{"report_id":"10791480-01b6-4ce9-9ef0-ff45ebacf18b","version":6,"status":"done","tags":[],"date":"2026-04-25T12:38:24Z","url":{"schema":"http","addr":"smilefest.icu","fqdn":"smilefest.icu","domain":"smilefest.icu","tld":"icu"},"ip":{"addr":"104.21.83.230","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"smilefest.icu/","fqdn":"smilefest.icu","domain":"smilefest.icu","tld":"icu"},"title":"Ethereum Token Airdrop","dom":{"size":44377,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (15948)","md5":"39223e942660328b2487d702aadde0da","sha1":"5ab10537ed30309bdcaa4f4a94ee07fff49aded3","sha256":"f23e079f48d7fd19fef614a93be91cfd80bdce8818eb15f0e6c95992a2c81f1e","sha512":"12d05e24c05fce0941931a482cee8d60f00dff506794ab0b5be6b4a527866e8f2762d5c2742537ca6ce78deefd16c204a064e7c692b836e94d3b986762e30bcb","ssdeep":"768:wgt/n7846zQH2L0r82It4uSRhKut5NFgl+FU+xHyvfSDIJPJWf3b8fzwZPROHXLg:wgt/I46zqyrY6V8","tlshash":"20136265f562083b3a23e2fd17dade5d7250b003940aea5936fc50c4dfc6af389a295c","dom_hash":"domhashde0bda4fa890a375e84b48ef4fe5be46","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"smilefest.icu","fqdn":"smilefest.icu","domain":"smilefest.icu","tld":"icu"},"ip":{"addr":"104.21.83.230","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-30T12:38:24Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":7}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-25T12:38:01Z","timestamp":1777120681,"ip_dst":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52890,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2026-04-25T12:38:01.849441+0000\",\"flow_id\":1694694063584633,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":52890,\"dest_ip\":\"188.114.96.1\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"smilefest.icu\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"8dfdcea729c724b66a8eaf89700621de\",\"string\":\"771,49195,0-23-65281-11-16-5\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":915,\"bytes_toclient\":3406,\"start\":\"2026-04-25T12:38:01.832889+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"smilefest.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"smilefest.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"smilefest.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"dallying-reveler.fontmaxplugin.cc","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-02","domain_rank":0,"first_seen":"2026-02-24T21:05:37.722165Z","last_seen":"2026-04-19T09:02:17.671312Z","alert_count":16,"request_count":4,"received_data":961229,"sent_data":1917,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"smilefest.icu","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-24","domain_rank":0,"first_seen":"2026-04-25T12:38:26.01359Z","last_seen":"2026-04-25T12:38:26.01359Z","alert_count":6,"request_count":2,"received_data":29799,"sent_data":915,"comment":"","tags":null,"fingerprints":[{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-19T22:20:23.925162Z","alert_count":0,"request_count":2,"received_data":15512,"sent_data":966,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"lite-api.jup.ag","ip":{"addr":"52.84.50.118","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2021-09-15","domain_rank":1536175,"first_seen":"2025-06-01T22:48:15.859785Z","last_seen":"2026-04-24T13:52:07.593613Z","alert_count":0,"request_count":1,"received_data":3127,"sent_data":495,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-19T22:16:46.237507Z","alert_count":0,"request_count":2,"received_data":30146,"sent_data":1084,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"smilefest.icu/","fqdn":"smilefest.icu","domain":"smilefest.