{"report_id":"28c5eacb-2c76-414d-a4e8-0d344cb0c381","version":0,"status":"done","tags":[],"date":"2026-07-17T09:29:20Z","url":{"schema":"http","addr":"rwanftfi.com","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"title":"RWANFTFI — Web3 NFTs, Real-World Assets, DeFi \u0026 CeFi on BSC","dom":{"size":328199,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (65522), with no line terminators","md5":"44447b44e26bdee294b82854138622cf","sha1":"be15c37b9ff345134f197d34e223e73a09c4e196","sha256":"ba284388d8a5d16919ac87f7689cba302d0f4c8af0a7f10d5ee7b250506b3bdf","sha512":"b1ff8277ae614a3577751bb04ca9ef5ae6b76bcd02429715706effdd4f7766b49eecb65860947b1629de1cd732babefd179ab7bc9a3779524901a44165d5c4a2","ssdeep":"1536:XWBYYS7M7pDSfzdFoK9Whtm2/6BYkt7PSIUhkHUhXLEMPMRRi+i/ddkJdkbukbKy:XWokx6BJ9BAlp5","tlshash":"44640a7460019b7ff10f1be8e230ffaa31b6e269dd52c60873ed96931b91ce44959b90","dom_hash":"domhashb5f2b2b33b5373a3aee018bd638639fd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"rwanftfi.com","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-21T09:29:20Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"s3.rwanftfi.com","ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-23","domain_rank":0,"first_seen":"2026-07-16T14:45:21.41946Z","last_seen":"2026-07-16T14:45:21.41946Z","alert_count":42,"request_count":42,"received_data":9522345,"sent_data":22035,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"rwanftfi.com","ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-23","domain_rank":0,"first_seen":"2026-07-16T14:45:21.418019Z","last_seen":"2026-07-16T14:45:21.418019Z","alert_count":173,"request_count":173,"received_data":22244591,"sent_data":87838,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/00cn986oeb.h..js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1eec9ec5cda6c89ac77a42d050acef5c","sha1":"299927bebf85e471ec87f8fce893eb7c5ea4600f","sha256":"f65aee26557dbb5d852ab95e5c1d12f48eca0a303ac07d50ab7df49c0d59bed8","sha512":"92878db8f193a5d92d926cbeb05b356d268ddeca95daf4a1e922e66aed56cad7739e9796306522ace9ccf094064298b4664270c9599e3246fb9fb2301b9f0421","ssdeep":"","tlshash":"51519545e268aeadf92a14cca46e842c610f9e88c24f48b8fcb92d7517515c43a57fcd","size":2792,"data":"","first_seen":"2026-07-16T14:45:27.640409Z","last_seen":"2026-07-17T09:29:35.852816Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0cs5~yg25e-yi.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"56a7acac86ae82389f2c72930443680b","sha1":"a628bdd2b477d1996310da05a97f773431174107","sha256":"dce020232edc492bf01508892e18c257732156bc1ecd9b82be01203073dc4c79","sha512":"3ee9ed09161cb680e57b40c175393f93a2944d38cce43fa12cac4c651d72364872e155b84b76ac7a39f1d20cb3aade40356c93fd4b51ce56a42e285a2ac94f80","ssdeep":"1536:ldzd8frN77+kk37KqlYhHJNPkOsMI2T40G3v5aCl5VH1f0TdcmcQt7KBxpqTq0KP:lGmB3+qlYhHJNPkOsMI2T4t3v75y8zP","tlshash":"7b630821a242217b0e9b43d6902c07099f3d7965a24c450ef3ad4ef75f05eca46befb9","size":67556,"data":"","first_seen":"2026-07-16T14:45:27.653612Z","last_seen":"2026-07-17T09:29:35.881495Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0nmptx~h7ewpu.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d37b29553d3cbe8e9a61c955d0e36696","sha1":"9c1e4ffbf9a53a6a56ef3fcbada0b37a1d57da68","sha256":"67f385fd04d73be929178b0b79eab985c66b55a48612edb931acccde9edec031","sha512":"0d6ad0e1868379143facbe724e79ec8866e6404abbdd562d71bf35fa92572f134f82cd5c390cfa559aefcb4f8680d8941dd2b86b08e99eba8640fecb22381708","ssdeep":"768:rNXqGnb9f/kS5mykvzFNjGiyclmniLMRZiXDtELY+:rNFb9o7Gnq0oMRsmY+","tlshash":"8ec24b6532a4fc9d734ac2d8947f440de22d1d74612ae054b3e98ca666649c8e0f2ffb","size":28235,"data":"","first_seen":"2026-07-16T14:45:27.714286Z","last_seen":"2026-07-17T09:29:35.777918Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/01w4epfjnw3x1.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"944bbb4348479faae529b46cfd1afebf","sha1":"90d0c3572141549eec911c1d2e856791cfffac21","sha256":"67b09120a0355e5e8cafcebd87c017b14b3065eb3dcff2a808ff5551db98ca3b","sha512":"7ad92e37e75bbbaa74d893def6a3a2fb1fdb553e216b5339a7e46f137bd2c4c67c9cd71b5c55bdcfc55a5d10a85ccd3ca0b3621800647eb5889b97933cc671e9","ssdeep":"768:pPGOomRkwSjd+kCN5tXvHXmrgqJZ7nFNXGRd9KEr:pPGJuQkkqHXvHXmrgqJZRBGMG","tlshash":"a833e7f6332138204ea2d5459867486ea22a3594300f5e2ef5bca8df349cd9d797c773","size":52547,"data":"","first_seen":"2026-07-16T14:45:27.632151Z","last_seen":"2026-07-17T09:29:35.867814Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/07q469oi5.rsr.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f26f6c3fa3d58675af0e20d79f2f7fd","sha1":"5ab48a1e357e35f57596680039d1316d3fba38c1","sha256":"f6a539600fce2b237f76e84d55d5bf00eff189c5ee62aabd0f66e758db58436b","sha512":"c13380f9ac8be00dcacea37791847ae98ea3fe45472f2d1f8a828e9bd3c240fb60881e07679062e4306960f06fdef86e21fef1a9bd827624e69b597db5de583f","ssdeep":"","tlshash":"7d61028992159a9df52a50d96a6dc20c303f6f48cb6f9c74b57d29741f414d8b6037cc","size":3374,"data":"","first_seen":"2026-07-16T14:45:27.59861Z","last_seen":"2026-07-17T09:29:35.855988Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/09.kc.g7.9~fi.