{"report_id":"22c920df-a940-4219-aadb-18bbce59ea44","version":6,"status":"done","tags":[],"date":"2025-12-13T00:25:49Z","url":{"schema":"https","addr":"t.co/pH9BLwQe9r","fqdn":"t.co","domain":"t.co","tld":"co"},"ip":{"addr":"162.159.140.229","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"investupahead.com/e191d2fc-2425-4804-8ca5-0b7542d6a9a1","fqdn":"investupahead.com","domain":"investupahead.com","tld":"com"},"title":"Log in to My Account | American Express US","dom":{"size":186557,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (46166)","md5":"2826b1a62ee7f0156cbbda0872f8b596","sha1":"0d6c5db1575645caa5cc95719a6e22621c222377","sha256":"fd3dcee6341561e6263d600416724e09e32175c9445477f80e6dee5ce07e77dc","sha512":"3fc5472cbdefde48e577d4ad8f865d4ba026b8869510a8449bfd960a9c002d80898d4bdad35691d735e8750139a73e19bbf4b3ff89ca014af7c51d254efe66e1","ssdeep":"1536:fdTO/8Gu3iIob0mTbYkIOHLS0nRV+U1Y2AzEbtVcDrM3ZLhNS2kEO5Qw7qUr49iq:fdTORGA0mTlLSiRV+cY3wbTuMQ5mwW9t","tlshash":"be042a1715a655251c6f2cea4fe73e4d7a94f483c802c650f4ed8accaf97b81899a3cc","dom_hash":"domhash4b1f4e430ec1306b5d023e57080c5034","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"t.co/pH9BLwQe9r","fqdn":"t.co","domain":"t.co","tld":"co"},"ip":{"addr":"162.159.140.229","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-17T00:25:49Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"investupahead.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"investupahead.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-12-07T22:19:32.033314Z","alert_count":0,"request_count":1,"received_data":20212,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"themes-app.netlify.app","ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2018-05-08","domain_rank":5632740,"first_seen":"2023-10-14T22:46:13Z","last_seen":"2025-11-25T17:39:40.473173Z","alert_count":0,"request_count":2,"received_data":624,"sent_data":814,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}]},{"fqdn":"icm.aexp-static.com","ip":{"addr":"96.6.17.190","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"2010-10-07","domain_rank":109759,"first_seen":"2014-03-19T13:44:33Z","last_seen":"2025-12-09T15:55:07.972523Z","alert_count":0,"request_count":2,"received_data":13119,"sent_data":902,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2025-12-07T22:35:32.893904Z","alert_count":0,"request_count":1,"received_data":86564,"sent_data":409,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.aexp-static.com","ip":{"addr":"96.6.17.190","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"2010-10-07","domain_rank":82636,"first_seen":"2012-05-24T14:06:16Z","last_seen":"2025-12-09T15:55:08.790674Z","alert_count":0,"request_count":1,"received_data":2702,"sent_data":477,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"investupahead.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-02-09","domain_rank":4236950,"first_seen":"2025-12-11T07:29:03.922864Z","last_seen":"2025-12-11T07:29:03.922864Z","alert_count":4,"request_count":2,"received_data":253249,"sent_data":1017,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"secureplan.xyz","ip":{"addr":"206.168.149.26","port":443,"asn":53850,"as":"GORILLASERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-03-03","domain_rank":0,"first_seen":"2025-12-13T00:25:49.576528Z","last_seen":"2025-12-13T00:25:49.576528Z","alert_count":0,"request_count":1,"received_data":523,"sent_data":499,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-12-07T22:25:33.399392Z","alert_count":0,"request_count":3,"received_data":449778,"sent_data":1229,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"t.co","ip":{"addr":"172.66.0.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2010-04-26","domain_rank":232,"first_seen":"2012-07-25T19:09:44Z","last_seen":"2025-12-08T13:54:41.695771Z","alert_count":0,"request_count":2,"received_data":2654,"sent_data":1167,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]},{"fqdn":"cdn.shopify.com","ip":{"addr":"23.227.39.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"Canada","country_code":"CA"},"domain_registered":"2005-03-11","domain_rank":3587,"first_seen":"2012-06-22T18:37:14Z","last_seen":"2025-12-08T00:11:28.209135Z","alert_count":0,"request_count":1,"received_data":10257,"sent_data":458,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Shopify","description":"Shopify is a subscription-based software that allows anyone to set up an online store and sell their products. Shopify store owners can also sell in physical locations using Shopify POS, a point-of-sale app and accompanying hardware.","website":"https://shopify.com","common_platform_enumeration":"","icon":"Shopify.svg","categories":["Ecommerce","CMS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-04T02:23:44.928154Z","times_seen":444674,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-04T02:23:44.781794Z","times_seen":261115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.3.1.