{"report_id":"1ec15c4e-fae7-4e11-b6ac-3f67df31afca","version":6,"status":"done","tags":[],"date":"2026-03-17T01:44:12Z","url":{"schema":"http","addr":"bubbleflapfun.top","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"104.21.71.107","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"bubbleflapfun.top/","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"title":"DappWallet","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bubbleflapfun.top","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"104.21.71.107","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-21T01:44:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-17T01:43:45Z","timestamp":1773711825,"ip_dst":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54542,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)","source":"{\"timestamp\":\"2026-03-17T01:43:45.368157+0000\",\"flow_id\":1789436682667012,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":54542,\"dest_ip\":\"188.114.96.1\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2057746,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_11_20\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_11_20\"]}},\"tls\":{\"sni\":\"creativityblocksnodnjgf.pages.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":935,\"bytes_toclient\":1654,\"start\":\"2026-03-17T01:43:45.361476+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"creativityblocksnodnjgf.pages.dev","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-09-02","domain_rank":0,"first_seen":"2024-12-07T15:13:28.328315Z","last_seen":"2025-08-14T14:42:56.300695Z","alert_count":0,"request_count":1,"received_data":757,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"bubbleflapfun.top","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-09","domain_rank":0,"first_seen":"2026-03-17T01:44:15.564775Z","last_seen":"2026-03-17T01:44:15.564775Z","alert_count":54,"request_count":27,"received_data":3974060,"sent_data":12603,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"bubbleflapfun.top/","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"f278e1582a6b32d6a9a05328bba73b0f","sha1":"02780b645a044990e49787663d3dba06626b1e3d","sha256":"07317dc90130ec69ed8e07a8362168074f9067473354101f361449cff37110aa","sha512":"08463b63ba1654bf203117d8f0c0a2ce4b5d92914ffba7c8ac3d942ff1a812c86cc61d9e840e5f3422c2b22d1b71b1a06b9a6d40d4e4259b32fd8cd40cc8357f","ssdeep":"","tlshash":"55319948a43216904242e8f1c676abeeabe774080574446d349cbec7eff8447e521678","size":1529,"data":"","first_seen":"2025-08-01T04:16:24.221852Z","last_seen":"2026-06-13T11:01:21.820801Z","times_seen":3089,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3433c9d3e9b7e8e5b34ed72e309db572","sha1":"d53d7df082088749c1df6b08330ee9b9e4076932","sha256":"1d96fa9904e3743570bccd5be90e83fd91975299f374093cc6f723673d582dd1","sha512":"ffd0e047331871f21738643968b7eb7fa045ee0e45346a9ea986c4b8a3e745dd310542c6b2734f6d244408bba6548ec66f5cd7662c69485b5e59e3b9432cdff2","ssdeep":"","tlshash":"06f04245bd825a24d35670ddc41f978cc53690dd91491c4cbb64ece1de94c2cdfc6534","size":585,"data":"","first_seen":"2025-08-01T04:16:24.219641Z","last_seen":"2026-06-13T15:26:27.750636Z","times_seen":3127,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2380d391cf784bce2f77e0e16fa2268b","sha1":"2b88cb08e3d7f56772d46fe1a10d84774e8728d5","sha256":"e65fcff70fe965f3d1878fe515a7ebcd265dfe61b15461521450c882e8d081d7","sha512":"0f3264af3a045928be20d2ee1ef3af905571d07e3fc25eaeda22199baca89b8c9bff94d90d81124ff45b16c5e40df291c2f49d9464ba901d2d961f6fd1196f1f","ssdeep":"","tlshash":"e6411b1e00aa0aa31ba3054333ce846d0956c2cedcc73534d3b27f8134c67832a93bea","size":2254,"data":"","first_seen":"2025-08-01T04:17:54.882582Z","last_seen":"2026-06-13T15:26:27.753685Z","times_seen":2953,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/fbf4f631-5e68-4f1e-96dc-b9df9fbce6a4","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"28fd4431295ab2d4c33d600d02e2e975","sha1":"791e87b2a49896f78f00626a4598cfb927d1cef7","sha256":"20a9f78836129ad6ee68cf0bf8741c19301cb09d6fbd21b541bbb995c88143e1","sha512":"dafb4d09f5491f3461d03da1ca1d0fe5b826587827e76cef0a04192540c215533cd14b931d3caf571887a57f6189343a3e6a47a36e2d42b21d03bcd98fd487fd","ssdeep":"49152:SGkwdNZngkO5pqwW2QUSvhjG+EyY4bfO3xrQanJfCpszVtSw:y","tlshash":"92f523836d5798b5cf98475570ab6d0b68980c13585cf0dae798f8c334adfa480eb92e","size":3411847,"data":"","first_seen":"2026-03-17T01:44:19.879842Z","last_seen":"2026-03-17T01:45:19.147015Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/angular.min.js","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a2a3449c4f118822b33fa9515c9966e1","sha1":"ca1a40a4f44c2b81e59df0e5781ccc5f6150b2ff","sha256":"8fcf91d9880e8c2c64d0ccf5ef220cb4f7139f6393958a7fa9a91e874dc332f9","sha512":"28ce04ee47d2e8481140be1a02fa9b3aec4d7a84c09390b0ccccfd93c92226bbc530f4d782c3c88ee76ec4835062478b01d84ce26c5706c09935c37f2507e547","ssdeep":"1536:9MtLI9CO3DZcW2/+ZZr5kWgwusehg2t2WfdWsqfNG6N2t:9MtLI9CO3DZcW2/KdXMfdnqfNG6N2t","tlshash":"3b1431e4eb57c4ec8e6510eec073f805e0584917ce6cf4a3aa2ddec1752af26858717a","size":198702,"data":"","first_seen":"2026-03-17T01:44:19.880728Z","last_seen":"2026-03-17T01:45:19.147636Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"936c08946b8ea17f7b574bbaf96f594c","sha1":"58275b35dd61b617bd454285b3eef4a1b22ab0dc","sha256":"69248c4c3164798a6ccbab3c0