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d4b214e79e21de6487b6b5965e2c386b","sha1":"cc24c80af1a1a87c4f68d5e635b5a1cfcda082be","sha256":"71178d150a24694180f6e729448ccd6ff46211a14b15bfaafb45a045147864fa","sha512":"e2eb62c9ec2833ae401fae81e3b5100d48916ea6d15cca0b172158344ac3c8583a7290abb6c3d6a09958ca5774c66b71a9acd97660a73cbd960ece0d53abc061","ssdeep":"192:fansMwJj9i1T6vAaTy2c81Qvae5ZBA3nFvcEnR9XLJZr5Axd9c+JWFJ3M:CnsRJjaTDjd8Wae5ZS3nlXtJZr5A5c+9","tlshash":"5bf153b1327728363262d1be4bab620d6b6db40635c9c49035ac75d41fdef11a4b78f8","size":7738,"data":"","first_seen":"2026-03-15T15:01:11.247113Z","last_seen":"2026-04-25T12:38:29.264066Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dallying-reveler.fontmaxplugin.cc/_nuxt/assets/index.js","fqdn":"dallying-reveler.fontmaxplugin.cc","domain":"fontmaxplugin.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5775ff83a5b095f87fbf3e41df33cf10","sha1":"9463da9dc1d6c17982311d90d8108d72e99f527a","sha256":"c9104c3599e00e7f81236202478860708c9dc62f295ccd72b5f808b83b7e2f4e","sha512":"e50f343b0a9c0fb4b880d4512a55737140cca9dfa0270a97fd25530986f2dcf7a601be28d9a9f264e63108e03e47f2b8ebfbc3522a4685a5b3eecbf093c5b10a","ssdeep":"12288:QcLIGw/2r3/E3Cgg1XK0S4U9BLHY9mu0eQfogKjO2bXCHeIZB:QCwH0S4MY9f03fZwXiB","tlshash":"9a15d6772148c0b169ed29c43ca0dcab1aa8b6114f285c6864b7bd8454dfbafb345fdc","size":956617,"data":"","first_seen":"2026-04-21T16:51:31.72404Z","last_seen":"2026-04-29T21:19:28.638849Z","times_seen":104,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"smilefest.icu/","fqdn":"smilefest.icu","domain":"smilefest.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9dd4e8f591cc2a3ae2a67d2aeab3aaca","sha1":"4f4a6c8da60a937dc02f7605a4a77d40ee380231","sha256":"6911450be4e2cb249b64c73923277be340ef25ef4ee8ea45c5dd254f4eb0fdf9","sha512":"563aa5d787fc255f75c53b04a5d65267c69aa6260d9671be52239f3e8dd7f2a17cab46d45644aacdeb1522b094d62f1fe70a0836a52b6eeecaaa5e3bd1f4a378","ssdeep":"12288:I6/cHzynjvQX204lHa0I64r0VvEQIfwZnESzzoW:I5x0I6s0VvEjf0zoW","tlshash":"f815c5752248c07289ed01d83c90d1cb2b28ba518fdc9ca868b775845adfb9f6355fec","size":925111,"data":"","first_seen":"2026-04-21T16:51:31.730791Z","last_seen":"2026-04-29T21:19:28.639539Z","times_seen":102,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"dallying-reveler.fontmaxplugin.cc/api/config","fqdn":"dallying-reveler.fontmaxplugin.cc","domain":"fontmaxplugin.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://smilefest.icu/","date":"2026-04-25T12:38:02.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontmaxplugin.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 28 Feb 2026 12:28:07 GMT","end":"Fri, 29 May 2026 13:25:31 GMT"},"fingerprint":{"sha1":"FF:C9:44:AB:1D:80:02:3E:4A:9D:9D:16:1E:F9:2D:B9:CE:66:09:5E","sha256":"D9:44:FF:7F:09:14:1A:62:5B:82:92:B7:7A:13:81:95:94:8D:9B:8A:52:C0:EC:FB:45:F7:AD:03:48:F0:A7:67"}}},"request":{"raw":"GET /api/config HTTP/1.1\r\nHost: dallying-reveler.fontmaxplugin.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://smilefest.icu/\r\ncontent-language: en-US,q=0.8;en\r\nOrigin: https://smilefest.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Apr 2026 12:38:03 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p9VM2Znes0iVe4xpjHwjpVaKl0MHaMwR9YMa4Og0QlwxNICDLHzlLNz%2BgwJoo18pHYLXGvuRp4%2BJkWU53%2BUxB0%2BOIQ5ud7HXpOPWjS7EjjtkrmxfM3u4wY1DNDxI4FPzEzxbJXq%2Bcl4VjI4J2HQk4Y1E6%2Bk%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9f1d670c3ee9a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":179,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"data","md5":"80c654109e3881e5579bce6647be6c41","sha1":"5563000cfd6eda53a6b9549b1b142ee195652099","sha256":"61ca79d94d9f49088f0730e7cb39da990b83c0e4efa5aa2efbfd866c23eb3c5a","sha512":"0deacc09dbfd92aa2ef81daea3a844527537cf783a2bec35980106bea5cf287afac7cea3fe82881cb7c6fadc81a641345f28ad08110b325734d771b7e2b25bc4","ssdeep":"","tlshash":"f7d02bba12435776a271bd426254b2818f9eb54cc01370bb180a15491a9a43ea4f8276","first_seen":"2026-04-25T12:38:29.229795Z","last_seen":"2026-04-25T12:38:29.229795Z","times_seen":1,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"smilefest.icu/","fqdn":"smilefest.icu","domain":"smilefest.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-25T12:38:01.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"smilefest.