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"92da3a89e1de5d3dc4151927e3f3f49f","sha1":"53d1237e7b7ee266186e808ae7836a5a182db9ff","sha256":"d4338d85f1d148086f4edbe1a4b86bf7b9c8939c1d04fb191ea4131ef059a670","sha512":"b78f54c3a03d6562ada84181ede2949ef9190ac14e82c35a2b3da55d15d923512cd5a3e5da73ed118f71637dfcac398d802d0b11cdb33e13abc31a08c75795dd","ssdeep":"","tlshash":"f26145a9a554bed8e68f10d881fa480c202b2bc8d90f08b4fbec78bd35951d0b5527df","size":3475,"data":"","first_seen":"2026-07-16T14:45:27.735726Z","last_seen":"2026-07-17T09:29:35.870861Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a6e1178e4bbf5730bd664a49dd3bc24","sha1":"17c3ae3273f9de6afbbdedf2e413dbb3a6722792","sha256":"3814cddd18b2095e01abb745a99e5ada90178e709c09879324c3b623f2d829ea","sha512":"cfb1aab0bf589e33fd12906f448ddbbf7163420a088de513b174304c9ba3a7abcd9b41c98bc4dd51edd0206c1fe4660db9857e3c6163d1bf50c670cefddee509","ssdeep":"","tlshash":"de9002b090c39c5890264186687100160b6c040c01080141132184d810115048e40d8e","size":43,"data":"","first_seen":"2023-03-13T01:07:12Z","last_seen":"2026-07-19T00:20:14.346385Z","times_seen":193874,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"87192f17a3cc292df5018ecad5cc0d76","sha1":"1b07583f9fcc1c4830b792690a7db57a7401b095","sha256":"1d111486a0ecd290eba8a4b31ebca3ac8ecc46aaaea05b51c60a45b2112d47fe","sha512":"22afdae55e46e54f23176543f9ec97a8a6dcfeb4d8666e0e731d98d6988fca866e3ef3ce1981be209a8ec60baa9021b0eec60ea5d80d609e521cd8fc8c933fb4","ssdeep":"","tlshash":"7251294bf95ffd162970dddf806e0f3285c9ea3281b4916cf74cc9885aa29370388891","size":2745,"data":"","first_seen":"2026-07-16T14:45:27.754734Z","last_seen":"2026-07-17T09:29:35.944863Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2b2e7cb02d58ffe90b2521400d844fec","sha1":"bdccf37d860f6c876601901384f680c6051d6095","sha256":"221574cb561849ca191e5beec2ebec2cc0f4186d285ba6d4bbdbecd316c0006f","sha512":"d4ef45ca53a42e0ed1475e99204626d540ec3453e52bbb7abf6884e7d5725d10e2b294fe3838947c4cf115c5145aa75e9cc30032ddc1df65a4d177ab1e2ce025","ssdeep":"","tlshash":"de51814fbc05de06dc3e7c79023e8e7a14ccce778761dab9819ece491a165b227d9881","size":2763,"data":"","first_seen":"2026-07-16T14:45:27.755664Z","last_seen":"2026-07-17T09:29:35.94607Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5143b47ab2ed10ffaeead70e07c81776","sha1":"6dc4035935990ebe5b5c5769e9c53ac81018b377","sha256":"b0a06eae681223efd0fed7e7158f104cb94bd09052e4158896576641a76b00e5","sha512":"d0af737ffe71ae9d8c7fd6265b6fd09375afe9129893613761beb001f384678bd22de69ab63fd8cb292e37251e6af2c3684c18061a3f3e47a725fb20bf6c193e","ssdeep":"192:oU7IobRezU8SBARJ4JtenvtvIXpKKdBoK8fOs1e5Irv5FVgs1fFffXtcoeshEGdw:oU7IbJ6twK8Us1Prw","tlshash":"6b923959ac76ed79e42c34a9b7387f977f10f0a602c8061435e3a296cb11874bf78893","size":20122,"data":"","first_seen":"2026-07-17T09:29:35.947032Z","last_seen":"2026-07-17T09:29:35.947032Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"90c354317736e1cd5f3d817feb0d7ba6","sha1":"bce6a16b291c6ffafacd82edb008bdc6a04079b5","sha256":"ca76da380050138ba218fe351d4c37c0767706da9e630b0f868e1bbed6399f42","sha512":"ae4b89f4c81cc84130abf30a9c10a2a6365a2c0296fa4fa630e5c01a91c848a648624d5606cded7e87ddde039437f8d278f47813ab944d76ab2ee046406f575d","ssdeep":"","tlshash":"dc3122f79801cc8ad9a7ad6425ffed3b74de80ab5dc4c6fae054ec150943079a291ac0","size":1474,"data":"","first_seen":"2026-07-16T14:45:27.757536Z","last_seen":"2026-07-17T09:29:35.948116Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b7bd61d863a58b7939407f79a63392f6","sha1":"c06b393ae8bf1d8218136ce3a950799ffc57d151","sha256":"cc8823394fab07134c4d0df2bc433ff8772ca8036739a71b659a17432b8656da","sha512":"89bd5eac9f3b9a7b53396141519975f71ce068a90d16da1a9d88a7bb4ca9aa301b99bb2b9c1fbaa1516f8bbebb777f9ea6280a8921eede5b8122726062b2d568","ssdeep":"192:r3PELaODU/lBehxigpz1Md+99sSJEw2Kp5HxT1VF:rcD4/g5YBSJEJKp5HxTR","tlshash":"b9e19306ad64d11ec7f75c8b5e7a9dbe6529529902c080fc2df8c20893649b8d773f64","size":7085,"data":"","first_seen":"2026-07-16T14:45:27.758427Z","last_seen":"2026-07-17T09:29:35.949152Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"794dd0f472caa725db138c6b8b4d3688","sha1":"53e24cab1cda8de3906fee883b952dcffe2da7e1","sha256":"4339ee61f9bce5bdae06fd99699249e09555999ac9bd17c5f698d8669563887f","sha512":"bf2f1da80d8a213e1e61bbd9ecc15b50694fc0a4cb3dcb352446f8288b344eea9ac8256a27e3dd4980e1f094ff139e2a425101dc5dc88cf14fde4cc7390b3f33","ssdeep":"","tlshash":"3f31023d3008d54fedad781a127e6d3a50c9056b07e49abc8bc8df01488207d7ba7d81","size":1618,"data":"","first_seen":"2026-07-16T14:45:27.759606Z","last_seen":"2026-07-17T09:29:35.950207Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c9df2474492ffb49fdf4963bc8c510f2","sha1":"be5eb8e63b16a8668780577ae0080dfbbc2250b6","sha256":"09dca6a1005d91ab023ef9cd23be87a49aec81f68a86db9943b1d51e3b537cb7","sha512":"a8aec8ef56782f412e66cd214f885fed8299a7876854badfbf207a5e49d1f39772daf9d0ee58199842d3a7f23cfe67aa2ccef0c8e13d24c1169cd371934b5d0f","ssdeep":"","tlshash":"8e800470c0500c15c031405314341105017d400d000007005350d74450111455545dcd","size":34,"data":"","first_seen":"2023-12-22T06:09:48Z","last_seen":"2026-07-18T23:41:50.392528Z","times_seen":2755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"542b69846d5260b44153b098ffe71277","sha1":"5c9f1db7788724b5e7af79ededd9dfbe3919fdda","sha256":"1da820cb9ccceca182df997f2517d9a135cbd8ea423496387c989b366eff3719","sha512":"b5bd8b0f73b5b5d3c1d88c9e8bd19b51fbaa287267ee802426b91585133b0af147477a0ba1248c820a581808370e574b578cef66980ce0fe45cc363aa3664477","ssdeep":"","tlshash":"de51bdb3ed16dc05c7c69e08287a7ce565ccc3e29299e11bb25cc83886d7c345af0652","size":2780,"data":"","first_seen":"2026-07-16T14:45:27.761189Z","last_seen":"2026-07-17T09:29:35.951899Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/06hnh3vy2gu0f.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc69a61e95bfd65c258d27d9a3d1385c","sha1":"3700094795b781515ccac0d42d136747fdb4b526","sha256":"5256301c75cffac1d01612e0f2ef3d1556e6fd3820119667bf1c5da0ff573e5c","sha512":"291b7f0f1056afd34983f9033bbf3a785677799f5728570efae84f8940fb245fac943f7c71b111d9a1071e090e6e0dd22ef56623b19e12a03276a37fc1448978","ssdeep":"768:j2vlzQ/KXMhbGl40URO560iNGbu6/HF89yjTu9loY1iBJT9h:jICCXEwNH6lGC6/e7lo0iX","tlshash":"6b13f8cd314074725bab72b9442f5206b3374d855c1e4028e636a4e83c7dab987bbfad","size":43359,"data":"","first_seen":"2026-07-16T14:45:27.62888Z","last_seen":"2026-07-17T09:29:35.704724Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0u7ffi487zws_.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b300eae5f7fe0248006153ed98be0c1a","sha1":"e020773e7e684c2d0c75cb57aac67bcc6d1530e3","sha256":"07c6d91cad14844a1b1ef571de67a8459b7f87a43cc139992b6d0482b5646d7b","sha512":"5eb5392dc1a10c80b02ac767f0e064a6f55397dc63fa44c807f383c76bbcb35db784a43cc63a6ac0c9e007dec4d694b030244e450fe1485b4dd31b1ba89bc4fe","ssdeep":"3072:7Z8jNAotoZM+HCHne5OutD/PsGcPkRRK0rtXUSB:7Z8jNAoeZNHse5OuZ/PsGcsRntXUSB","tlshash":"18e3e6f935d1f482076b40aac03f0006f22d4d77189e6860e3e5ddda756465de2b3faa","size":145573,"data":"","first_seen":"2026-07-16T14:45:27.729069Z","last_seen":"2026-07-17T09:29:35.81565Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/02vu_.jrdr2l2.