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a07da9fae934baf3f749e876bbfdd96","sha1":"46a436eba01c79acdb225757ed80bf54bad6416b","sha256":"d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad","sha512":"e525248b09a6fb4022244682892e67bbf64a3e875eb889db43b0a24ab4a75077b5d5d26943ca382750d4febc3883193f3be581a4660065b6fc7b5ec20c4a044b","ssdeep":"6144:+tah6/K+TCtlMhTze/RZcYmDizK8dB7alFys/WL/umH4N0IPfKu5AA11vrIY:9pZcYmDcHwFygmY1PfjAA1Br3","tlshash":"f844a4d8fb8d112e423231aa9c2f12cdb77dd171560458aebd4d597c24a083d82faf7a","size":271751,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-04T02:38:42.462542Z","times_seen":51044,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"secureplan.xyz/AttenLinnkk.html","fqdn":"secureplan.xyz","domain":"secureplan.xyz","tld":"xyz"},"ip":{"addr":"206.168.149.26","port":443,"asn":53850,"as":"GORILLASERVERS","country":"United States","country_code":"US"},"introduction_type":"domTimer","is_inline":false,"md5":"6a56d07c4f446cc1c512f4b67e2f660f","sha1":"8815cb4a70aaa87856b85f7bd791f4d3cdab3a3a","sha256":"4f9a19722dd7b4e1f36d7971705bc1d879e0a72bb0f091e88cb2c16c028378ff","sha512":"2cc10ddd95f317bdebb5c1e8a6601a4babacc57be1d669ee7217936cf6d5531be98af2467bc492d31510352d837406924d02cf2c7b44deeb06f782e19cc1c2c6","ssdeep":"","tlshash":"2da022e38c2a83200fa303e02883b002832f38be080cc080f2300a008b883ef000bbcc","size":74,"data":"","first_seen":"2025-12-13T00:25:52.750297Z","last_seen":"2025-12-13T00:25:52.750297Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"investupahead.com/wp-includes/THMAMEMX858.html","fqdn":"investupahead.com","domain":"investupahead.com","tld":"com"},"ip":{"addr":"97.107.129.170","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2c7f974591efacec6ef18ea8fb52f578","sha1":"af28369bd7defe8d01531e84dd1765ffb29b3266","sha256":"77f57bdad3a77905c3e26583ec55838fd56de5f56d961c871e1f2237a493ec45","sha512":"461e427bdb130550ed1f67c9cafaf56f3e52419a9912b86be782e8d28807fc84111d365a977299bcb66b7feb110dc3139d424b0b6e8982877dfc4625dc40d531","ssdeep":"","tlshash":"c011271fb457364c59a390c9415999cad37570a7364245e5353ebf40cf18298e1f24b0","size":890,"data":"","first_seen":"2025-10-23T21:43:58.153455Z","last_seen":"2026-04-03T16:18:43.94763Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"70d3fda195602fe8b75e0097eed74dde","sha1":"c3b977aa4b8dfb69d651e07015031d385ded964b","sha256":"a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66","sha512":"51affb5a8cfd2f93b473007f6987b19a0a1a0fb970ddd59ef45bd77a355d82abbbd60468837a09823496411e797f05b1f962ae93c725ed4c00d514ba40269d14","ssdeep":"384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f","tlshash":"1c82a3cc3291b06643a79167a06f960fb2339979614e9410f199f2d87c70ef9913fc7a","size":19188,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-04T01:30:25.603817Z","times_seen":103938,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.1.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e071abda8fe61194711cfc2ab99fe104","sha1":"f647a6d37dc4ca055ced3cf64bbc1f490070acba","sha256":"85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf","sha512":"53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"3183d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","size":86709,"data":"","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-04-04T02:23:44.782345Z","times_seen":138355,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"investupahead.com/e191d2fc-2425-4804-8ca5-0b7542d6a9a1","fqdn":"investupahead.com","domain":"investupahead.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"8eff2d6bd36ad1145532911fd980eef3","sha1":"7f407952032978fd58acb5bfbe73f4f13e351715","sha256":"90690d289ce4f2369823e235552091ccc803859d969e3af23b68747b2375d599","sha512":"f58cefb1200c4f874211757e80dddd88f0a80fc30cbeb0d49e2573938932d139628bf5e1656e57a6599574fb8d72b4812772490bf59fcb1d1a561c4790615767","ssdeep":"768:49id+2SFeiKdxO1y283rHE+7BCYiCxB+l6m79m39d6mFuOASCgJyQ:49idFSFeiKTO1y283rH/BCYiK8pByrvT","tlshash":"46f2c70a556305395af34899abf73ac43ae01cd7d884c8703cbccadb2f6268659747de","size":36976,"data":"","first_seen":"2025-11-13T17:41:05.843692Z","last_seen":"2026-02-08T16:20:22.071889Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"secureplan.xyz/AttenLinnkk.html","fqdn":"secureplan.xyz","domain":"secureplan.xyz","tld":"xyz"},"ip":{"addr":"206.168.149.26","port":443,"asn":53850,"as":"GORILLASERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-13T00:25:27.