ef2ba77ad542229b7d112b31dae820ac12381d2","sha512":"8a2b1ec1d8c1f5e8502e1958cfe6e01c0457564d4b293f6bca00f6bfc87e9823a4c1128c3890305b58f54b0082a90164dae34a9ebb60a580c2fd8696da67f428","ssdeep":"49152:PGkwdNZngkO5pqwW2QUSvhjG+EyY4bfO3xrQanJfCpszVtsw:x","tlshash":"49f523836d1358b5cf98535570ab6d0b68980d13695ce1dae7d8f8c338adfa0c0eb92d","size":3409381,"data":"","first_seen":"2026-03-17T01:44:19.882255Z","last_seen":"2026-03-17T01:44:19.882255Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"59a13eef9e5e0ec7844e58e8b47d54a0","sha1":"0fb2b2059a878b87f8524284d448dd46a4351953","sha256":"c890c150b008d069bfddb86ee2c2e3fe979515939053b4c53fd6853b68e4fe35","sha512":"7fcdb614d30b1141e9a1e134a98e2888007f786f866c24e6383106d3e003f094e72901aa295e7d3450fccf5a249b25b436401a5b9439205da6b0eec8d72cfc80","ssdeep":"","tlshash":"33f0beaf336126ca23ae6ad20796c01d1e72e4ab3002163c575a36ca0cb6f52521b07e","size":494,"data":"","first_seen":"2025-08-01T04:17:54.874483Z","last_seen":"2026-06-13T15:26:27.768049Z","times_seen":2919,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"8de04e3dc63af7585af0e827672eb149","sha1":"02ee5e4b4e73e430d629744c4b7a3e38c36ed06d","sha256":"123e2a4c9c65ad62ea2b0992b1f80073e18a341a810f9ba40d1c4cdc31f1e759","sha512":"a42fcbfd4fc45305b75c0093524abafcf73f7d10f3bbe8cf573f3ea87803f672ae7fd293a116e7c24aeb0ef9fb24b9ea32e48200a56243187d5b550407631184","ssdeep":"","tlshash":"a911cce0aa6c599781c2095034894b02b13cb020203d9fd0bf75f0ce7c7c7ec96d262a","size":1000,"data":"","first_seen":"2025-12-20T20:03:49.143914Z","last_seen":"2026-06-07T00:08:21.702938Z","times_seen":1701,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1e21743cd2ee2004cd56bfc5c29e3609","sha1":"bf516634ffbcfd3186b71dafc0ecdcc47894c439","sha256":"0e428980439e794b176e0ee3cd84e4878510b1d52c1efc1c00f4af9729a17029","sha512":"4264e5ce5b4f3acb24046582388132a5915398c9266c18c6349d75fb94bd74bac990dc6ebd12e1e118a3a24752a3e4badae2faabd69b9827d1f223a0750da4c2","ssdeep":"48:atoyTqSsM+c69M+c69M+c69M+c60778KK7NaaM//M+A:atlDNDNDNDl778KKw//M+A","tlshash":"25913f32165427da63ce8fd45a85751d01d2c89a383e60bdff3279eded3a683c031612","size":4506,"data":"","first_seen":"2025-08-01T04:16:24.215618Z","last_seen":"2026-06-13T15:26:27.766389Z","times_seen":3059,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"90e7c326703d8e5dc1363e5cc1f85efe","sha1":"636acd1a7e4585cadbf498e35d5dde8df43f0f6b","sha256":"2c97ffe5b60faebc09419c7eba9211addb0182677d349a523668b0ca4eb83865","sha512":"2b33e97c17b43a3783ca73aba5b62ad8fe1c8f0322741f6b94f6e6f260816eab88ed3633b5b61c6b7a7bb4d470b86d981606bcd768bcb3123d471ccbebac9be3","ssdeep":"","tlshash":"1571ac3aeb00173bdc8fa9fdcfd5b8d42d62497262596520791ce102a16cd7487bed84","size":3653,"data":"","first_seen":"2024-11-14T17:25:01.47538Z","last_seen":"2026-04-28T23:19:55.662395Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"bubbleflapfun.top/btc.7711669e9b380abc5a6a9bd657e508f9.png","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /btc.7711669e9b380abc5a6a9bd657e508f9.png HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 4947\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:54 GMT\r\netag: W/\"1353-19cd35ae366\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UXbSKk6SkZ4Jh7w62yVbHY5u3KUw0N3m%2B8mdmiePWXIvxOoDR0pOWireqgKfv5f9dNRL6Aj2wCQBCw7XbqFC1d8t%2Fq091Loo0THE%2F8me7QfP\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84ef4edf632fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4947,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 179x180, components 3","md5":"211fa51a11c3b723c89e67cfd868cc48","sha1":"321d453874687b282c0e56d77404bc3e70f511c1","sha256":"d97c6046996cdd1545cf056392840dc44f1b346da2a47ceb9102db269d12f620","sha512":"f9e0d306d77d5c0088327c5d0fd3af050dc4f07fd65d1af5c27c72e7e604acef02f13dc8d5a7eebc6a68d0603b92b0d3be79b123a3f659cddb3577e3258a2ed8","ssdeep":"96:NFN78f+nagH8SwfuS2GKnvN6WBYwCfUSM7SKMP+9MlUf3g3dR:NFafcagH8Swfu1vkhYSMBMP+933Sr","tlshash":"c0a16c2064ce5361e9e6563a571d7a5987623d73e207ed0f191a8b3c317adb80ca00f3","first_seen":"2024-02-28T10:39:14Z","last_seen":"2026-06-01T09:33:27.870833Z","times_seen":171,"resource_available":false,"data":null}},"time_used":494,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":494,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/dollar-school.822faac934bb6eb700fac3d65dd2583c.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /dollar-school.822faac934bb6eb700fac3d65dd2583c.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:54 GMT\r\netag: W/\"874-19cd35ae36e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=La%2BTpOvdeEiB2U%2BIEYMho7%2F4UXVXJyBDVuY5HwD4VKEUMGSfGHK4yxvTbfj7%2FMDAzUMzuO5gIHCtMCVL%2FypBjibBuUgqHgeomvTdFU1g8oiC\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4fe1c32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2164,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"738b1b7e813b8932c11d62c30642a074","sha1":"9fd9fd0fc0f1fd79755f57cbfa25a99f44be004f","sha256":"149b3085e71c794f64c755d5f75601586d6af87e346e3f61726edee0cb365af9","sha512":"a688c282e7c3ee6aed7dd01b0136419e2bf851eee0252e5c5052431fed1b2d58fc6d198b7c5ca9e909c1579ad57e69f6d1c82902b193add4900c6663ac6546df","ssdeep":"","tlshash":"c84154a473b8f2ddb21596fff3759450386120e6934214e5c43bb91060a19ac6fbc9ea","first_seen":"2024-06-10T05:31:53Z","last_seen":"2026-06-01T09:33:27.894146Z","times_seen":90,"resource_available":false,"data":null}},"time_used":461,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":461,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/key.dc13c066b563854dab3af9de9709d6df.