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c1e865f647a92fac17b8dd509577c141","sha1":"2b8c36caed06280d97940234bffbb30d4e5a0f21","sha256":"02538bee2f9e28e8f144f492fb9d3a92d1df1f67c93b25fbc193f4a5c9ac10f4","sha512":"7be34394f0ffa0dd8cf05a90fcbe0f5949e13b26e1d64ccf4a0482267244af7e7c40cb65cafb9388ed202b2a4041ce6f6c18a0d40b85fa22943d545328b081d6","ssdeep":"96:WeJ4k7NyDnvDSDz2gie0bzuTvuUhjmOTFME5BRv7ajEmAuP3bo8hgHIjZs6:D8DnvxhbzAuU9mO5MwGRhrSWs6","tlshash":"46f18795ab14eabde17f04d4a4eec10c613b2f88a50f48bcb6ec786c19412d4f1a57dd","size":7886,"data":"","first_seen":"2026-07-16T14:45:27.597558Z","last_seen":"2026-07-17T09:29:35.869617Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0q2jphz8e79uk.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"21409bda9eb842c230082d90cfc9074f","sha1":"f2eeb4f24ff5666a9905119df129db07d50a5c2d","sha256":"579c0f95a3ddf37c94320026a1f9caa75423723d2059b0b51711e87424c51920","sha512":"8234161c6a6a714435cf67e95650311500c0c0a566417ef31e42a038219809a6d15e3fa171dc2036e096a6839b69eca25e167c7d6ee67b909db7653f241cc9c7","ssdeep":"192:e5cnovJKZwEglyzSOJQ3ZRGOhPfGOWZUaRC7pQ+mKER+quAGGBC6oblTocSHhpbM:MKZwEdza3ZRnPacpQvLBAgG","tlshash":"4c82d7c8f0a0e5ec92931194805f5109f2593e1cdc4d942cb3f9acf96ea6c98272bf69","size":18034,"data":"","first_seen":"2026-07-16T14:45:27.660432Z","last_seen":"2026-07-17T09:29:35.838241Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/15dros-e3i4vz.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"178aa8acdd99b2fae9cc71e611b65665","sha1":"6bcb1431a528ae4357a5ae2deb4d3093bfeb730e","sha256":"3d79844e06d453973ad0d5709a423501fe9a09d555436eb3984b7c797534eebd","sha512":"4a7ed7f977d3e64382a6fc1760bb37f3b69666ef4516b2be98240d785efd97753e8134b5fda4bcd719f20b4f109101b0a00fbb9e7cf62d21fec5de50c8f9e971","ssdeep":"768:HPStC3yhXlxnndhYQCEpH5zLh+1DRm0BomnaFZy8:HPSEiXHndhY6Zp+1jUk8","tlshash":"9f131aed7181b565b36f0199806fc00cf37f2e85e81e4410f2b998ea3d649a942b7f6c","size":42576,"data":"","first_seen":"2026-07-16T14:45:27.720273Z","last_seen":"2026-07-17T09:29:35.926677Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0abdc150p0_.k.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"032d4d813c69a96ab5bed27442f0fbb0","sha1":"5ff82701cccec92587b7bc5b2658953380c7cf25","sha256":"bcee9fd433391ca535801a03998f040d5c339de1b16be3902097993fcd926d41","sha512":"e24975bba645869660ebb284b477e71b1d6de6964283d6fe6153c6647729910f8409612544aed78f419025f498553fa5b4e7063e507d36978459e3745eb48275","ssdeep":"384:67jDdkTd9ijjT2DwNGncTI2II2q4eki0rRvI1W16DvXxqpkKM8wjn0kD6wmhuoom:wgwNykIg2d/rRvIs1mvxqml1jn0kDy","tlshash":"bb33e7b232d4faa2539341e1d43f2016f2390c75206d6474b7e89ceb754c88da6bafe5","size":50234,"data":"","first_seen":"2026-07-16T14:45:27.692128Z","last_seen":"2026-07-17T09:29:35.78186Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/10o6er6i0h171.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"32b6f2b430946bb75aa4a9db1ae9ad84","sha1":"9eeeb4c66c7bf2aeb5ba3740deab2d9b25c61cc6","sha256":"fe6e338ed611792598d963ab647ecf240ebfefbc11476a81b68b8f3e5c069bf6","sha512":"51d59ae87275c912bb162a00fc882f5bee98efef55c41863382580d6c2ed8ecb827b832bbd96eb41d6dd039043d6b7b9a7b20412989a1450786ce1bcd9bf0666","ssdeep":"6144:SEjZoTo18wICSCoSQ6yMW8Ht1uB7jpUGr5Fhd2ZMuoXbnvZ9ajRKTKNHlNxmey5N:YgbCddXLuoXpTGNx0","tlshash":"80841a88f191f07543e361a0403f190bf23e6d19a45ea494f366d8e4bdb889e917bf39","size":395358,"data":"","first_seen":"2026-07-16T14:45:27.736526Z","last_seen":"2026-07-17T09:29:35.900088Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/052.883c7lu2m.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"431eda43c48f2e73d5820d728419d4a3","sha1":"6a2d0abd8f6f5b16dc686117a1e5fa2c961fa2b6","sha256":"2840abc629213d60b35d824f329e5099dfe304a735d932ac4209c5421ece5dd3","sha512":"bd754869120e9654b584ef52e7c6042c661e906b50b849b0eded47974b0abeb2a2a0ef6479bb302386cae5ff2f78dd6fbbc760903fccd8ba5a4549fa4bfc6bc4","ssdeep":"384:o4Yg7tBgdBfIkdFXSjkdzm3CT2eNbL2GhEQ0IIT7N:ovg7cdBQGFijKm3CbNbL2iID","tlshash":"b1b218a8b195f4521ba360a4507f500bf2382876286dd0b0b3e6d8f1b9f01aed537f9d","size":23936,"data":"","first_seen":"2026-07-16T14:45:27.723113Z","last_seen":"2026-07-17T09:29:35.832528Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/11ad056068qw4.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1ff1ce9b40caf4d7e425fdb0717c24e2","sha1":"10ff32d92f9acc125eabb11ab31a7a37140f17bb","sha256":"b15031fc3479b4b8e95adb04f375e73d7572a93bd67912b4955131a4f046ab0b","sha512":"5789f7f45ff4a4f10cd8ff33285c7bc099578512494e0a2a8ffbbce1d621f4a6b35abf0157ab0b51aa392dca30475212a199cce6fd41aa89e1461d170d17dd71","ssdeep":"384:7zqh3mGN9oAoZMgJ1z1xB5rcOQSyBxX33JFhY8uoEe:7Wh3mkCMi15xLQOQvXHfhY8uI","tlshash":"298208e6b1c2b9f9d36a8081403f911eb72a1a74244f1460f7b99cf92664a45d1f3fc6","size":19005,"data":"","first_seen":"2026-07-16T14:45:27.744017Z","last_seen":"2026-07-17T09:29:35.906268Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0sonk0j_mx1ci.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e23773e6388f58ad656274994e93941f","sha1":"6e2ea50ac499b15ba36e61d07514acdcbd145781","sha256":"80bbca84b375c699ea654c99c388740a69f6f83d0d32019c83c192cc8e1447fe","sha512":"3d2c86ece2ab14f2f2d42c8dc10acaa890fd6d803f492d83ab4fcacada49364c94642c1835be797735a77213f671a5d8628799f3f0195d030ddad8fe74b98a46","ssdeep":"3072:dtJtosM4BFfOg/4NqwuQtPHllL2bgmaIQHnXxRMujgDngfXQ84:dtJtNxBFfOgAoQiQnBZ0DngfXQ84","tlshash":"c724fbe83955f6626ab302b710af1803b33c252b280d4d60a251fd9db57845fb17bf9e","size":226350,"data":"","first_seen":"2026-07-16T14:45:27.627907Z","last_seen":"2026-07-17T09:29:35.935585Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0tjmie.-0gnbk.