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"secureplan.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 03 Nov 2025 10:55:14 GMT","end":"Sun, 01 Feb 2026 10:55:13 GMT"},"fingerprint":{"sha1":"CA:B4:58:7A:34:9B:32:B6:60:A0:EB:D9:C4:AE:4D:06:21:9C:90:9D","sha256":"66:FE:DD:4C:16:C8:E9:3D:28:81:99:1E:1D:3E:E3:C8:92:8E:4B:98:4F:B3:24:1A:55:82:1A:6E:08:FD:C6:59"}}},"request":{"raw":"GET /AttenLinnkk.html HTTP/1.1\r\nHost: secureplan.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\nlast-modified: Fri, 12 Dec 2025 18:29:53 GMT\r\naccept-ranges: bytes\r\ncontent-length: 138\r\ndate: Sat, 13 Dec 2025 00:25:28 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"d055d0f2a07e421b03908c1d9593f4dd","sha1":"60b046dac748cda21f28dbd6893deda5239933ac","sha256":"6742fed98a3a05ed3f3c37f2525bb8ed6b6b2d6f6e72041efa772db1ebe6ca6d","sha512":"96e73e65b15c0e86437645bf0e2661e8dee673a87c9e3f0792264e6870c1a214462e2fa2c39c3f9bb64d57441e74643af0b71d190fed77afd9cfcaba5eeb7f96","ssdeep":"","tlshash":"f0c02bc14c83c140067106e1c837e408412fa1798104c5c0f1b10c1187447cd29037dc","first_seen":"2025-12-13T00:25:52.730472Z","last_seen":"2025-12-13T00:25:52.730472Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1310,"timings":{"blocked":573,"dns":236,"connect":164,"send":0,"wait":164,"receive":0,"ssl":170},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:28.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.6.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://investupahead.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-15d9d\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 00:25:28 GMT\r\nage: 2794860\r\nx-served-by: cache-lga21931-LGA, cache-hel1410031-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 71, 173029\r\nx-timer: S1765585529.889238,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30875\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-04T02:23:44.928154Z","times_seen":444674,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":73,"dns":1,"connect":27,"send":0,"wait":26,"receive":8,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"themes-app.netlify.app/img/dw.png","fqdn":"themes-app.netlify.app","domain":"themes-app.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:29.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 31 Jan 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71","sha256":"FA:34:6A:A0:1C:F5:9C:C7:30:CA:55:23:13:A1:3E:0F:21:8C:3A:0B:B5:CC:E5:67:09:FE:64:EC:97:4E:8D:75"}}},"request":{"raw":"GET /img/dw.png HTTP/1.1\r\nHost: themes-app.netlify.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, max-age=0\r\ncontent-type: text/plain; charset=utf-8\r\ndate: Sat, 13 Dec 2025 00:25:29 GMT\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-nf-request-id: 01KCAHJADJ134EPKWC0BF7CHYG\r\ncontent-length: 50\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":210,"timings":{"blocked":172,"dns":0,"connect":28,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"themes-app.netlify.app/img/tn.gif","fqdn":"themes-app.netlify.app","domain":"themes-app.netlify.app","tld":"netlify.app"},"ip":{"addr":"63.176.8.218","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:29.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.netlify.app","organization":"Netlify, Inc"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 31 Jan 2025 00:00:00 GMT","end":"Tue, 03 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71","sha256":"FA:34:6A:A0:1C:F5:9C:C7:30:CA:55:23:13:A1:3E:0F:21:8C:3A:0B:B5:CC:E5:67:09:FE:64:EC:97:4E:8D:75"}}},"request":{"raw":"GET /img/tn.gif HTTP/1.1\r\nHost: themes-app.netlify.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, max-age=0\r\ncontent-type: text/plain; charset=utf-8\r\ndate: Sat, 13 Dec 2025 00:25:29 GMT\r\nserver: Netlify\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-nf-request-id: 01KCAHJADKRS2HWYY89EZTQW4Z\r\ncontent-length: 50\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Netlify","description":"Netlify providers hosting and server-less backend services for web applications and static websites.","website":"https://www.netlify.com/","common_platform_enumeration":"","icon":"Netlify.svg","categories":["PaaS","CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":207,"timings":{"blocked":186,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icm.aexp-static.com/content/dam/one-amex/marketing/en-us/Amex_Banner.jpg","fqdn":"icm.aexp-static.com","domain":"aexp-static.com","tld":"com"},"ip":{"addr":"96.6.17.190","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:29.