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /key.dc13c066b563854dab3af9de9709d6df.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"5d3-19cd35ae3a6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mC%2FCPaZMrFpUkZJmK%2FzkFCrVQM0%2FTgMscVSTBYx2JJ%2F5M144PBALjwSU8tUhsqbSGYeerpvTs4sheXXz9QL%2B3FrpOcRiho%2BGIZcdIRaRNvtU\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4fe2532fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1491,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"616a5da4dcec662cc6408a612ed0f85f","sha1":"a203d1d14be22071c44763d11e0d31704a6991f2","sha256":"064b4744e0c707f8301ce1ebaaa00bb19124806c0775945a2a8c7b86f791c013","sha512":"55c2ab7dd7e68f401d5a31bf25116ec363f509a64d60b433882bc6d4d9d6796a8b8b5a3acfdf20b3c46eff88b4e7608c93d165b979d3a22c869ba5cf7d50ca53","ssdeep":"","tlshash":"843165057368ce7df21860b4675a79a0105778ca33a14004e6fb2966d22145e6d3ffff","first_seen":"2024-02-28T10:39:14Z","last_seen":"2026-06-01T09:33:27.866144Z","times_seen":94,"resource_available":false,"data":null}},"time_used":485,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":485,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/css2.css","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/main.35d64eb6.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:54 GMT\r\netag: W/\"323-19cd35ae36a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zYpIADNO1dCJwgIUMeiOwJJdpfM14CYdlXfxqacuM4L2OTfgTg4r8%2BMBzF3bx3%2BEVKZ%2B8Z1%2BuGDaUHq%2BoSewoUP6W8VeZocDVSQ8RTFLDNYt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84ef7eb2132fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":803,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"f0eb1b9efb8ceac7e189236bee9dac26","sha1":"9195ba84d32c3d26fdc0432dece2553180935b78","sha256":"e6c3d2aae99a734d21788539b9690e336493a9e90fe44c1d186a877afed4ab35","sha512":"c50b84e5590513d9ce74346233fa0277885c92805ece19df9e5bf594969fd7b14c06da350d85f152b7b8b796c7dc364018a94b4ab5467a7739cf0a1fbec87c85","ssdeep":"","tlshash":"df018e40086e6410e3b718c556cd3e32eb5e6264a15669217bfe148cbc66c7d5372b4d","first_seen":"2025-05-14T13:29:13.401399Z","last_seen":"2026-03-17T01:45:19.138306Z","times_seen":16,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":307,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/landing-bg.a29ed05348cbd82410854aa83db84c56.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /landing-bg.a29ed05348cbd82410854aa83db84c56.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/inline.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:45 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"714a-19cd35ae3aa\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zOcYwxqNHHXTSHlSEQ4JRymGZvt%2FHhidUEUf%2B7mCGu%2Fm6q3Yal62FAQlFyYMM5vrxaPMPLFNzyeXx%2FBqjgDjwAe57ob7oVIvYQZfXGWxzOT9\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef9ae6832fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":29002,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"21eb919abbb6ef8c25fa3984e01ea45d","sha1":"2e3e2a1411c307de1283f48672d50116c3bd66ee","sha256":"5f00c879a2b45a526fba4d087d7ed6bd3f8e79b80408b6049328601c0db137d4","sha512":"cad0439674d273aae6a65f77f0b49a134c51f6a8556e66151a1441bc4142ef87ee889da80a8c8daa528635d0531cd6d41a928cd9ef58c8e4b15cfcbbe502b234","ssdeep":"384:LBCsIgv8KHvbniejdEABY8TRFmRe3AxM/6NGLqVifI5:gsmKHvDE8BTPR6NGLqV55","tlshash":"91d2219e27544afc79a547c5ff0663a4270b02ab0b6d9680c1556f3d2902d2dad3fce8","first_seen":"2024-02-28T10:39:14Z","last_seen":"2026-06-01T09:33:27.871746Z","times_seen":161,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":240,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRSW32RmYJp8I5.woff2","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRSW32RmYJp8I5.woff2 HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:45 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 14112\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"3720-19cd35ae3b6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j32iKs%2BeZ9X7ZCITDFvknG5yiHmuwNXW7WJSW6g%2FBQDocLOrmZ9h7yNpZi8SRTJYdIKVUwVpCKrG7oXCjXD2tNePxzISMUbkQh1PpPhsLhBD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84efa2f4132fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14112,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14112, version 1.0","md5":"e6c05ad1b6c331019b9afc060c6fb15e","sha1":"f1726b7326c513a39c5b1401a0b545a9302f4455","sha256":"fc95fe18f8312a645496d8d7f4f95676f403e6f4b15c5b84c9be0dbf0a4b6bcf","sha512":"16f11aa3f280053324c39cbb3a798a43f149f75f91033e844e89462f91f24e6d9234c63010913b917ede4757b0cc7b6720f3cbb1cb94e963f66f77dc2951a1c7","ssdeep":"192:evC4mf2WNP+KqX8lRNzuwBP5HxnN/fCOaFQa4MK39/174zHym46uTlGm8mnRRUNn:evjyNnl5TRN/fCXQzh997Wyx6us7EFHQ","tlshash":"1a52cfac8f087aa3a58c50ed854d18477a929742ba6399d17e2c8a4c318ecf3f6470d3","first_seen":"2025-02-04T14:10:41.621202Z","last_seen":"2026-03-17T01:45:19.142018Z","times_seen":18,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/angular.min.js","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /angular.min.js HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:54 GMT\r\netag: W/\"30a38-19cd35ae35e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X3kaFZxmhC%2BSbEwXzajKFHrHy6GngH%2F2bBFfGiuva%2BzrxwModLGlKGZWsaNglra6WkpCY1kupjHCLCK5TRT7AuhXrlJPOOpnhRqgldvOpfkV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84ef4edd432fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":199224,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (53200), with no line terminators","md5":"412f3345dcb6ef7eb4f7458e4a6664fa","sha1":"012bde5691c431699623fdce04f688dda38c57d1","sha256":"7757415afb84ed9693f485c3bf5350fbea8a1f746d81cd10e3ab8a416ca7948c","sha512":"dfa4c3f0997e3d912fa324b47c197b477f040bf85b8d9162ba15c9abb3bbb962c52884c153a5bd7fa2e4e936454d4943ce042c1f96fbe425dddce65eeb3ade32","ssdeep":"1536:9MtLI9CO3DZcW2/+ZZr5k98kusehg2t2WfdWEqGNGdG2H:9MtLI9CO3DZcW2/KqTMfdBqGNGdG2H","tlshash":"dc1433e4eb67e2dc4e5520eec073f805e2d44913cd6cb0a7a92ddec27519f2a818717a","first_seen":"2026-03-17T01:44:19.859622Z","last_seen":"2026-03-17T01:44:19.859622Z","times_seen":1,"resource_available":false,"data":null}},"time_used":591,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":543,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/money-receive.7bfa590f189ccd9e4deb6811502eb917.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /money-receive.7bfa590f189ccd9e4deb6811502eb917.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"8e5-19cd35ae3b2\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E8XKCds9njB5j%2FAeR9GtjeYOKFeHDc550aQKMt1sF6MTmAn%2FQAb9NtSh%2F9WY5c%2BHcP1hW%2FAY13Gz594SZKQMQZq1RMM61UUUPPst7HTY6gQg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4ee0d32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2277,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"53a82e053d497995c7d7390d9d9ce2b3","sha1":"f128df39235470fb813ebdb14dc1bb987c092600","sha256":"06e45f154e94a4aef4a5b2a5925f3d234ab7d7aaf6d24badc56cbe6543dfc710","sha512":"c364032571712b659772fb5981068b3c7511e694967d438ef65c69396e92622478e68c1848ca3ac5ecd062c77c0fc5a4c30e58bcaf58d71f8740d5c58a248e44","ssdeep":"","tlshash":"4341a090367643f9f0110bfb13a97cf82ad22ccb55e18164d771ba0664eb50c6eb49ee","first_seen":"2024-02-28T10:39:14Z","last_seen":"2026-06-01T09:33:27.868124Z","times_seen":80,"resource_available":false,"data":null}},"time_used":500,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":500,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/40c03850-8e8d-4210-897e-a19fff07de3a.js","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /40c03850-8e8d-4210-897e-a19fff07de3a.js HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff, nosniff\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: HIT\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zsuL1TUs2tmdvfyNFvy1lHkKswzuLP8roAAowR7QrFzTbHQqWtt23Nd8%2BMm0548%2Fkb5KZUdhA60boyDk4RZKKJypYvx1J1afIVje4EjA9nAE\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef96e1332fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/main.35d64eb6.css","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /main.35d64eb6.css HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"5b2b-19cd35ae3ae\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0gKNeewbDTiVwqltQCiDh2iEB9SRuSlyMkkkxw7LQKayDPgw%2BYyAt1mgFuaPg3uefklmwBww%2B%2Bgiwf12AG5UTL1kkh4UkXyKIxdnLkZ%2FqC%2Bo\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84ef4eddb32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":23339,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (23294)","md5":"6668c9e1e4172fe52ae50e08527fcea3","sha1":"fc16b85f63bd6f0468bccadc2217cd57b714e21a","sha256":"7478b519e26e52f5a1f4efef27e5f235e980314a8f484d89c4b601a8d40a4f33","sha512":"d03be2ded6786eace8fc0515f9b7257a1fae48aee5560a888f77c5dc90ed2c2d0b9251bcaeef502c3753971fc09fb50552447778715e3c56b9816f885a234fbc","ssdeep":"192:l4GfJevy0RX6q+sqWOKOybibAINIQT5TsfPM7:lpMZIYbibAINIXM7","tlshash":"7fa2a05994911a6528236e6687cc4e58c61ec5a344e50dde3bcf280f8b47fce33da747","first_seen":"2025-05-14T13:29:13.404691Z","last_seen":"2026-03-17T01:45:19.139411Z","times_seen":16,"resource_available":false,"data":null}},"time_used":465,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":465,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/inline.css","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /inline.css HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"4ebc-19cd35ae3a6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tY2RqYOuu%2F691TMuvtKJ2IefzmRMhLbHpFyQO%2Fjdvy3VcrkY7aU3mAVJcTTLtDhSqERZBNNgni9wwtYUUCmGB3tN1xC%2BXw%2BPU4AMZbVDZl87\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84ef4eddf32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20156,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (346)","md5":"a0b6a9301adb24a8b8191da3ebc3390e","sha1":"4fd2c400d3240da4d411300fc1e12c20affe6594","sha256":"b7a6222f9d73e6c86ce1c1711575c59f70ecb694068a0df841f0290304125d63","sha512":"5156e52e74f0137abffb19817911740e6cb6710b8360d41374f6d73976eda439219c3d910783983f5a0d7abd1d60e18fffe7e3640ec6ced615112461943f1eac","ssdeep":"384:TW/jy/XOv6yrOKa7/ko/mWGPIUEs/O5JPVuttpZfAgAnlwWD33Dyn2xq9AsaTGGq:ILAqoowJU","tlshash":"c39203270a9122096557bc4c7aaa5b0da3a99526e30f73fa4cc2258cd3cf3a405b7fc5","first_seen":"2025-05-14T13:29:13.432731Z","last_seen":"2026-03-17T01:45:19.13382Z","times_seen":16,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":437,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/Illustration.71de895c1e28bd43688f612a8089a59b.