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"91ca71003ad0a5b6cd53816dde90c3bb","sha1":"73c33fd7083a82a8fb95f3cdf7300190cb18ba12","sha256":"81cfe4a7e4126bb13c0033e8aca4c7cc6b84b21b2c94972f4325648f5bc700c8","sha512":"0f38dc64ad7d034b6642d564a814a297b76c1eb9322a4c9e7a083db6aed5a2f9a7c5292dedaf523ea2c83ea5d8996d254b77aaf8631a013f5e17173fba265d4e","ssdeep":"768:HaWstOoD4AYqD9ghnFXHCDFZaoqKctrlV:HhJbAyPKeJV","tlshash":"6533c8b57295faa302db91d9d0370012f2780c71309d24b4b394d8af799dd8992fbf6a","size":54623,"data":"","first_seen":"2026-07-16T14:45:27.659384Z","last_seen":"2026-07-17T09:29:35.816644Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0k-ks1ol~9kkt.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c4b7350e90652c4525aede1d4352363","sha1":"700fdd718c03ddbcf88bd7dc1faa591bb7920cd1","sha256":"5e2f2fcbc3adbbe40f663e048d54bee0c6c7ba09f73b6854caced5939d8aa159","sha512":"f00513ba161da2cfa0da09a7ead4b19424f28315862297c1692e3c48355ee4e96b8ef4d468dd83fa4c24a3ffc3aaa597250ab008211759e04ff3391b129cefae","ssdeep":"192:GdMoecoUoLqefKkDF9KFanJssuwdLgZmJZ3zp3tEpx4W1Mk9fULQ:uLecobocFka6MjXw4WMk","tlshash":"3b32e6e97380b873d3536246583b8156723b6980b01f051cb67d44ea7d288cbd2baf7b","size":11096,"data":"","first_seen":"2026-07-16T14:45:27.745259Z","last_seen":"2026-07-17T09:29:35.87564Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/turbopack-0ifxka.-w4f_-.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"407eb7795c47a4989d367f573109f532","sha1":"7b9af44ada94a14ef979b6599481e576f52df555","sha256":"4f09e72dfa328906d63c4dbaec2adfe8ad48cd6b8254f8fd6e45de872c1979bc","sha512":"aa7bdd13a44b95d449e714560aa9bb6853795d2aed785c818dc6eda10cf3da4dd00f30d07a6f467f605730f3e31fa317ab06d0cd5e2b4bbc44aae7441f2fbf97","ssdeep":"192:KH4gM9BC83EsgdLUEohxOpldETN/8N3sBT4fCTKcXX6PpH2:KH4gM9tNoplq01sqCTT7","tlshash":"e622c7da37a6f07343af90ebd06f4004f17984a9145d541cd3aca8eb2c394aa85e7f76","size":10580,"data":"","first_seen":"2026-07-16T14:45:27.616502Z","last_seen":"2026-07-17T09:29:35.837303Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0i2jaxqwee8bp.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7361b2961f1ae02c7a6b85a2077d971e","sha1":"1be90bce8c88b79246f1122bab7d790ac4c504d5","sha256":"56ec390fe44a1469dfbf0968a8e0929f0729fbd082323e250d96594bb322405e","sha512":"68d8f6a348b2e21e861609cedbc52c302f92ad5459c751c5778f885fc15fb1af8416c6a9b6f09d4b9018781034e7c100d771fbcfcad5001af7912ae735221549","ssdeep":"1536:rSfbpQH+AOWui83g2exXjcy/s/OONqaoBBdBK28324iYj1zB:rSfbpmuidRQz0BXk1V","tlshash":"0c4319e63242b574d7ae819b907f821c733a16a5200e0414f23d8ddd3979991e2b7fae","size":59301,"data":"","first_seen":"2026-07-16T14:45:27.693155Z","last_seen":"2026-07-17T09:29:35.887139Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0_uwzo~dpayvg.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f3482b2b412ee775234544fc8c22294","sha1":"e5f92f09d6f77eb00c2797e4e340e3d477746fc9","sha256":"ffeb79f3004bd27479d6db92a06f07551053c4b98782524b7dad8482488b60b6","sha512":"a94a5ab9dfed8fa49e7dea7ffd5bd07149a4b8091f9c89ed299b9b0af44b8cf40deb2836873f7931acbd8d58676cd23bf9321e88664e251f0c2263d5a88be837","ssdeep":"3072:5a/H+1BRf1rEyq5CCQiK7a7/pbXON9z59bJ:5av+1TfhPq5CCQiK7a7/pbXOTF7","tlshash":"7bd3f9b5a3d4eaede1098be8846fd00c766f35acad6ac454e3e49d347d184cc361abd0","size":136141,"data":"","first_seen":"2026-07-16T14:45:27.617466Z","last_seen":"2026-07-17T09:29:35.78949Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0_4m0twy_g~jb.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fdcd58310b7154189e75d1e0e1cfb6ee","sha1":"2dcb5f4ec23bdd0ec0aa9c6d05d02d0d7a0235e3","sha256":"2189fd9819998a268ad031ee737a5c9695c9e7498f9c213f6dd585810e056893","sha512":"366d208dd6b238c2d113b929554e8dd694488606038fe311bb792737139a6228884a9c84a3eeb544c5c8a6c19c8c84fc0fa05a57bb717448b3ddb921e437b168","ssdeep":"1536:YeGqvDjMVfp9PnnqVi3BnA+lqqcoSM4odxDtf1E4ZrJ1vYrS:YYLjMRnnqlMp4odL1E4ZLl","tlshash":"e363d6ddb292f426429661a0843f0a4bf337ad94740e096cf229d4cd7d3c999907bf7a","size":70179,"data":"","first_seen":"2026-07-16T14:45:27.724051Z","last_seen":"2026-07-17T09:29:35.787907Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000090.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.957Z","timestamp":1784280528957,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000090.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"8fe8-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a09F9hBp6ldAcBwcIQRUgTFI33hi7Feqy0p9bo%2Bl%2F%2BFMoswnVS4Itslw6BeCX0ia2u7Rbcy2TQkYZoyEnSTcmE45gBGVKfb7GYkJ6O3BDfUBbUek0lvfZuy%2BbRmsOoo%3D\"}]}\r\ncf-ray: a1c837f9faccb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 36840\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36840,"size_decoded":38418,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c4b58a5ab1e263c19d385979413f7eee","sha1":"e2ba5f53d497a7e6e7b2b476e796247d99c6d4b2","sha256":"dee8a641ece833269bc7fdd364614bbeeb79d72a85cd60c4dca949e9d0984155","sha512":"650504bf14e26e9c34879c57ce408e3f16a0466bb405dfcb17dc54d7d0335de2c34acbc0639a8ac68d1203699f9ec4b0b77f5a25215e57c4273c13953a188906","ssdeep":"768:wdoZ6fXGg5H4vVppHrNZJiGeaYYN80dCx4k7Vyz1jlvbHn012:itvG5vVpXbiKYYZC4kAzbG2","tlshash":"bbf2f17af7183fdaf38202722c98d18578140db9435a60a83955039de976bad136f6ec","first_seen":"2026-07-16T14:45:27.636183Z","last_seen":"2026-07-17T09:29:35.674767Z","times_seen":2,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000099.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.265Z","timestamp":1784280529265,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000099.