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.americanexpress.com","organization":"American Express Company"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 24 Sep 2025 00:00:00 GMT","end":"Wed, 23 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6F:E1:06:90:3D:67:77:FD:37:70:A0:A4:4A:DD:30:3C:BF:A8:24:22","sha256":"40:29:EF:0A:AA:F5:D5:7F:37:FD:74:1F:80:3F:28:42:35:ED:A0:2D:8C:1B:A3:47:CC:17:BC:57:8C:A0:4D:17"}}},"request":{"raw":"GET /content/dam/one-amex/marketing/en-us/Amex_Banner.jpg HTTP/1.1\r\nHost: icm.aexp-static.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Wed, 22 Oct 2025 21:29:02 GMT\r\naccess-control-allow-headers: Content-Type\r\netag: \"ab0c-62b102b2f4b1d-gzip\"\r\ncontent-security-policy: default-src 'self'\r\nserver: Akamai Image Manager\r\nx-serial: 1312\r\ncontent-length: 7894\r\ncontent-type: image/avif\r\ncache-control: private, no-transform, max-age=23986\r\nexpires: Sat, 13 Dec 2025 07:05:15 GMT\r\ndate: Sat, 13 Dec 2025 00:25:29 GMT\r\nakamai-request-bc: [a=23.36.77.188,b=155917181,c=g,n=NO__OSLO,o=20940]\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7894,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"691e4e2f31a888fe02618554cc871541","sha1":"bc783b9c3a5d51f3809525405a5b16a56c69a66b","sha256":"b2ee0f6a5f1e785e9ae8da16074759ea20ba49757ec142e5e682ba08545502a9","sha512":"1fca485c647393039202c7e818e964ca60cb965e5bb3a32e3c90f357e8032d4faf84028896e71e5dc9796b742d774e8905a2f44b7edfe4835351801e9f2cd814","ssdeep":"192:rGq9Mtte6IvP6MFc7Naljx+4U1SS+sVHYvwJokTm:rvM4HvW8fd2VHYoJlC","tlshash":"72f17d3af629c7eae1ed87b22865374193a4fe8401e1530a7c03708dcd9aabdcf51507","first_seen":"2025-03-17T04:21:50.305317Z","last_seen":"2026-04-03T16:18:43.94011Z","times_seen":431,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":128,"dns":98,"connect":1,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t.co/pH9BLwQe9r","fqdn":"t.co","domain":"t.co","tld":"co"},"ip":{"addr":"172.66.0.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-13T00:25:27.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"t.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 11:16:13 GMT","end":"Fri, 13 Feb 2026 11:16:12 GMT"},"fingerprint":{"sha1":"21:5E:49:8B:6E:47:BC:50:8A:2C:13:39:54:FA:AA:2A:5E:2A:5D:3C","sha256":"76:5D:64:03:57:50:37:2E:A3:48:F7:11:DB:3E:63:60:92:0F:A2:8F:80:62:40:D7:A2:F4:E8:81:EA:9A:90:40"}}},"request":{"raw":"GET /pH9BLwQe9r HTTP/1.1\r\nHost: t.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Dec 2025 00:25:27 GMT\r\ncontent-type: text/html; charset=utf-8\r\nperf: 7402827104\r\nvary: Origin, accept-encoding\r\nserver: cloudflare envoy\r\nexpires: Sat, 13 Dec 2025 00:30:27 GMT\r\nset-cookie: muc=4b943675-2161-4477-802f-258b43351737; Max-Age=34214400; Expires=Wed, 13 Jan 2027 00:25:27 GMT; Domain=t.co; Secure; SameSite=None\n__cf_bm=peUpDIsZXubimqLEjS0XlZ1J1esu7y1eofZuEqT0VXc-1765585527.0506027-1.0.1.1-bjqA51vL0ci2oUmxxcV.fFU6zQ18h7KqOTlvngAGh8xWrI9WvtDkr3nuy9oukX7J9Oqzccs8tv1WT9cCC7AVSlsADkCw.l.fMsblnMhuD8BW4MLCeMdxx6.tzwMj0VUA; HttpOnly; Secure; Path=/; Domain=t.co; Expires=Sat, 13 Dec 2025 00:55:27 GMT\r\ncache-control: private,max-age=300\r\nreferrer-policy: unsafe-url\r\nx-transaction-id: 05812abd9e632453\r\nx-xss-protection: 0\r\ncontent-security-policy: referrer always;\r\nx-response-time: 14\r\norigin-cf-ray: 9ad153080e2a56cb-OSL\r\nstrict-transport-security: max-age=631138519; includeSubdomains\r\nx-served-by: t4_a\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: gzip\r\ncf-ray: 9ad153080e2a56cb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":308,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (308), with no line terminators","md5":"52c77df7168c41697a4cbfa25826299d","sha1":"f026dbf33207b5ec2773f3410ce8ed11b97df148","sha256":"c63b71aeca2b33c3e639dfba2ab5a985f288af6a1367d4ff471df05277d26274","sha512":"0423b6c0ca0d420e5f2bc655595ed76e36923d55871614da528a7d15ce2dee0801e1e699640ed56e6d3f0720e2a4e05f2c6259f47f783f08e6521c7f0527392d","ssdeep":"","tlshash":"c2e02b961c144c537370f5b3e8f073dc7174589e95c9cc29d1c0685a9150fe9f69329c","first_seen":"2025-12-13T00:25:52.738511Z","last_seen":"2025-12-13T00:25:52.738511Z","times_seen":1,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":32,"dns":20,"connect":2,"send":0,"wait":157,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:29.