"41e4de0d7e00c0b23e395f5dc40a08d7fc9e0f133e80f5380435af602fad63370e2bb2808ad5a430e1ccaec2e95e4f4f799518fad28c0923684b1e62f9b6c67d","ssdeep":"384:vXuM0p2+OS3f1S3uS3wOS3wS3IS3dV2rV6VkaV7VcVv:03E353M3X3/3dV2V6V/V7VcVv","tlshash":"94629b92002ba400ab871dc223cf7f3afe8e50596085d1796ffd1cd9acead62536475d","first_seen":"2026-05-19T01:15:03.809505Z","last_seen":"2026-05-19T01:16:57.403552Z","times_seen":2,"resource_available":false,"data":null}},"time_used":382,"timings":{"blocked":177,"dns":0,"connect":7,"send":0,"wait":20,"receive":0,"ssl":175},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/config.json?ts=1779153282648","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:42.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET /config.json?ts=1779153282648 HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://downaldtwump.lol/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 01:14:42 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 19 Mar 2026 02:19:09 GMT\r\netag: W/\"69bb5d1d-e7\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yonbKFgmflBhr4mBJZHsGF3RYqHAeVCtLp%2Fh%2FuVL8p1nzy4Yqe79EDP9HMYdXOwel%2BH4VSK63QZUlIYK5vblT1H9cp4QhQjrXCy8IsJ%2Bu42xrYyIsCdxxzawMv9hPR6633W2\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fdf3f109fb9568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":231,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5ff35bd982b9c8e0b445d80676c0ce88","sha1":"d06bd8179efda4313140579b4e18a81112dc060f","sha256":"f08cc7fd901d7234849d9324c3007b83fe466037f7ba8de682c2a28fd006be44","sha512":"27b39ba0542e8f3f3614b83d4d15da32a4aa2272ff3d5a8ed793654c22b3a4dfbfac14d0c53fd3d9cc7fe9facfe335d0dc32e8ec1dd3196a9fb781f6ffa31549","ssdeep":"","tlshash":"9bd0a7119e441fa79af0a698c04265a0f066230f13a1251a70bc914d4ffc13190b3901","first_seen":"2026-05-19T01:15:03.815024Z","last_seen":"2026-05-19T01:16:57.40203Z","times_seen":2,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:42.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://downaldtwump.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 May 2026 01:45:00 GMT\r\nexpires: Fri, 14 May 2027 01:45:00 GMT\r\ncache-control: public, max-age=31536000\r\nage: 430182\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-20T07:10:41.931054Z","times_seen":188853,"resource_available":false,"data":null}},"time_used":432,"timings":{"blocked":205,"dns":1,"connect":18,"send":0,"wait":15,"receive":5,"ssl":184},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:42.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://downaldtwump.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 May 2026 01:45:00 GMT\r\nexpires: Fri, 14 May 2027 01:45:00 GMT\r\ncache-control: public, max-age=31536000\r\nage: 430182\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-20T07:10:41.931054Z","times_seen":188853,"resource_available":false,"data":null}},"time_used":370,"timings":{"blocked":174,"dns":1,"connect":30,"send":0,"wait":15,"receive":5,"ssl":142},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-19T01:14:38.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 May 2026 01:14:39 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 19 Mar 2026 02:19:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AKhg4zZp6fcT1OlJO87wu0soBp7L7fjIKFlGa9hGisvjSzbgZqvmvTNGej2cdgGu0zpGblawHhX6tHv2cWLZWSOd%2FUUijfc%2BW%2F6drdBKr0Bf6Sbw7T2NoXjQEyqzmVGF6z6k\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9fdf3ef9ac90b4f7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20500,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5764)","md5":"32dcf982016d50638d667008de364281","sha1":"5994bf8032299927dfd39886b0248a4d38486214","sha256":"44aa81ee02630380fa8d1b918d7480ff47fd45e224454365a4bd425d5e9e946d","sha512":"bfb9a2b6bf6add34a9a0569d0ce0d3919c7d48cf236f510e5ee37db0c9644a5f00415d3324da125371f4195df0c24ce526d7a59dfc0ace0ee956c0650825b245","ssdeep":"384:ntl68EKqdqRCXSDIIdU9EKb8EKqdqRCXSg:tliGRCAIIdU9EKZGRCr","tlshash":"8092e8e660f462a6d60387f0c5276c323e1f18bf9b974114f7ac49901f5a98acdabc64","first_seen":"2026-05-19T01:15:03.798801Z","last_seen":"2026-05-19T01:16:57.400485Z","times_seen":2,"resource_available":true,"data":null}},"time_used":390,"timings":{"blocked":85,"dns":70,"connect":1,"send":0,"wait":219,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/assets/icon.jpg","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:39.