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4e88-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=G57WQl3Us%2Fyksbs3xmz2h%2BmB65neGBd2OgnbYJPrwJGvHxqjA7y0QeVbJhcnHRIj3nChSynOKl8oeqhNd56aBRI0kPj0R2j7QYTieldV6Tz5Q5jL8Y0UbXMEMQ05Zp4%3D\"}]}\r\ncf-ray: a1c837fbeae3b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20104\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20104,"size_decoded":21678,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bd128071e1c8b21a6bc721a207e3ef85","sha1":"ac2cffe26ead1823dbfa0e634c5a4708ae544135","sha256":"63be36647a7fceaf3ae72cf30cf6da93d84541adc9cffb60af27fdc1de43b5d8","sha512":"77bbc35588fb02b2669f1fb39f4368fddbdf0e1c0484bf10f06cf6e8b50a3be55235d55f673d610473edb4e3a8858a3187a7fbb7df2d278a4e72ab85153f2ca5","ssdeep":"384:X9CQ+MywwitjEnnSrj5lCi6A5XvdMxzk4m4LRAkftvlBviOEyi9F1f5s8dr:hL8SplJhXv2xk4m4LRvVv/iOEyMf5s8l","tlshash":"6292e164f5a2d6dc1b975c6365d988f71c3490847a83625023b3b47b12fc6a42470aef","first_seen":"2026-07-16T14:45:27.713173Z","last_seen":"2026-07-17T09:29:35.677531Z","times_seen":2,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":192,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000103.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.416Z","timestamp":1784280529416,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000103.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4cce-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1cwpa01D9TTxzYM7pv5Xfqjhpn4O44lLSAvNxsdP2wVlHdU%2F6S%2BOihgm3Fi%2Fq926wnfB60LamdvcSPsTTCa2v3oCkTdDOQZccwWHSN%2FamBDjW4sAkQy9pFoUrejLKiA%3D\"}]}\r\ncf-ray: a1c837fcdaecb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19662\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19662,"size_decoded":21240,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9d8338461d16356dd99bd45b07b69b97","sha1":"9531325f61f7010c5ac3d97bf1677cf8f19bdd21","sha256":"1e6d1e0a942d88ee2a08906be92eb4cfa5275a45ac9e2e2e6991d21390f6bcd8","sha512":"5bc2358e2bc06ec51c5f28db64dae38d216319ac46eceb0e61c23d78384fc5411d1904b63522cecfae3318a31d255ff9962c1724c2b4de23a2311e2479908c90","ssdeep":"384:FCpDx7cGQFs2KaAAAvNUxZPB05hwcsyuWKRviHW2Ut0bOogTFAax:FCp97cdVKwAvNUxZPB03K6HWHt0bOogn","tlshash":"7c92e11eef17f811c8640506eeb10d367cb00b19c992a4e963623dc749f9688cadfb64","first_seen":"2026-07-16T14:45:27.643251Z","last_seen":"2026-07-17T09:29:35.680014Z","times_seen":2,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/media/1b99372b3eaef0c8-s.p.0gx2haw2tmll8.woff2","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.051Z","timestamp":1784280524051,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/media/1b99372b3eaef0c8-s.p.0gx2haw2tmll8.woff2 HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nX-Moz: early hint\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://rwanftfi.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: font/woff2\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"7de4-19f5e9438c0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aX51c4Upio8HvbntcktbLwBUvj0%2FoGCR5xf85JhcnBuyvy4EQEc2bGdby%2BC3203CiVeYrJ7Fk1OpHdP1%2BKPxY0gS2uxZTJFyV38LG%2FsYdzghuEV7aB4FnJIYU%2FMor7c%3D\"}]}\r\ncf-ray: a1c837db5973b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 32228\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32228,"size_decoded":33837,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32228, version 1.0","md5":"98ccc2b7f18991a5126a91ac56fbb1fc","sha1":"bdba243e0fe78adbaf198d9e11224ca054a4242b","sha256":"92684e4acde79ef07758cd09380b7e01e9824d8b061eddeda046f78c166d7b12","sha512":"ebbb35a8458c42ed3b751c9e586bcfbda49136b7973c8600a316faf3077e4ece030bb9a75f37b9f28771cc01c6aa50faf53768461345e216781eae5deda3a12b","ssdeep":"768:WP4gMxh4F6MRbOI/odAG4x1/y7Ox8ViCE4EqbDwrx80B:WP4gMkF7og+exrv4fEn","tlshash":"1ce2f11807a214b9bd5ab1395f21665eefc054b2b275730893007fc5fe670a86bc42f5","first_seen":"2025-09-11T10:22:24.746592Z","last_seen":"2026-07-18T23:50:43.288207Z","times_seen":4268,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000057.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.927Z","timestamp":1784280527927,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000057.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"109fc-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rOIWx2QsCMRY1wquio76ngg017rA4fgygayCaAXOvlsZvzsqkjsph95zyDz7lUErODL5uCfu0cSN8YFrVxco11GbWcheHIywcJIOh0kyTm60eSscll2lR3FG9GDD5fw%3D\"}]}\r\ncf-ray: a1c837f38a94b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 68092\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68092,"size_decoded":69663,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ffe00db4c775ee7b99aa7a3f707f8c74","sha1":"5b962fd619cdd8641b5601b5e9a5cf1438a79472","sha256":"016bafd077ea41bf01936fc8ec8aa5232665d9237dc72678994f26e43690fade","sha512":"50245f553643aa5eacc6dd0fcc97bbe1c4a2285870f03780ec6cd47b6665812f1c96988d92f6f731d968e423cb13de6df140becd9f9422ecc366d47d5c2566d0","ssdeep":"768:7AdnLpFWytIAojLntx2YrVBGkagZshoz5gdyuJeXkcRDeOtr++auYuDrs23uOK+t:7A7ObBB4Ggfc/SXduUAvD0eceENwd","tlshash":"c8630219af365e7eb219cab1f05ee42dcceb857281be9cd0633511f54e60c9093e8e15","first_seen":"2026-07-16T14:45:27.74282Z","last_seen":"2026-07-17T09:29:35.683659Z","times_seen":2,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":247,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000092.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.960Z","timestamp":1784280528960,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000092.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"8e34-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9WiPGX%2BSVSWJUZ%2BZUIpuBW3tBRbQH3qcckwZ43W4Mhb2yXOlaRNrMqzs2uTv%2FvRNZlfHntdJdC9b0%2B769pceJLx6j0UhbYB7%2B5TR8rG1ISbvaIgxFS2RlSebqdOcnZM%3D\"}]}\r\ncf-ray: a1c837fa0acfb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 36404\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36404,"size_decoded":37984,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6324388d2c72e6b06024c6109c1a78f5","sha1":"aae6acc5a5a6940de56d2ef338cd5b5e5bd25d4a","sha256":"d414573835edf0a6ecc31216e305002c24acc8cd378c2e57204d0d1e761a9138","sha512":"a88985114e4c050b77538b69798b2b42dd312c68622a272e0e6bd73b432afb3795125e3eed978cdf0e75d51832dfa012471230eba20739b46f763264dc5beb00","ssdeep":"768:P4frWnxUbOGNuRS1LPMOUdPRLvbgpaU+yIPz9UOpN8O+yxqM6Dc8IU:P4TWaFMzZHg9kZDTxqM8f","tlshash":"dff2e17206206967b1a845f57c04c2933f2d71c69088e6d18ceaeef9e613578f8ddb4e","first_seen":"2026-07-16T14:45:27.637294Z","last_seen":"2026-07-17T09:29:35.686177Z","times_seen":2,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000129.