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:40:14 GMT","end":"Mon, 16 Feb 2026 08:40:13 GMT"},"fingerprint":{"sha1":"DF:9F:85:F6:4A:53:64:E2:D3:A4:9C:9B:0A:4D:88:F2:DD:8C:92:6C","sha256":"99:65:94:2E:11:0B:3A:F6:B6:E7:38:F9:58:D0:01:2A:B6:CA:D4:2D:38:BB:87:ED:72:23:CA:63:32:85:95:35"}}},"request":{"raw":"GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30028\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 06 Dec 2025 14:17:56 GMT\r\nexpires: Sun, 06 Dec 2026 14:17:56 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nage: 554853\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":85578,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-04T02:23:44.781794Z","times_seen":261115,"resource_available":true,"data":null}},"time_used":349,"timings":{"blocked":150,"dns":1,"connect":21,"send":0,"wait":22,"receive":22,"ssl":126},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.3.1.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:29.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.3.1.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://investupahead.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-42587\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 00:25:29 GMT\r\nage: 2017618\r\nx-served-by: cache-lga21980-LGA, cache-hel1410031-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 99, 2700\r\nx-timer: S1765585529.065435,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 80268\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":271751,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"6a07da9fae934baf3f749e876bbfdd96","sha1":"46a436eba01c79acdb225757ed80bf54bad6416b","sha256":"d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad","sha512":"e525248b09a6fb4022244682892e67bbf64a3e875eb889db43b0a24ab4a75077b5d5d26943ca382750d4febc3883193f3be581a4660065b6fc7b5ec20c4a044b","ssdeep":"6144:+tah6/K+TCtlMhTze/RZcYmDizK8dB7alFys/WL/umH4N0IPfKu5AA11vrIY:9pZcYmDcHwFygmY1PfjAA1Br3","tlshash":"f844a4d8fb8d112e423231aa9c2f12cdb77dd171560458aebd4d597c24a083d82faf7a","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-04T02:38:42.462542Z","times_seen":51044,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-stack.svg","fqdn":"www.aexp-static.com","domain":"aexp-static.com","tld":"com"},"ip":{"addr":"96.6.17.190","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:29.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.americanexpress.com","organization":"American Express Company"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 24 Sep 2025 00:00:00 GMT","end":"Wed, 23 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6F:E1:06:90:3D:67:77:FD:37:70:A0:A4:4A:DD:30:3C:BF:A8:24:22","sha256":"40:29:EF:0A:AA:F5:D5:7F:37:FD:74:1F:80:3F:28:42:35:ED:A0:2D:8C:1B:A3:47:CC:17:BC:57:8C:A0:4D:17"}}},"request":{"raw":"GET /cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-stack.svg HTTP/1.1\r\nHost: www.aexp-static.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 31 Oct 2019 17:37:19 GMT\r\netag: W/\"5dbb1bcf-66e\"\r\ntiming-allow-origin: *\r\ncache-control: max-age=31536000, must-revalidate\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self' https://qwww.aexp-static.com https://www.aexp-static.com script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com style-src 'self' 'unsafe-inline' https://qwww.aexp-static.com https://www.aexp-static.com img-src 'self' https://qwww.aexp-static.com https://www.aexp-static.com connect-src 'self' https://www.google-analytics.com frame-ancestors include /etc/nginx/conf.d/http.d/headers/allowed-ancestors.conf report-uri /csp-report;\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=15768000;\r\ncontent-encoding: gzip\r\ncontent-length: 743\r\ndate: Sat, 13 Dec 2025 00:25:29 GMT\r\nakamai-request-bc: [a=23.36.77.188,b=155917183,c=g,n=NO__OSLO,o=20940]\r\nvary: Origin, Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1646,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"78af472d7f07aacd83d8e224c119950a","sha1":"b04f7889c9277106b40ef90b7b19c1091884d876","sha256":"fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519","sha512":"ac57e0f3537b43926d853440eb2b29a00acbe9f44c6f06a05529010803be704ba8f7ca0adc2595264651d75d8676c6ebd1ac0d9b82e801721df5f2140c1098ce","ssdeep":"","tlshash":"4831cd3d8354d698896aceedcf2bf8a4b08c90edd0d5c3505222c521792b5ddb89c55a","first_seen":"2023-05-03T02:14:21Z","last_seen":"2026-04-03T22:08:09.801274Z","times_seen":1843,"resource_available":false,"data":null}},"time_used":290,"timings":{"blocked":132,"dns":104,"connect":1,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"investupahead.com/favicon.ico","fqdn":"investupahead.com","domain":"investupahead.