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /Illustration.71de895c1e28bd43688f612a8089a59b.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:54 GMT\r\netag: W/\"b0d8-19cd35ae376\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gdYX5b1vIWfAIl9SBmMsopuHc4IMi9Fr%2FBW4f6l%2B22lOuoGzfJ9v3%2BzOxOiQQVJPVGkwhmRwjcCpqQb%2F4%2FHqblLL%2B4z0mnAUe%2Br3%2BUzCm2G%2F\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4ee0832fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":45272,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1f3773d9fb40e89b9c18d90c1a032d64","sha1":"d878dba91a40d73a033d379510f75be073f9ec09","sha256":"5d763594630c8f059b757f538829a89eec7fac101c1a76dbfecd250689d2a706","sha512":"388688f4827344973e3577683dcfe5ab6e3c6bd23707e1004fd7f23dfc1ec773395bb46635d0fd581c165922e04b2b27f7bfb796aff02130532a900149c35e1c","ssdeep":"384:CvHlOTl9xIxsc9w+I4m/4silGrgy6Pm/Va2Knxc1RAEV9x1x8GY4oYe9VsyB45Q2:dYIBibOa73VYSJw9aWk0XwCznqmlyq","tlshash":"61134216c304bb7be8064058dda535aa71e5b5e7d4d0e3c0623b6b3eea0d8e0458d7ee","first_seen":"2024-02-28T10:39:14Z","last_seen":"2026-06-01T09:33:27.886247Z","times_seen":183,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":407,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/popup-2.css","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /popup-2.css HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"1c1-19cd35ae3b2\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kzOouupmn%2BdAEGPnJ74zQkL9KFzmpUCYUJmvCsLAqUkOzPe8bZ9AndoMpaod%2BwyJuFSRWM%2Bl7OP8s%2FX9dmCLnC%2BiNYuen0JCnEszoIk0KS%2F%2F\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84ef4edd832fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":449,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (449), with no line terminators","md5":"ed502c2026c15c9785fad9f8573876d3","sha1":"39eb14d49d341bf2c26c35b55dc100d088812c0c","sha256":"42764571a62f04ec6c38748fc5f5f54a41b4e2cd82ab27e11fbeb1b1adbfa69b","sha512":"5d9ede9140890cbe8c7c9673e6decfe5cec8f19e765904875e3aa5f9296de55a54ead7727cf9f82449b51fdf20c0af05710766acb180e333f348fe9cad750ea3","ssdeep":"","tlshash":"c6f05c22f1907078c23391422483ab7c553da003f7350f795509fbf10f4e64f2569954","first_seen":"2024-07-31T00:00:02Z","last_seen":"2026-06-01T09:33:27.863709Z","times_seen":64,"resource_available":false,"data":null}},"time_used":496,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":496,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/logo.png","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 7216\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"1c30-19cd35ae3ae\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PE3pZDYJrfEDeFS%2FnhWVyIERTd4aWR6v3Pnuqjo5eMxEAEHv3IqFmRh%2FabDbQvE4pUUrdleyXBNKm%2BwFFuOMyRnIHDRQmyLHqkR1xlyFRe8i\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84ef4edf032fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7216,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 233 x 79, 8-bit/color RGBA, non-interlaced","md5":"702d432df5d1ce0ef551dd6b70556c36","sha1":"66e4d7b944c859b5ef54ca7520f214444b2dc944","sha256":"9fd6f3a74c6b9f2710bc793510511c078a961e229ec08b6f5cd418a5c832c365","sha512":"22543ca36097ffd5283378d26ff7f81263e00d80678bafebe5ca80b927fb946e20f069f0f889fc19dde1a3efeee9145304a3053ec39a2907e47012686ddc4308","ssdeep":"192:o6666666IaoF3LOPdj0Z4Hbj5QAKeOSNpuYNrNDC666668:eao8P4YH5GeO+Nrk","tlshash":"21e19f5539b9d0b5dfd2ee4648fc851f8485661184263434d8fca3aca8492ebdbacb24","first_seen":"2024-02-28T10:39:14Z","last_seen":"2026-06-01T09:33:27.879522Z","times_seen":173,"resource_available":false,"data":null}},"time_used":429,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":429,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/euro.5a6be435b85a6ae56e6d1ef4fae11523.png","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /euro.5a6be435b85a6ae56e6d1ef4fae11523.png HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 4543\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:54 GMT\r\netag: W/\"11bf-19cd35ae376\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y9QRGDnnkpYvbDPvxymAG7%2Best2S9cDsNC%2BAlX0%2Bsj%2FmlMdz2jLayPz%2FmgiPBq5341ClayHJO5ThcQJUMcGmpodydMAg0L4mSyEW7xZGeXKz\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84ef4edfb32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4543,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 179x180, components 3","md5":"89943e689b55f2eef456ae16cfce39c0","sha1":"49e7a2ec7ab762b67f6eb705e92849930f48a8a2","sha256":"9e10deb2ee7fe99780c08efb4e2a93b92e6d8e09514255289fdf36ffaabd0c11","sha512":"ebbba3059ae6242b612653922adf69d59be21ac03590f5a84b0d379be8cd2401caef1b8a1db678189fd017915476ebe629c6b9bde47b1490c50f1b87b7f6370b","ssdeep":"96:NBPRw86uuWrb4HU8h5Q3oW81ck/KmQNlAlvzWv:NBPRwtpWrUHh5w/81ck/KTAlvzg","tlshash":"e7916c1231bf3304cee90878fcbe3165057dae31d4108a7aeac2b20c8e7b5d9ce1a641","first_seen":"2024-02-28T10:39:14Z","last_seen":"2026-06-01T09:33:27.860615Z","times_seen":171,"resource_available":false,"data":null}},"time_used":402,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":402,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/omega.d0d7df942e77c30a0aeaf72b1f742d4b.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /omega.d0d7df942e77c30a0aeaf72b1f742d4b.