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 15 Mar 2026 13:32:34 GMT","end":"Sat, 13 Jun 2026 14:31:07 GMT"},"fingerprint":{"sha1":"3A:07:C1:CC:11:53:B9:8F:6F:97:DC:3D:66:41:9B:AB:AC:3F:7A:5D","sha256":"18:7F:E8:D8:28:AA:EC:53:64:78:AF:51:75:52:32:74:B8:A6:CD:EC:6B:DF:87:A0:66:B4:86:D7:B2:98:4D:2C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: smilefest.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Apr 2026 12:38:01 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BmVLNsD5cbqWO3VBsFnfe67%2FQ9whG3gA%2FMuQLPUAFLueF7Ug8oajQz1g9T3Dowo6YAAuZQSruTJzjqQJJBuxUlMsN97Sa75jN3%2Bl%2BYaICjbVFa35CwwLyjn5gaSJCzy3\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9f1d6705a94db4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":28438,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"d94d17f8a58ae7388d84b51121ceee1a","sha1":"7afa787b3b553a95ee87380abed21127588423c7","sha256":"ab2b3efb6e805028d427b159dca5b0becb95770337ed2be86858f40e0bb685d2","sha512":"4d98e0029ce21545ee4c81ca13aa66098582b9eb99e32404e035cc87c930f00ded0064ea2fd74a0e299615e031046ea73c57a0e86f2f08e0ad86882590b1b081","ssdeep":"384:qgyG/n784RewQmnsRJjaTDjd8Wae5ZS3nlXtJZr5A5c+MF/:qgt/n784fnsiuLVs2/","tlshash":"4bd2c875727310767533d6a93bfb570a3255f403e40ac5253afc22884fcaae5d893a9c","first_seen":"2026-04-25T12:38:29.23288Z","last_seen":"2026-04-25T12:38:29.23288Z","times_seen":1,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":87,"dns":55,"connect":1,"send":0,"wait":129,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"smilefest.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"smilefest.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"smilefest.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Share+Tech+Mono\u0026family=Rajdhani:wght@400;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://smilefest.icu/","date":"2026-04-25T12:38:02.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css2?family=Share+Tech+Mono\u0026family=Rajdhani:wght@400;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://smilefest.icu/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 25 Apr 2026 12:38:02 GMT\r\ndate: Sat, 25 Apr 2026 12:38:02 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4052,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"9dad1dc43dd6b73280752a1396b74a9d","sha1":"be98e292ba4b65e50edb1a1dc0103c9b0b127a16","sha256":"f2849e27d8e537bbd1dad56f971d67d4d9028864bd8e87e754875c06bdbf3169","sha512":"9015cb50681c4038d14f323c35e2ac9019e2084df204f1d5773af25b98c9a97ee3026d0dfd17ee6379e4d67873aeac238125dda6aaac091d78cb21238df51ef4","ssdeep":"","tlshash":"9a810291082ba940eb932cc113ce7e36ef0e63515814e9356ffe1cdcac9ac665351b4e","first_seen":"2026-02-12T00:34:56.37781Z","last_seen":"2026-04-25T12:38:29.236162Z","times_seen":28,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":66,"dns":1,"connect":7,"send":0,"wait":19,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dallying-reveler.fontmaxplugin.cc/_nuxt/assets/index.js","fqdn":"dallying-reveler.fontmaxplugin.cc","domain":"fontmaxplugin.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://smilefest.icu/","date":"2026-04-25T12:38:02.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontmaxplugin.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 28 Feb 2026 12:28:07 GMT","end":"Fri, 29 May 2026 13:25:31 GMT"},"fingerprint":{"sha1":"FF:C9:44:AB:1D:80:02:3E:4A:9D:9D:16:1E:F9:2D:B9:CE:66:09:5E","sha256":"D9:44:FF:7F:09:14:1A:62:5B:82:92:B7:7A:13:81:95:94:8D:9B:8A:52:C0:EC:FB:45:F7:AD:03:48:F0:A7:67"}}},"request":{"raw":"GET /_nuxt/assets/index.js HTTP/1.1\r\nHost: dallying-reveler.fontmaxplugin.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://smilefest.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://smilefest.