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:28.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"investupahead.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 23:08:44 GMT","end":"Fri, 06 Mar 2026 23:08:43 GMT"},"fingerprint":{"sha1":"8B:F3:AE:DB:71:0B:BE:41:EF:1C:23:62:D6:F1:82:B7:63:8A:D1:1D","sha256":"FB:9A:96:3D:29:E1:E4:9F:49:B3:87:67:12:FC:59:4B:1D:D3:7C:1D:43:D4:01:3E:FA:9E:EE:A4:6C:E2:D2:01"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: investupahead.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://investupahead.com/wp-includes/THMAMEMX858.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"investupahead.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"investupahead.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.1.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:29.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.1.1.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-152b5\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sat, 13 Dec 2025 00:25:29 GMT\r\nage: 2743200\r\nx-served-by: cache-lga21947-LGA, cache-hel1410031-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 118, 8106\r\nx-timer: S1765585529.063056,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30070\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86709,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32030)","md5":"e071abda8fe61194711cfc2ab99fe104","sha1":"f647a6d37dc4ca055ced3cf64bbc1f490070acba","sha256":"85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf","sha512":"53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"3183d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-04-04T02:23:44.782345Z","times_seen":138355,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.shopify.com/s/files/1/1981/3517/files/Payments_American_Express.png?v=1756390046","fqdn":"cdn.shopify.com","domain":"shopify.com","tld":"com"},"ip":{"addr":"23.227.39.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:29.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.shopify.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 16 Oct 2025 19:20:41 GMT","end":"Wed, 14 Jan 2026 20:20:40 GMT"},"fingerprint":{"sha1":"87:5B:58:A1:ED:98:E3:74:D5:77:47:24:73:6A:F2:E1:21:9B:69:B6","sha256":"CB:7D:85:1A:7C:39:E1:62:63:38:34:25:30:D3:CA:E4:28:C2:93:44:BA:78:73:D0:D1:8E:05:40:AB:FC:EF:DE"}}},"request":{"raw":"GET /s/files/1/1981/3517/files/Payments_American_Express.png?v=1756390046 HTTP/1.1\r\nHost: cdn.shopify.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Dec 2025 00:25:29 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8910\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ncache-control: public, max-age=31557600\r\nlink: \u003chttps://cdn.shopify.com/s/files/1/1981/3517/files/Payments_American_Express.png\u003e; rel=\"canonical\"\r\nsource-length: 13549\r\nsource-type: image/png\r\ntiming-allow-origin: *\r\nvary: Accept, Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-request-id: 788889ca-900b-4bd2-87a4-7cc5ef92660e-1762647083\r\nx-shopid: 19813517\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\nx-dc: gcp-us-east1,gcp-us-central1\r\nlast-modified: Sun, 09 Nov 2025 00:11:23 GMT\r\ncf-cache-status: HIT\r\nage: 2879021\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=o5tQuEjtakmGKmaHkP4C6V4UCDsOxdzmujBqiLvJBX%2FUgwqOt5A0SJAp3VObl7tn3ROp%2Fn9%2BVE8exD%2Bsf4BlrVmAOJqqlI9c1WsDK%2FC7Iv2I9pg0qIocGTYawmIXxu48Xw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver-timing: imagery;dur=277.224, imageryFetch;dur=168.913, imageryProcess;dur=68.459;desc=\"image\", cfRequestDuration;dur=20.999908\r\nserver: cloudflare\r\ncf-ray: 9ad15314eb610b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Shopify","description":"Shopify is a subscription-based software that allows anyone to set up an online store and sell their products. Shopify store owners can also sell in physical locations using Shopify POS, a point-of-sale app and accompanying