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"8cc-19cd35ae3b2\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S5XEEuJb1RNs9He1RMgcwP8BaFKQZyGcYOyMzjUoJNQV2CNYlh7ueyY6AOlIdUqpERTEnCzh2YWKPJgGKyIUhR50j5FPgdhdbEzYzP%2FwgYAg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4ee0932fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":2252,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"19cb29a06485cdd77550ae16994adbc6","sha1":"39924743312a51892776f05cada0c12e3424b91d","sha256":"2a667dfbada76be4c7fa9383f9c9b292c872e07027c0d9ab7f89a3ef151124a4","sha512":"0317481684df71f97f7bf984917a71dc8a5c32257c4b15e72e2d39998a733186618b09329057fb11fa02fbcdfeffbc9a64d7aefa020130bba9833b3e78b3aba8","ssdeep":"","tlshash":"614153e07176d35ef45472fdd371dca0199a28e7f08026a4cb29bc5075a28728e3e897","first_seen":"2024-08-04T01:00:31Z","last_seen":"2026-06-01T09:33:27.890483Z","times_seen":79,"resource_available":false,"data":null}},"time_used":401,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":401,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-17T01:43:43.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:43 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LkcvwiLFjCRtHZsiMWnlCvvYVwM5ZA61pdN%2Biz0Kl%2FwcacyrX2drpwPEP1NqPIFDP7C7fNnW38lbCFRbNEOyGfjnnVqcSrQsQuaqPtrnI6PH\"}]}\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef1ace05fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":130912,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (382)","md5":"c3107767a60983d5b76cc459a36f0cf0","sha1":"beedbe678251b495fd404582c49f05ad89c5b04c","sha256":"5d212c9d1a80ce6370eabf4024d77fdddd73e12975fecda35af9cd982f9e86c3","sha512":"cf25243d9d763da38f3be9192590e9c50e802f9b4f88d3ed2c828547a092911416d016274b31d67f864bdcb3996182ddf8946042f67b3339f2ad5024fdaf7b71","ssdeep":"1536:WcGNf+REB+rvYCLuY3IIXkeSYZaW3krTIWgozoBa:xGRB+r0ejZR4","tlshash":"5dd37444ada385777957906e2fd1ea0926a0e003dc56fd087aecc180cfcbd7a69b7358","first_seen":"2026-03-17T01:44:19.869929Z","last_seen":"2026-03-17T01:45:19.132101Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1045,"timings":{"blocked":339,"dns":318,"connect":1,"send":0,"wait":367,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/bitcoin-refresh.2a51a9a2ac69e69936bfd0c688c20fee.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /bitcoin-refresh.2a51a9a2ac69e69936bfd0c688c20fee.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:54 GMT\r\netag: W/\"bdb-19cd35ae366\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z6782ykWNDZlQh%2BG6Qy5KeORhXLuIq45UbA4Cbg7RZqMg4MpcKIykwODev6%2B0WzOAOGj5fQsIXLiRSsixTCiGTIulp9S6MooM%2Bpeey4Kxoxn\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4ee0e32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":3035,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a288834cdbd1eecdac4ace538cadfe74","sha1":"e67349242134637e03140b4451e2e079df412836","sha256":"8257c38493381b425c798a3f599e3c4ba7f7c2006439482d0ad83235865d4918","sha512":"205eb29ade73d3a0a0f886272a7a58953f0c65e87b6f664f95a5bbfb3f5d05ef96a158b9b7788f7853954a86edfb92871ca4b0503d3365d43443ed0c61c55e48","ssdeep":"","tlshash":"245162c0773982f4b500babe5a5970b468eb24cc74d304d4da63bc066897549befc8ea","first_seen":"2024-08-04T01:00:31Z","last_seen":"2026-06-01T09:33:27.891676Z","times_seen":82,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/bitcoin-covert.c68b5b03f39600a3987bb2c148d05c91.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /bitcoin-covert.c68b5b03f39600a3987bb2c148d05c91.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:54 GMT\r\netag: W/\"dce-19cd35ae362\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y8UO2ZyJU78PO1mM%2B3MHvfxha2ZfBQQeyfBmISZHp4wEds18%2FqM1E0E%2BypvHko56aM6PqS7QAB3xGfdsUUT2Uk3%2F07cf%2FN5ZkhyY1xGhGTEG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4fe1532fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":3534,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"39074be27c3f9bb292a85986f95a3021","sha1":"6a2ad17606fa61005ba15ac996938f4ba0dca9ff","sha256":"29ab9c8e0c891f0ca7397fb1fac7126d4def5f0009d9d24b0436e368bef4877b","sha512":"ca8ebe28a4bced2c7af7190bafda2f27274ff69cca29ce9ef6bc933aabda525f63d26d53d2406e172c91bb8936ed270607ad4dc11e3dc7c60e79b704a0e7e1e2","ssdeep":"","tlshash":"1f712340233863f8b020b4be1f174171749739d6b8b695e2d7769c08b84142a2ed9dff","first_seen":"2024-06-29T20:17:21Z","last_seen":"2026-06-01T09:33:27.881398Z","times_seen":92,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":493,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/lock.d8a150df5ab67953286020df53006679.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /lock.d8a150df5ab67953286020df53006679.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"377-19cd35ae3aa\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H%2FOfzPCe7QWTVNNs6c%2BH6y7WEKVaEUchyu8Z%2FkePb8YD%2BbTu5%2BRbKek37sO3NEcGuPF8bg6FaTVnN1L9pz0c7743Pf92edb%2BX9auEHuj3vX5\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4fe1d32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":887,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fd5fa29eccf80d562c68fcc8c5b10651","sha1":"c97d69ab7900cabf2502a7806f312dfe1c35ea2c","sha256":"f32f4f20ac3fda33e75cb4964444544d6c5940cd59f0810da202d83c50ae4c54","sha512":"0d7237289de07f51a10bdf43278d62b05890efb7f7310102c9779938aeed73939d1a25199123fc741430ab152c5c2b5f1bd1b3706f68faba2c9d8d2b34cb45f2","ssdeep":"","tlshash":"c9118ca813a44cbcf93245b8c72e337420ab0d4b33445290e8726c38686952d6dbf6ed","first_seen":"2024-05-20T11:20:17Z","last_seen":"2026-06-01T09:33:27.889003Z","times_seen":87,"resource_available":false,"data":null}},"time_used":460,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":460,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/smart-phone.7297d1e53ef9ec14189fc4a5b8439f3f.