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Apr 2026 12:38:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 21 Apr 2026 16:35:14 GMT\r\netag: W/\"69e7a742-e9e37\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300, must-revalidate\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ofPij3DLkXe47YQ%2BsNgq8LTSHRvc8c4%2FL56ZACHzt9eozM8%2Fc9BKEIN9g8VgsRyUfZOJ%2BR2rdgFiep6yKnyM%2Bz7JiVAY7%2Bj9VF09Ggxj%2BlL8XpSevO5gRKFQBW7vAkWW%2FZK52COifjyHIzbSWbwN52lLemM%3D\"}]}\r\ncf-ray: 9f1d6707790ba0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":958007,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (63400), with no line terminators","md5":"5775ff83a5b095f87fbf3e41df33cf10","sha1":"9463da9dc1d6c17982311d90d8108d72e99f527a","sha256":"c9104c3599e00e7f81236202478860708c9dc62f295ccd72b5f808b83b7e2f4e","sha512":"e50f343b0a9c0fb4b880d4512a55737140cca9dfa0270a97fd25530986f2dcf7a601be28d9a9f264e63108e03e47f2b8ebfbc3522a4685a5b3eecbf093c5b10a","ssdeep":"12288:QcLIGw/2r3/E3Cgg1XK0S4U9BLHY9mu0eQfogKjO2bXCHeIZB:QCwH0S4MY9f03fZwXiB","tlshash":"9a15d6772148c0b169ed29c43ca0dcab1aa8b6114f285c6864b7bd8454dfbafb345fdc","first_seen":"2026-04-21T16:51:31.72404Z","last_seen":"2026-04-29T21:19:28.638849Z","times_seen":104,"resource_available":true,"data":null}},"time_used":235,"timings":{"blocked":13,"dns":1,"connect":1,"send":0,"wait":204,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lite-api.jup.ag/tokens/v2/search?query=So11111111111111111111111111111111111111112","fqdn":"lite-api.jup.ag","domain":"jup.ag","tld":"ag"},"ip":{"addr":"52.84.50.118","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://smilefest.icu/","date":"2026-04-25T12:38:02.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lite-api.jup.ag","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Mon, 02 Mar 2026 00:00:00 GMT","end":"Tue, 15 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"0A:3A:FA:40:6C:C0:7E:88:0A:F3:A9:72:66:BF:C9:D6:99:1B:F6:A7","sha256":"2C:4B:20:7C:DA:39:7F:EC:E5:2A:8C:99:7C:69:6A:58:C0:62:51:B7:C7:1A:38:71:DA:BF:B8:3C:D1:B8:AB:DA"}}},"request":{"raw":"GET /tokens/v2/search?query=So11111111111111111111111111111111111111112 HTTP/1.1\r\nHost: lite-api.jup.ag\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://smilefest.icu/\r\nOrigin: https://smilefest.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json\r\ndate: Sat, 25 Apr 2026 12:38:02 GMT\r\nserver: cloudflare\r\ncf-ray: 9f1d67085ba056a5-OSL\r\naccess-control-allow-origin: https://smilefest.icu\r\ncache-control: public, max-age=10\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\ncontent-encoding: br\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 1052525f0d15ecb6749de58fe7a481c8.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 1B5WGJ9feM1AekZKQ0uyZR-tgiJ7dVYPeM_1Pb8RN4pF8Ji0Yw-xwQ==\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":2450,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"94a340c4dae7f0028c1e0cbed26b4bf1","sha1":"f873fed4f5a4e56df341a25c07d4530cd6f18565","sha256":"c8e8ad4ff55e37cdf57bcd4134da7f781a3561ddbe4e4891354c76c83ed65949","sha512":"adcaecd6f27def63a6ccdf57bec3d76145e36e4e06e00feec8cfc2b7e15851d1d453532fbb040cc9be0cb083d0a7f04de08895c762437b4740836117ce2cd266","ssdeep":"","tlshash":"105150e5c2a910d0cbae2fb688cc3f9c547618c2852008866d7d9dec44d656bbe0af1f","first_seen":"2026-04-25T12:38:29.241576Z","last_seen":"2026-04-25T12:38:29.241576Z","times_seen":1,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":13,"dns":1,"connect":1,"send":0,"wait":97,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sharetechmono/v16/J7aHnp1uDWRBEqV98dVQztYldFcLowEF.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://smilefest.icu/","date":"2026-04-25T12:38:02.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/sharetechmono/v16/J7aHnp1uDWRBEqV98dVQztYldFcLowEF.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://smilefest.