hardware.","website":"https://shopify.com","common_platform_enumeration":"","icon":"Shopify.svg","categories":["Ecommerce","CMS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8910,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"e04fdffdaf3fd568521112a81f12d2f0","sha1":"885f699a8bfac58e30824112a72b32e0a7c4bbb1","sha256":"168c630a358b64a4011df3c342f393f46b2ab16a2d4c2cc5c79eefb46517280a","sha512":"952dc4a5917d113052330a34048bff7632f7c3c63b5783561df80a8e8c5c13ffb7045e475b9bde6e57aeda92fe408c37155f688d9a8e7e81474581bf97a1ec04","ssdeep":"192:WzvJ5NpiiDro4yyqblHTB5/hJZCfYPVoOl:OiyyyqxHTBNhbw4xl","tlshash":"8702ae0b5e30e969c2c406f914e3af44b15b3f58e5088f97652ea39636701c95abdb84","first_seen":"2025-09-29T17:07:39.755592Z","last_seen":"2026-04-03T16:18:43.942721Z","times_seen":258,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":46,"dns":31,"connect":1,"send":0,"wait":27,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t.co/favicon.ico","fqdn":"t.co","domain":"t.co","tld":"co"},"ip":{"addr":"172.66.0.227","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t.co/pH9BLwQe9r","date":"2025-12-13T00:25:27.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"t.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 11:16:13 GMT","end":"Fri, 13 Feb 2026 11:16:12 GMT"},"fingerprint":{"sha1":"21:5E:49:8B:6E:47:BC:50:8A:2C:13:39:54:FA:AA:2A:5E:2A:5D:3C","sha256":"76:5D:64:03:57:50:37:2E:A3:48:F7:11:DB:3E:63:60:92:0F:A2:8F:80:62:40:D7:A2:F4:E8:81:EA:9A:90:40"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: t.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://t.co/pH9BLwQe9r\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: muc=4b943675-2161-4477-802f-258b43351737; __cf_bm=peUpDIsZXubimqLEjS0XlZ1J1esu7y1eofZuEqT0VXc-1765585527.0506027-1.0.1.1-bjqA51vL0ci2oUmxxcV.fFU6zQ18h7KqOTlvngAGh8xWrI9WvtDkr3nuy9oukX7J9Oqzccs8tv1WT9cCC7AVSlsADkCw.l.fMsblnMhuD8BW4MLCeMdxx6.tzwMj0VUA\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Dec 2025 00:25:27 GMT\r\ncontent-type: image/x-icon\r\nperf: 7402827104\r\nserver: cloudflare envoy\r\ncache-control: no-cache, no-store, max-age=0\r\nx-transaction-id: b72c7cc535b3f5a3\r\nx-response-time: 2\r\norigin-cf-ray: 9ad1530aff5256cb-OSL\r\nstrict-transport-security: max-age=631138519; includeSubdomains\r\nx-served-by: t4_a\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __cf_bm=ENEay0WSHklevjZJEs9UN1.DstoC447DnNmqXDOFY_Q-1765585527.5116353-1.0.1.1-brqVAJRwKOUw2es4gvLyFLuo6LhyYsdDvFmOisE5y6qKZd5PRBJk6bnabgSQUJh5UKldmixJbHFBNj8rXTjs0Tz7PmTpxKgrXgcnKd225Eqn_3336xnCXb7yX3QHJkAG; HttpOnly; Secure; Path=/; Domain=t.co; Expires=Sat, 13 Dec 2025 00:55:27 GMT\r\ncontent-encoding: gzip\r\ncf-ray: 9ad1530aff5256cb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":549,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"9d99a2372bbd5b28ef4b2eaecac8c805","sha1":"6503a35c95cdf2d08ed83e17ae81c8b0e58f49c2","sha256":"cc4939af5d16855f2bea8322dbf33461ebc6bfd092fa3e2291d87d3d83ebd8ed","sha512":"7efba58d391137ea50c0ed95025316e404ce8fed549c386f2d3316d91797cd39e5447db9b0ffdb0ebadbaf1f38766743603c140b8dfb956eccc144aa78cff766","ssdeep":"","tlshash":"06f0eb835322f47ce2c32a41b646d0fce92a472a085c4c0c032da5ba9a5195c9e4b068","first_seen":"2023-07-25T15:05:02Z","last_seen":"2026-04-03T19:26:56.138969Z","times_seen":5705,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":143,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"investupahead.com/wp-includes/THMAMEMX858.html","fqdn":"investupahead.com","domain":"investupahead.com","tld":"com"},"ip":{"addr":"97.107.129.170","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-13T00:25:28.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"investupahead.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 23:08:44 GMT","end":"Fri, 06 Mar 2026 23:08:43 GMT"},"fingerprint":{"sha1":"8B:F3:AE:DB:71:0B:BE:41:EF:1C:23:62:D6:F1:82:B7:63:8A:D1:1D","sha256":"FB:9A:96:3D:29:E1:E4:9F:49:B3:87:67:12:FC:59:4B:1D:D3:7C:1D:43:D4:01:3E:FA:9E:EE:A4:6C:E2:D2:01"}}},"request":{"raw":"GET /wp-includes/THMAMEMX858.html HTTP/1.1\r\nHost: investupahead.