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /smart-phone.7297d1e53ef9ec14189fc4a5b8439f3f.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"51e-19cd35ae462\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RB%2F2Wbh4Rhrz%2BHHWvjF8EnIoTp%2FWAVK2dnv9GJRDijCDX7BK9Xx%2F%2FPy4CUyh%2FKCdYji5VbQRn4f6%2BBnmCZn85KV1hopRKiF60zBFrEn5BHiF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4fe2132fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1310,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2b32758f9d0e476f28bdb85644d5c34a","sha1":"015dcc0aa5b3aab9d6f4babafdae4901983a27ae","sha256":"9f79b7e7bdcc36f3b7a38f73911e178de2fa0b05fbd9dd612c70935fff082118","sha512":"1c57de2064362c62b5571eb7f379479c40e260950ae1348b40be0e44fafd56791ac4b7488c5fb9fdcc0a6ef8409d71e283d0634df6b955c8102b13a66d2dd936","ssdeep":"","tlshash":"562137c4536c00b9390196650ace6879984321ef78e400609f3e3a125db593f2ef7bea","first_seen":"2024-06-10T05:31:53Z","last_seen":"2026-06-01T09:33:27.855332Z","times_seen":86,"resource_available":false,"data":null}},"time_used":500,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":500,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/pyth.878b61dd53e9c786aff070c93b2c765a.svg","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.174Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /pyth.878b61dd53e9c786aff070c93b2c765a.svg HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"162f-19cd35ae3b2\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1NMXC5MPMQg41Mmg4W2jQZwuQIyIxJsoCbwNWew2jR%2FZbpJ6T%2B%2FCXsl4viBiSKbPk%2FJmLdUC4PUnwv%2Bkp5a25tHe0f%2FKIAbre57frL5xAm5L\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4fe2a32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5679,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0e0f8b557cd3f93612411a494d65e172","sha1":"d682ed7e106216706bb022fea57af2c65679700d","sha256":"3841038cb76eff364241c4fcc5a48ac00faef6dab6a536531eb6c091d0624064","sha512":"9e2c49e5fa4ea293ba69a6db815c5d5ac33219be863de9c543d67a521f3dbd2c51874f4d418b13ffa5e894989410245fa296deeca819fc792c6651213b0852aa","ssdeep":"96:paAhow7KtiHJLIhlIiqhxENrsUsbgbFnYRzgMWLsNIH0sOreORwfjBw4O:pawoftiHarwwNrebgtY5ZWwNIHzbfO","tlshash":"ecc12117072cdb7e678b5aa5cc3858d33ed818c6d369f0dcea771a219907af640b4839","first_seen":"2024-04-29T06:05:56Z","last_seen":"2026-06-01T09:33:27.869021Z","times_seen":93,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/modal-12-seed.css","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /modal-12-seed.css HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:55 GMT\r\netag: W/\"72c5-19cd35ae3ae\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oPCrh8%2BYjat8vHnoiDuL50j5viJSccG%2BUQPGOYxkwQNXhZf3WWPA0OlA5jsT9%2Bf2oOvJ%2BoQEzxc8SLx8uX1qttr8Ohcqq7EAcvGO2vxjTp5O\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84ef4ede432fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":29381,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (29381), with no line terminators","md5":"e3e81fcf59ccd09e58a6b2d236358763","sha1":"a0af6da6b9d6cd063a0d15746fa66cdb80e2ce98","sha256":"3457317dd30b5da56a84c62342b66e60acaaa1641b210916f6c23216b558b4cd","sha512":"b47fd79c1639485acad99c9b1fc17f3726b8abba2f9a1a70f30175dcdccb15f3a88f16353e6e44a799952b19652e22184405bef3e3403cdd4a4b91b8fbca62f1","ssdeep":"192:nJMhQ4kbpen//mz0aMaJtIKLZDcxPVBqMZiS0RBacpyG3x71rw6ICoH:naklennMMZKFAxPVBqMInaeNBCCoH","tlshash":"0cd22b91ba48e117f6aa862f55c0f94c75d9e60bfcf30d69e420d0008ed7d6f2a792e4","first_seen":"2024-08-13T22:13:15Z","last_seen":"2026-06-10T18:05:03.294174Z","times_seen":249,"resource_available":false,"data":null}},"time_used":516,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":516,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/secureproxy?e=jscdn/getFile","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:45.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bubbleflapfun.top/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://bubbleflapfun.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"eb6s6ehua92dlji538ft\"}"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, origin, access-control-request-method, access-control-request-headers\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8%2Ft6oNwq3R1s3tT2LBOQ4m3GjQ55NtiUb4j4JH8RhtKaXjCoPN%2F12r%2FLZeIARVXcQ8sh%2FifgW0o6RXAzdmTAiiT2JvHDKcCHo35yHf7jmNILCg%3D%3D\"}]}\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\npriority: u=4,i=?0\r\ncf-ray: 9dd84efa6fc332fa-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3411847,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"63b220c1747ef4d29f96997be19557c3","sha1":"f4fccef25b4e5e5eaba76e2b8795d48eb423871a","sha256":"3912f150409ba67c281637510ff824ea3865fd24e46f4cc41a26213644d333d8","sha512":"b7a362a2dfe7b75a5a3d3feba75fac094278bdc779ac31492eef9710f392646b5081e8b3aab270fec58678cf9323eccff3e6559e8e29e09a941fdfabb1b5e7f3","ssdeep":"24576:a/b/YWmLkwsOukzMSPbg+lsVo5/Cr0OSzcfUjel7M0Rp7eGG7M:SGkwdNZngkO5pN","tlshash":"dd2523d32f575428cf9c5a9db0ab5d4f28044d135888aaa9e5dde8c731a8ff080db53b","first_seen":"2026-03-17T01:44:19.875313Z","last_seen":"2026-03-17T01:45:19.131449Z","times_seen":2,"resource_available":false,"data":null}},"time_used":916,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":461,"receive":455,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creativityblocksnodnjgf.pages.dev/maighrttethuv.xyz/logo192.html","fqdn":"creativityblocksnodnjgf.pages.dev","domain":"creativityblocksnodnjgf.