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 13500\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 19 Apr 2026 10:57:16 GMT\r\nexpires: Mon, 19 Apr 2027 10:57:16 GMT\r\ncache-control: public, max-age=31536000\r\nage: 524446\r\nlast-modified: Mon, 15 Sep 2025 16:38:52 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 13500, version 1.0","md5":"65d3eea7a186c2ff5f3ed8bf89642ea6","sha1":"ea30f8dd250111e82e53180de8ad09b6f23320c6","sha256":"41e6b9f297f7d9a2df2aaa274092f76d2f72711a15ca455f7f4f4f92caf16b72","sha512":"19ce13e7d94cfd2e9a56e128c29761d853adef646954014f2dea54bf6b8518143ed4404a9cdbd4c25d3fc04fec98520adc42d3bd357840db0b6cb2fa3c031c94","ssdeep":"384:JTOTPyx11kthS/no9Xuf8F+0pxVTS385wlKEC5FU:JTdxHchYo5uf0oM5wYp5FU","tlshash":"8b52c081d7ce258bf9b505dc14a1187c4ab3642864b75fe49881c540b1fbf2da9cec55","first_seen":"2023-05-08T12:42:22Z","last_seen":"2026-04-29T23:29:55.241454Z","times_seen":1455,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":100,"dns":1,"connect":15,"send":0,"wait":16,"receive":2,"ssl":83},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dallying-reveler.fontmaxplugin.cc/api/visit?origin=smilefest.icu","fqdn":"dallying-reveler.fontmaxplugin.cc","domain":"fontmaxplugin.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://smilefest.icu/","date":"2026-04-25T12:38:02.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontmaxplugin.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 28 Feb 2026 12:28:07 GMT","end":"Fri, 29 May 2026 13:25:31 GMT"},"fingerprint":{"sha1":"FF:C9:44:AB:1D:80:02:3E:4A:9D:9D:16:1E:F9:2D:B9:CE:66:09:5E","sha256":"D9:44:FF:7F:09:14:1A:62:5B:82:92:B7:7A:13:81:95:94:8D:9B:8A:52:C0:EC:FB:45:F7:AD:03:48:F0:A7:67"}}},"request":{"raw":"POST /api/visit?origin=smilefest.icu HTTP/1.1\r\nHost: dallying-reveler.fontmaxplugin.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://smilefest.icu/\r\nOrigin: https://smilefest.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 25 Apr 2026 12:38:03 GMT\r\ncontent-type: text/plain;charset=utf-8\r\ncontent-length: 2\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZcyKHp1Mdd4fhPlWhmvgeBt5QDaQFlkfJgsi5FvFPHT4I2MrVbzFIwQYI6y5wm9Y%2FnrhkENG%2FHYRC4yuCGdmlFSFLVtgQpeLwNZ6qtOs47wKo5fhNNXwB%2BHKkPgpabNULNkpq5edCxgqIoJ9IGcEZ0CXGl8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f1d670c8a0023eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-04-30T07:11:19.030578Z","times_seen":402776,"resource_available":true,"data":null}},"time_used":488,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":488,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"smilefest.icu/favicon.ico","fqdn":"smilefest.icu","domain":"smilefest.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://smilefest.icu/","date":"2026-04-25T12:38:03.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"smilefest.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 15 Mar 2026 13:32:34 GMT","end":"Sat, 13 Jun 2026 14:31:07 GMT"},"fingerprint":{"sha1":"3A:07:C1:CC:11:53:B9:8F:6F:97:DC:3D:66:41:9B:AB:AC:3F:7A:5D","sha256":"18:7F:E8:D8:28:AA:EC:53:64:78:AF:51:75:52:32:74:B8:A6:CD:EC:6B:DF:87:A0:66:B4:86:D7:B2:98:4D:2C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: smilefest.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://smilefest.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sat, 25 Apr 2026 12:38:03 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8tQmHcWhAn3PcTawXgnek6Gn0ycVGkIhk5u4zsoskNeK03ygyVAhTCOe9F2O7seKIh8wwr2kwK1WeUksKk7LjctjW4ZEDwm%2B35kDBVO5DyDS7EiDqFOqK62Ixb1BHAwn\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9f1d670e4bc156a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"998368d7c95ea4293237f2320546e440","sha1":"30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4","sha256":"533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736","sha512":"648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97","ssdeep":"","tlshash":"4fc02b2d7513bc4cc563317832c37080c0c6833769bb4112c440800331cf2998bc3397","first_seen":"2023-04-06T02:01:38Z","last_seen":"2026-04-30T04:53:24.737894Z","times_seen":4344,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"smilefest.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"smilefest.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"smilefest.