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://secureplan.xyz/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\netag: \"3db73-693c5ede-63;br\"\r\nlast-modified: Fri, 12 Dec 2025 18:28:46 GMT\r\ncontent-type: text/html\r\ncontent-length: 75356\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 13 Dec 2025 00:25:28 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":252787,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (65145)","md5":"ff78f79d8b6700cebbc5e369d6c833e8","sha1":"ecbe81cff1b7b2dde1a6d8f033fe4a5ac6b26d31","sha256":"7f0651212cd9fdbd6d0d80a904870aa3ef394fc8fb97399035e66ecde38dfc7f","sha512":"02f67882bd2e0958746780a0c5dd0c989f48b65ed8920d116c1c1b7cdb65423ca74015638d326731da2250d958426d8556d4f42c29c187addae9ae9789d50c9d","ssdeep":"3072:n9ORfwsKRC2muHz3uJUWCMw99y/xDPR3wD2ckIkkPk+onJGhZa2C:9ORfI0E5H99y/RPR3cvC","tlshash":"d0345c07df792d88cb28a71792ec4aed1b7c93d9a28540cc542efd44c4ffa6598c84e9","first_seen":"2025-11-13T17:41:05.82828Z","last_seen":"2026-02-08T16:20:22.067254Z","times_seen":20,"resource_available":true,"data":null}},"time_used":790,"timings":{"blocked":260,"dns":75,"connect":88,"send":0,"wait":88,"receive":178,"ssl":97},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"investupahead.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-13","alert":"Sinkholed","trigger":"investupahead.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:29.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://investupahead.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Dec 2025 00:25:29 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6157\r\ncf-ray: 9ad15314af12b4f4-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03fa9-4af4\"\r\nlast-modified: Mon, 04 May 2020 16:15:37 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 659661\r\nexpires: Thu, 03 Dec 2026 00:25:29 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=tf7X0Is%2F4DmSs3G7wq2R%2FZXthhOIsh3gKNHFTx4WrSlVqfio2%2FqtkzXczFkRR0A2pWpj%2F3ay%2BwgIM1iSseF7pQ6ipouJIB%2BnSc54rAxdXOYBs6qKRi7eUQT7oZgu%2BtldC1zqcHkd\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19188,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (19015)","md5":"70d3fda195602fe8b75e0097eed74dde","sha1":"c3b977aa4b8dfb69d651e07015031d385ded964b","sha256":"a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66","sha512":"51affb5a8cfd2f93b473007f6987b19a0a1a0fb970ddd59ef45bd77a355d82abbbd60468837a09823496411e797f05b1f962ae93c725ed4c00d514ba40269d14","ssdeep":"384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f","tlshash":"1c82a3cc3291b06643a79167a06f960fb2339979614e9410f199f2d87c70ef9913fc7a","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-04T01:30:25.603817Z","times_seen":103938,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":11,"dns":1,"connect":1,"send":0,"wait":13,"receive":1,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icm.aexp-static.com/content/dam/one-amex/one-identity/images/3CSC_INTL_300x190.png","fqdn":"icm.aexp-static.com","domain":"aexp-static.com","tld":"com"},"ip":{"addr":"96.6.17.190","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://investupahead.com/wp-includes/THMAMEMX858.html","date":"2025-12-13T00:25:29.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.americanexpress.com","organization":"American Express Company"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 24 Sep 2025 00:00:00 GMT","end":"Wed, 23 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6F:E1:06:90:3D:67:77:FD:37:70:A0:A4:4A:DD:30:3C:BF:A8:24:22","sha256":"40:29:EF:0A:AA:F5:D5:7F:37:FD:74:1F:80:3F:28:42:35:ED:A0:2D:8C:1B:A3:47:CC:17:BC:57:8C:A0:4D:17"}}},"request":{"raw":"GET /content/dam/one-amex/one-identity/images/3CSC_INTL_300x190.png HTTP/1.1\r\nHost: icm.aexp-static.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Wed, 22 Oct 2025 21:28:29 GMT\r\naccess-control-allow-headers: Content-Type\r\netag: \"418a-5bc439085f058-gzip\"\r\ncontent-security-policy: default-src 'self'\r\nserver: Akamai Image Manager\r\nx-serial: 323\r\ncontent-length: 4224\r\ncontent-type: image/avif\r\ncache-control: private, no-transform, max-age=24063\r\nexpires: Sat, 13 Dec 2025 07:06:32 GMT\r\ndate: Sat, 13 Dec 2025 00:25:29 GMT\r\nakamai-request-bc: [a=23.36.77.188,b=155917182,c=g,n=NO__OSLO,o=20940]\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4224,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"8430d0a210f2c1228edc7edf170116fc","sha1":"745ff2660dd824d128ac5ff50a70410a65c47908","sha256":"7c601e5f17ea68149f363cb973a86e6e4f1aece3ed1193808f7f074c44abff5d","sha512":"b822b386a56d4517f0ffe12be2c54fb9b8abe320a7d7a053324432d0feb8f8dc9110b6239dc4c99f04bc44e05e36ca84350e87350ebde2aa1521c5188a8f3a45","ssdeep":"96:rGgY+W32igh9I/YSpeQRAFrlOHKwIPM9CnbjX6YwwBIMTxXI:rG5+FhG/V0WcqCnX6Y3XI","tlshash":"f9916d7e1a090cf9f04e0af6009dd29162738ebc596331291c9d795ad3f42b2ad5ef10","first_seen":"2025-08-05T12:28:34.68081Z","last_seen":"2026-04-03T16:18:43.945434Z","times_seen":494,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":130,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}