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:45.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creativityblocksnodnjgf.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Feb 2026 09:14:31 GMT","end":"Fri, 15 May 2026 10:13:02 GMT"},"fingerprint":{"sha1":"6C:2D:58:15:2D:EB:AF:3A:F4:ED:4E:E8:01:A3:1D:2B:4F:56:1B:27","sha256":"18:AC:BA:8B:D8:E1:33:98:1B:23:03:04:E4:D7:41:9B:B5:CA:38:13:1B:62:DE:F7:E7:45:03:91:83:AE:93:F8"}}},"request":{"raw":"GET /maighrttethuv.xyz/logo192.html HTTP/1.1\r\nHost: creativityblocksnodnjgf.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:45 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KJQXIOlJeQoEG4uuT6cC%2Fl%2BQargHwNBR4R8tyCPaZ9%2FkcWH%2Fpg2sYjxNCmzfMM%2Bl0iMKJWdAZ6nFsAvpshQ67EyuhoUw%2BOOoFUpOdwT5esiZBhx3sM8s7LfxXpUrbJL2GQ%3D%3D\"}]}\r\netag: W/\"02eb64d51898718965f3790964073cef\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9dd84efc994eb28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":425,"timings":{"blocked":-1,"dns":28,"connect":1,"send":0,"wait":381,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/40c03850-8e8d-4210-897e-a19fff07de3a.js","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /40c03850-8e8d-4210-897e-a19fff07de3a.js HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff, nosniff\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: HIT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=otmL0NuhEbeDIipGjxA4ZBXGPsYPzGB1Ekh0TWS7ywWLY1k9LZg0Ek%2B8NA8CU50A3vVyl1e2GRaUF3ULKXH9FRfMvR1bgaJjbsyNc8oqP0vR\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9dd84ef4edea32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/gold.565d98bb392ce882f91847152f2dcb9e.png","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:44.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /gold.565d98bb392ce882f91847152f2dcb9e.png HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 3378\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:54 GMT\r\netag: W/\"d32-19cd35ae376\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=18UbzO5oCkKvL8SPZRYo2X48EVRM0ZFVzafKr3pdXA%2Bd9prpzEOtwhzO28B6LI3CM10eNwDuX3TsOuU6a8YboXAicVMHQqZ398ZIzvFcy7v4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9dd84ef4ee0232fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":3378,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x180, components 3","md5":"a55c75b7c4102ec7af8ab2a74e6e8d41","sha1":"36b4870df1fc9a8e34437f65081b1ffcce4f6b9c","sha256":"8b6ee2dc718b6cfa7fb42f03a42fc96baf275717099759dc965068e377f55def","sha512":"33ab86761ea303ebcb8f0589b68ebd8b1cf06406ae163ae04bcb1318617cec2975c0092aa4b418bcee559beee0b5b01712b5497b5d047abbc48aac281d20de2b","ssdeep":"","tlshash":"4a615b295a0c1b03e2ec227ede1e3f6ca5276ee4910dc39174422eaf5c5cf6429f3426","first_seen":"2024-02-28T10:39:14Z","last_seen":"2026-06-01T09:33:27.86512Z","times_seen":171,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":459,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bubbleflapfun.top/favicon.ico.html","fqdn":"bubbleflapfun.top","domain":"bubbleflapfun.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bubbleflapfun.top/","date":"2026-03-17T01:43:45.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bubbleflapfun.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Mar 2026 15:19:03 GMT","end":"Sun, 07 Jun 2026 15:19:02 GMT"},"fingerprint":{"sha1":"E8:EF:C8:54:D9:48:0E:D3:79:FB:A4:42:85:FD:00:FB:C1:31:89:CF","sha256":"D3:D8:59:4D:F2:6A:4C:7B:CE:A5:34:56:3B:17:DD:97:B1:92:5B:11:6C:E9:7E:8A:D8:25:4C:B3:05:AF:FD:5B"}}},"request":{"raw":"GET /favicon.ico.html HTTP/1.1\r\nHost: bubbleflapfun.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bubbleflapfun.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 17 Mar 2026 01:43:45 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 09 Mar 2026 16:07:54 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CL9vhSR1Xe9xgzPJnsirASedU%2FizE9uKox44vSZwWASA6dmPPVKWr9QiLtyb8wlgyWvRfsIMh%2FMRs3gcO%2BLKC2r2fO8sdcC%2BPPP6hWi5xvBM\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9dd84efc5b1232fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1138,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (406)","md5":"854f056f1ea81896d52343f0372c5bf5","sha1":"5e37cf48cd81e406233712b5be5376f985d36b8b","sha256":"59573977fcb88225b826993b7ea7df784da4331a821d55949d375b68493ecfd5","sha512":"4a0deb307931837074953f5669a72a969fdc5a58e40dd2e28ae8ef31da274ee778634affd6c2fd01e0598889270b836f53b46b1e3087d7cece7439668567e331","ssdeep":"","tlshash":"a42196213c17ea0da4f144805db4e61c8c0a138ea294ad88bbfed93768c86c1a93f5dc","first_seen":"2025-05-14T13:29:13.417794Z","last_seen":"2026-03-17T01:45:19.127066Z","times_seen":16,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":176,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bubbleflapfun.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}