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:50.158Z","timestamp":1784280530158,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /sequence/frame_000129.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-19T00:20:37.747196Z","times_seen":17351892,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000006.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.610Z","timestamp":1784280525610,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000006.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10044-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ro4iPzDWvPPV11eDW2Rfl%2B%2BNB4foasYRM1ewnPyakpWIkZqJvdE9WZ2xBLK5gZ%2B5tBJQuylVNErHz4y5lRjKAzZKCClhW9mZoqobaNusbH7wacWwQKr8hey4otDYuhE%3D\"}]}\r\ncf-ray: a1c837e519feb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65604\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65604,"size_decoded":67181,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"563af4b32244eb53517938cda9c16457","sha1":"83dfe33dbf2d57d7c5d5a3591581d0c8f950ed37","sha256":"50c1b4fea13e5b0a556bfdf1878773917043624678208f079c3f2200cb44aec2","sha512":"3814a10a63c8ae52a120d98775ef33f5e7c30252cff22f71a145e7356a2abaea0292c2f6404e9ebfa53d13fb52874ee39962191e3e2d0547bf79b25e452f62aa","ssdeep":"1536:SIfH2J3SXQrOteTW16AXvBjJqPglRllIXHwFds5eHIT:SEoC0TAXvBjYCll3/nM","tlshash":"8d53024a17ec462aab85e752cd3217096cb175ae0db3a93104d6712857c3ff1e9ea0ce","first_seen":"2026-07-16T14:45:27.702561Z","last_seen":"2026-07-17T09:29:35.689837Z","times_seen":2,"resource_available":false,"data":null}},"time_used":399,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":359,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000025.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.830Z","timestamp":1784280526830,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000025.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"12402-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oOoptX3moLENypXBSxeqkyZ9Nwc2vpYZ4DGn5lAXfR6TxD1V9OIGYDFT55KMBvwigUX68cjrEY3rrSKezHV9ASwgeuFLgEMJf6y4TmAYCVBJfkRtjdqtpKXQdGwRVzk%3D\"}]}\r\ncf-ray: a1c837ecba4ab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 74754\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":74754,"size_decoded":76325,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d0d2af87cb5e431b007feb89d752f8c2","sha1":"6d1ae0fcbabbf90fd95dc2dbc0ac9519c0e8c471","sha256":"2f710e9e479765f5046fae65a2d3098be95c6c2160c8866f01bd6ec639c13d10","sha512":"6fb146ba92d571fd3954fe63e70973e03ca91a16de15e7a9ed7329823f83673aad1e8ed894829576b3cbff703d8ab7bf4585323695350e6132aab260c8a14388","ssdeep":"1536:hdF5F25efckMuBTaLrqCQEsVnnajLNAjOD8bVjV2YoEdlPs:t25efcDuB+slnanNAioxB2EdK","tlshash":"05731245be221df5e87a990f7c7109eeb25f892cdc60d78c24e11fb36231b84d66c916","first_seen":"2026-07-16T14:45:27.684394Z","last_seen":"2026-07-17T09:29:35.692248Z","times_seen":2,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":260,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000036.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.245Z","timestamp":1784280527245,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000036.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"117fa-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RMKfk9gsXWNsv9EfrlDzonTRhpGdotEAx%2B1Jloxx1I4zgUQrYYAZH4FIhlpm0IVm85XAz737%2FA7N4ygrefW40U8%2BYh2XJA8P16sbyZEFlJ2sipqSqpwUqyA6nPcbhUI%3D\"}]}\r\ncf-ray: a1c837ef4a5ab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 71674\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":71674,"size_decoded":73251,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a9d79b8b734ca875f93e623ae8fe6b73","sha1":"2c6b45ff3895fb782db1e2e62dc7da98c1421026","sha256":"995c97a388a15ec499d4bb492499b734a66689a4c6d4edb558a318f825e37d6b","sha512":"5943efd0f8934d14f491497a1fda78689cb734f5046673da1eba962fa41cf0b551e35f61079ec8390510026b9c358538c8463f716a9db2b3c4f78d9e7cb0bec8","ssdeep":"1536:CGp1u1aQg4e4vKnCqDdCkJAruaAng47GGXf/NlDC:f1zz4+NdCkKrupg47RX3NdC","tlshash":"a963121e24134c3d0c9ad5491fade99db2852d2f034139adbf99828072601bbcf6df07","first_seen":"2026-07-16T14:45:27.614431Z","last_seen":"2026-07-17T09:29:35.694673Z","times_seen":2,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000045.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.540Z","timestamp":1784280527540,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000045.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10dfc-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WvWLROlt6%2FyT3pra0njY7j0wth8x2einubWmd2yhlDFVxl%2BPzAfAWnRPAlB8VJJbH9AUjJ1tKykv6o6%2F4d9n4gV0wvKNjcX1%2Fb7vzvEiEzxEWHtfOj%2BZlq%2Bs7VzQdS0%3D\"}]}\r\ncf-ray: a1c837f12a78b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 69116\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69116,"size_decoded":70699,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d7d37cd058da73fba147cb70ddf9b6fb","sha1":"679ce1beb81ff9dd27335dde9ca877a266d2b87f","sha256":"b3fc060a44a4a50762283c3ecf8486c736bb1c686f166361a3500967b475e404","sha512":"8c6907e7d8debd6727d8a999a5f52bb13debb475364f42bfbe4aef800366290c5b9fb0ec38e37fad309bc1dc3f7405ec5dda19818babbd5fea2800431496a06a","ssdeep":"1536:upUnwnY4dt2BjpB7eb+Q+p0LbS4V2998ZFpwLUttiAkvyxZHE:uOwntQpBA+Q+paP899TLUviAkv0HE","tlshash":"c96302178a6e082a50e9af140e849b2fcf138e6d80dd1f753b91dca17db89f90977d20","first_seen":"2026-07-16T14:45:27.675928Z","last_seen":"2026-07-17T09:29:35.697424Z","times_seen":2,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000122.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.897Z","timestamp":1784280529897,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000122.