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/rajdhani/v17/LDIxapCSOBg7S-QT7p4HM-Y.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://smilefest.icu/","date":"2026-04-25T12:38:02.292Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/rajdhani/v17/LDIxapCSOBg7S-QT7p4HM-Y.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://smilefest.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14976\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 19 Apr 2026 11:04:17 GMT\r\nexpires: Mon, 19 Apr 2027 11:04:17 GMT\r\ncache-control: public, max-age=31536000\r\nage: 524025\r\nlast-modified: Tue, 16 Sep 2025 03:40:47 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14976,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14976, version 1.0","md5":"cac31f26b77ee8053a76a54ce2f8ce48","sha1":"c92bcfc9121164049c1b30655db9481d0e454464","sha256":"759a9000e47b028799d7a4ca602634a7ac7adf415775df070a335d18d9b66f38","sha512":"175e68a3fa2978ab4a89c5bd92eebe5c0f034ccbd6004dd708c243b561102ac7e15e267b90edb86d03c312c1849b157b544ae8045209b0c2e2b27d1b480b7783","ssdeep":"384:ekfg3HBbG7EsSXbNSX0FgF1o56xCKSEdVkSKMOk5:bI3hEEJJSXExAwEKI5","tlshash":"7b62cfb8b1b6d40fb06e4de74cb0d2e11d78b155ad6a8ee4109bef197668063852fe30","first_seen":"2023-04-26T23:36:20Z","last_seen":"2026-04-30T04:51:36.769599Z","times_seen":3227,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":120,"dns":1,"connect":27,"send":0,"wait":16,"receive":8,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://smilefest.icu/","date":"2026-04-25T12:38:02.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://smilefest.icu/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 25 Apr 2026 12:38:02 GMT\r\ndate: Sat, 25 Apr 2026 12:38:02 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e85517dadd43448782d60d7f207fddce","sha1":"6cd31f870727ba8090fac9602b42524b4139a619","sha256":"88fbd0b95222be288587a149c324189ecbd8de0d6f0c94f528ec53857e52b66c","sha512":"5edc78df5bb062a9a2e1ea6724c14dd7eb80d77ea0fa9572de4bb0d52bbd0d163815b08a1ae77084f99fbefbb07715da1c61f0bb36fb498710c91387792955f8","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:vXuM0p2+4","tlshash":"04227792002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:13:11.065101Z","last_seen":"2026-04-30T07:33:23.17048Z","times_seen":23457,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dallying-reveler.fontmaxplugin.cc/api/is-banned","fqdn":"dallying-reveler.fontmaxplugin.cc","domain":"fontmaxplugin.cc","tld":"cc"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://smilefest.icu/","date":"2026-04-25T12:38:02.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontmaxplugin.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 28 Feb 2026 12:28:07 GMT","end":"Fri, 29 May 2026 13:25:31 GMT"},"fingerprint":{"sha1":"FF:C9:44:AB:1D:80:02:3E:4A:9D:9D:16:1E:F9:2D:B9:CE:66:09:5E","sha256":"D9:44:FF:7F:09:14:1A:62:5B:82:92:B7:7A:13:81:95:94:8D:9B:8A:52:C0:EC:FB:45:F7:AD:03:48:F0:A7:67"}}},"request":{"raw":"GET /api/is-banned HTTP/1.1\r\nHost: dallying-reveler.fontmaxplugin.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://smilefest.icu/\r\nOrigin: https://smilefest.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Apr 2026 12:38:03 GMT\r\ncontent-type: text/plain;charset=utf-8\r\ncontent-length: 1\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncache-control: private, max-age=300\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OHR%2BVK6SQlxvotp75vRZENH9BP3SgWG7glvwMdKs%2BoYjG1WBXVgf3q1AZUUU%2FCTmuMEXDFogJz%2FL5m1anYwkFBuItKahnwsFY2N9Sr74Ltapa5h1yp4Sfs99%2BGzUHalxtFctc5lbx%2B1bj%2FUn3PXclKPQbKU%3D\"}]}\r\ncf-ray: 9f1d670c3ee3a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-30T07:08:21.919827Z","times_seen":107218,"resource_available":true,"data":null}},"time_used":172,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":171,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-25","alert":"Sinkholed","trigger":"dallying-reveler.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}