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET /assets/icon.jpg HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://downaldtwump.lol/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 01:14:40 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 19 Mar 2026 02:19:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hzmAlceSJhfURHoGAJqL1X9vi5AMippY7TIblMwbHp1hzLXSd8JUuKho1Jbc9ymgMzBI8pOtybLZGrw3igrO7fChWDsaB8xhLAgOWfL8h0pKeNynt9h%2B2QUnxwuDyisz6wze\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9fdf3efc1fb2568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20500,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5764)","md5":"32dcf982016d50638d667008de364281","sha1":"5994bf8032299927dfd39886b0248a4d38486214","sha256":"44aa81ee02630380fa8d1b918d7480ff47fd45e224454365a4bd425d5e9e946d","sha512":"bfb9a2b6bf6add34a9a0569d0ce0d3919c7d48cf236f510e5ee37db0c9644a5f00415d3324da125371f4195df0c24ce526d7a59dfc0ace0ee956c0650825b245","ssdeep":"384:ntl68EKqdqRCXSDIIdU9EKb8EKqdqRCXSg:tliGRCAIIdU9EKZGRCr","tlshash":"8092e8e660f462a6d60387f0c5276c323e1f18bf9b974114f7ac49901f5a98acdabc64","first_seen":"2026-05-19T01:15:03.798801Z","last_seen":"2026-05-19T01:16:57.400485Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"downaldtwump.lol/css/styles.css","fqdn":"downaldtwump.lol","domain":"downaldtwump.lol","tld":"lol"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://downaldtwump.lol/","date":"2026-05-19T01:14:39.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"downaldtwump.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 17 May 2026 03:15:05 GMT","end":"Sat, 15 Aug 2026 03:15:04 GMT"},"fingerprint":{"sha1":"A7:C5:56:99:00:D2:86:4A:FD:AE:16:CD:80:31:8E:B3:05:5F:B4:0F","sha256":"5F:C9:9F:B3:A9:9B:18:53:E8:2E:59:83:E7:50:6C:CE:82:DE:BD:C9:6C:AB:60:AC:86:1F:38:E9:CC:3C:7F:92"}}},"request":{"raw":"GET /css/styles.css HTTP/1.1\r\nHost: downaldtwump.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://downaldtwump.lol/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 01:14:42 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 19 Mar 2026 02:19:09 GMT\r\netag: W/\"69bb5d1d-2759\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R3DBKR9SilVfPEbFbCHeITmIJXS9WPthjgWocfGyJl76lr5igWK%2BPuLa2mFmOtyNs%2BqPUywd5BLyyQEBv9FcS8BlrWChfJtQ7KvE%2FzqGcrhTvgX9Pb4W1hAZNWLT3NObIaaJ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fdf3efc1fb4568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10073,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"ba2ca5324c5af55aab948036e98f511e","sha1":"307923317595b9753fdc33c865aa459ac69d7956","sha256":"dd1d60b77f28d15f4e153708ae82c1ef2c42a536e80ae05842adddb94745e08c","sha512":"d1549ff274c63a25c9936bf8f2642dba9c42e4a36f04cc3a2b61cef7fbea216a224585ac57886666982d831ebc09ce8f023e17770a83830970aa2a6a1632e77e","ssdeep":"192:W0T3Lw5QFPvv7xLO9Q9Pedstd7zSdWuaxfMfW39G92bGsspJlJ+:EEFwY","tlshash":"07223458d716215aa637dbb8abf3020ef7a890138a02027c7fd921854ff517d9261fdc","first_seen":"2026-05-19T01:15:03.821105Z","last_seen":"2026-05-19T01:16:57.40439Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3233,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3232,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"downaldtwump.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}