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"50f4-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KKijdWmuex%2FBWAFDP6iPGj2r%2FaVKgCNBS%2FKxB%2FCuxOp4ysDAP4fCPrfsLIjTi8VOaL2o8NCeCDUdP2%2FipFwMdISFxE9DqHGK5ScTQNK9lfX9a3%2FiO3sxYjKFoh9R65w%3D\"}]}\r\ncf-ray: a1c837ffdb0fb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20724\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20724,"size_decoded":22306,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bd12d1616449dd6f0a408ebc86437cde","sha1":"0e946fbf1dfbe5835764ceeb799edc8063faf76b","sha256":"fe3ea850dc89368064b20344c3bf5ae92d3bdc846c9cce176d7ae9a68468e3b4","sha512":"198c46374e82aef7b3f9ca480610aa6787085c80a45c959468793726a372ccc792fd06662648b8f2d39cdb89313c868bc63ddfbbe8376772a3c838394fce7062","ssdeep":"384:nOVn2AImmLJ6SagzpbjUr1VVozgXT1RzUbdnRyO/0DRDQjyc1X:nY2AImaWeU5AzuT1BSdnRymUDQ1t","tlshash":"1992d192c919548b79a53fc03503edf4216e66e10d1b2928d472cb6ce21a5e3a2f4dba","first_seen":"2026-07-17T09:29:35.699454Z","last_seen":"2026-07-17T09:29:35.699454Z","times_seen":1,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000021.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.478Z","timestamp":1784280526478,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000021.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"11ff8-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KJgyEFGPxDNAE1Px8Dqa8Gv6W5pdfmtooz9HVngB71mTjPJjN5TKfaHU2xa%2F%2FFA%2FwZmgQMyFSKMvRbsT88A9CgGH8rj0hYHFkZYCIPeeqb3AfoxPMqDk9V4ZUcnwMVE%3D\"}]}\r\ncf-ray: a1c837ea7a41b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 73720\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73720,"size_decoded":75297,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f4a818868805a26dadc5692984f59666","sha1":"84af9ade51ff1e03b46fb0c863ffd20a4b809557","sha256":"c5d73625366ff5ca31cf8d474738bb6348180b037373b9a1f26dce0f5069c36b","sha512":"44cb4ed4093ebdbdc2778be0ef5f3824ed28ec867f0910c6338778d62f03cf3ba6435b7b17a383f0cf5199e559b6822739bf7de182fcc4bae7d3813aee78a130","ssdeep":"1536:TKB25uc3iR6BE3QD6lEnBvr7onSHXf3nVHLBIaxR+Km0FUpqF:1V3HNDBBvrcSHXf3nVHu9KRaI","tlshash":"fe7302d43a5b7594cbd21811f4fd4f9228a5acd25de80ebd5815c29be03122e17d88ee","first_seen":"2026-07-16T14:45:27.623985Z","last_seen":"2026-07-17T09:29:35.702604Z","times_seen":2,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":193,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/06hnh3vy2gu0f.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.491Z","timestamp":1784280524491,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/06hnh3vy2gu0f.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"a95f-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67448\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=COzDjevh%2FGNAOXFov1vpPDz8FZ%2Bz%2FXtrZ9WuGMB52vHIQGYRHSltwHZG6kIwtvWWDEE4C7rrGUKBcsiYRnTu05CtPOOuzukvCsTbR4f3m08hyJUh9xIRD0WsXdJLv6s%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837de19b0b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43359,"size_decoded":19272,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (43359), with no line terminators","md5":"dc69a61e95bfd65c258d27d9a3d1385c","sha1":"3700094795b781515ccac0d42d136747fdb4b526","sha256":"5256301c75cffac1d01612e0f2ef3d1556e6fd3820119667bf1c5da0ff573e5c","sha512":"291b7f0f1056afd34983f9033bbf3a785677799f5728570efae84f8940fb245fac943f7c71b111d9a1071e090e6e0dd22ef56623b19e12a03276a37fc1448978","ssdeep":"768:j2vlzQ/KXMhbGl40URO560iNGbu6/HF89yjTu9loY1iBJT9h:jICCXEwNH6lGC6/e7lo0iX","tlshash":"6b13f8cd314074725bab72b9442f5206b3374d855c1e4028e636a4e83c7dab987bbfad","first_seen":"2026-07-16T14:45:27.62888Z","last_seen":"2026-07-17T09:29:35.704724Z","times_seen":2,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/01_1.webp","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.812Z","timestamp":1784280524812,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/01_1.webp HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"0cb00374a367475a65d6970587c08836\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: a96c74a5-cdf5-48ee-92e8-57159f796d16\r\nexpires: Thu, 23 Jul 2026 14:44:36 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67448\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yuGThO58C0IfiPx%2B3it%2BTcXKke%2BLuKmLgLpNVH3ZZvANYtmfN29Qj8xnNyZLoIkzXeuFwp05R27Ox3dSMi83UoiJmVwPrmVJAsnsoh35DXLuLAc6sa0SGmcY1oBUk4A8Gyg%3D\"}]}\r\ncf-ray: a1c837e019bdb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 48396\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":48396,"size_decoded":49713,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0cb00374a367475a65d6970587c08836","sha1":"07ce244d22fb50dd7f496eca81e74cb2b10a280b","sha256":"a31f1f83cc7e4c39e8a44e4775c06c5c8b7176c8ada8c13c47b0f61bcc473f8f","sha512":"05ab1d7ef139a42555baa7e3663b06d5d27cfa5b5f4f995aac8d2c5abca03cfa83ec05e2da2b5446e3e51dfee474e0d645d9d3f05d7c41085f5cd37ccbed2ef4","ssdeep":"768:VpmcqCXpj3PeLNU8a4lJNSvIT2Ir6nRyMuK861GFTAh1rB6zsrMH9Fr:Hm1A3PeL4sJB2u6nRyCZAy0zfr","tlshash":"f123f18c3cfbb7aa3db40ce5c095e5cd48767a23138959158c7a9c1c57920e1ee84eb5","first_seen":"2026-07-16T14:45:27.681236Z","last_seen":"2026-07-17T09:29:35.707834Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/favicon.ico?favicon.0v0chkpmqu21-.ico","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.527Z","timestamp":1784280525527,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /favicon.ico?favicon.0v0chkpmqu21-.ico HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/x-icon\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nx-nextjs-cache: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B33%2FKJTjNxNrTLwVKHiJWO0gFfhaiKGPRz%2BUE0YlydgDW%2BRZk6WetZOeHBfmo4EDu2p8fnP7f6ziK9sEvkw3KSkPO3X8uscdwjTq0UlFytWFwMn3zMoAcz%2FUD%2FwXJwk%3D\"}]}\r\nlast-modified: Fri, 17 Jul 2026 09:28:45 GMT\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: a1c837e489f9b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15406,"size_decoded":8399,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"09aa61d7030cdee74eeadef32dbeaa0d","sha1":"cedd3924a9b35af46f4a6a27f77b63afa0302d52","sha256":"6a487981f2ee7c15877cb94b8d746c59ae64f6d53a5c4b5abb9c11b85b2594f3","sha512":"a33dadfe99b61f3df1f44c0604cdf850d442c226c9c0b75243a19d8aeeea88a50b5e31ce3fb9754413894d044650b6f3114c8c3a49cd110d6b994b7bcfee5fa3","ssdeep":"192:Tq/+qRROspPFLrHRNtodh/orDZ5f1wx5sCS5yOCvrsfQ:2G+pBft8h/ord5f1q2CS5VCvrsfQ","tlshash":"3a628d320da94df6ee6048fb6e8357f1493e74e684bbe356d3a256948eec9b11d43080","first_seen":"2026-07-16T14:45:27.693947Z","last_seen":"2026-07-17T09:29:35.717641Z","times_seen":2,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":187,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000112.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.642Z","timestamp":1784280529642,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000112.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4dbc-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2N7uW9Pqprb%2Bw9720VbWyORw68YoGcsZXXs1hTuiA4on0qfT%2BU6q%2Fs1DKp8XniJQ952dGP97%2F%2FS7H19dFuLM2U3T6vUkhNlPv9YIGGEIXDbgT1gSGWgQKBsm5yHqR%2BM%3D\"}]}\r\ncf-ray: a1c837fe4af8b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19900\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19900,"size_decoded":21482,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"dfb82184fcdf7f35f23fdc19556e9793","sha1":"0e4c1e93f623395fbc806cd9f5f6cbbdd4b4c880","sha256":"0a5e3ec2931c00c0e4f7f8d5a82becdbb6b911e8010c336bae79a1030f455d6e","sha512":"9b7ee5c1c5ccab0802381d35e929bd7a95ff5ed577dc87c6a4f06e633e0d8860c854d41df360f90dd449c8949b945d3b4ea509bd87fe72425ab039b0ec14bd99","ssdeep":"384:spjaJQqRT8r3AS9/be0NX8kGKyskSbJaFOoAY5Bd3fKwNRYZyb8EAPXHp:vJQS8r3Nbe0NKzskOJaF1AIfS2YIAEAh","tlshash":"7692e1d47ad039fd449b219c5b040c9d234b32969fca84ad1a55bafbe91e90822e5bd0","first_seen":"2026-07-17T09:29:35.720827Z","last_seen":"2026-07-17T09:29:35.720827Z","times_seen":1,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/02_1.webp?w=320\u0026h=192","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.660Z","timestamp":1784280525660,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/02_1.webp?w=320\u0026h=192 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"bf0e133e890a1a5f10289261faca3194\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: db852dd1-1538-4536-ba6c-666f3f720e6f\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UN7nq57sfa4QTddsKSU27%2BIOCn67CrvSYZEWTB1eH%2BvwuoDiWkKq72BQaRkPUrutrgoZQoVOluGAFLYJsE6QL14Qcfjo7P0OciJPHqjizEfcxasFCx7cf%2FIsUayOS%2FOfKrI%3D\"}]}\r\ncf-ray: a1c837e56a08b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 62014\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":62014,"size_decoded":63333,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bf0e133e890a1a5f10289261faca3194","sha1":"a1b53704bdcc5c210af9cfcd42840be512d79147","sha256":"72b396e53ac3deae87702a15cbbb8f0ecb3753f9368edcbc9c9c7fa7ab9724f6","sha512":"c18c36e4361a5d1a7e8083a4695cf51e670d3217159e7743f8f7135471251d913487a1a3735b501207ab5b5088484a6e0463c6894815ad8848d340857c676693","ssdeep":"1536:xAhYDsb0V2v41sgfQEj66A/PGI6cr2Awozvm4s:wYxQwCsDj66AHGnm/D1","tlshash":"69531288eb85ffd1e9d77686f430833bebb05ec713ec0b6859614901623d9ac627a5c4","first_seen":"2026-07-16T14:45:27.656832Z","last_seen":"2026-07-17T09:29:35.724572Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000123.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.899Z","timestamp":1784280529899,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000123.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"51c4-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tmfXYdk3TDdxrjwKcMAKWCmIYqW5iIkc7oC8k1hwRN4ZUpERIz2Adq6kglLaKW7dmRX5%2BOB8%2B7y8ov3S%2FnKRBVA121Oq%2F61T0pQM3CWVaHTtg%2F5umIFnjraWG9G6a1k%3D\"}]}\r\ncf-ray: a1c837ffdb10b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20932\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20932,"size_decoded":22512,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0f2b44415472c76f429fbb9ec8e3b9b1","sha1":"bc8e3c47cd455245bc2ea7d3a5bc6976e814e9cc","sha256":"8afb8d9c83e4f82ccadd226f2d4e6230094c2160847e1b20e7913ca07f024fb2","sha512":"a32bad577cf307f1b104ea430dbd65d4486a49d7972972dd3d878590cbbf1d0d7c1680200ee946b13137e1de751c3a8689446d1705df4c5849ed198f408bc68d","ssdeep":"384:Q+1HGs48OcOrCfndJMuapeEE8kFfrXESBzcfjk+N2JHg1AiG9R:b1HGsOTrC/UuaBE8kFDXDBwfjk+zSV9R","tlshash":"3392d060f6cf5405857706fccc6bb33ba12c8b533aa8a80e81ded69c10b46179b39d57","first_seen":"2026-07-17T09:29:35.72706Z","last_seen":"2026-07-17T09:29:35.72706Z","times_seen":1,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/video/03_1.mp4","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.793Z","timestamp":1784280524793,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/video/03_1.mp4 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: video/mp4\r\nserver-timing: cfExtPri\r\netag: \"5c22c4031fdbcde978d3f6ef30d7c76c\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:23 GMT\r\nx-amz-meta-content-type: video/mp4\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 0608745e-b0bf-4864-a54f-dab163b3a7f2\r\nexpires: Thu, 23 Jul 2026 14:28:03 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nage: 68441\r\ncontent-range: bytes 0-1035915/1035916\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3RNuOR4RNcKSY%2FoIHkNkRkAHXkPk2CFjNgPzKif3d96fuMUsp6glDNFfIMrbEFe54ntINOyOgPT8wYzVZRVSYG3kooj2fgWZs3rIpNgbUIS%2Fn%2Bcbgc5g1Rkzek7ZQapmOoQ%3D\"}]}\r\ncf-ray: a1c837dff9bab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 1035916\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1035916,"size_decoded":1037254,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"5c22c4031fdbcde978d3f6ef30d7c76c","sha1":"559eeda81edd985945b5e30221235362617a773d","sha256":"cb7571d0b18345a6e74477570e3c14ba91114510a28c8819a3ffa60c604084ea","sha512":"8e7219fe2a611b82e932bd89fffe9191a8d9ce92dacad0a27a09a42be22e0f2f21cf6e65879e768d2a28e2f9dd18be1551891be2ec7b8440478c346b583ddb38","ssdeep":"24576:krmy5o7UM5bVQ+aeF8C97Ou8FzPHo7Fx75v5j7jp3GxgjwZ1:8o7DbG+aeFj7OnF7I7tNFS+e","tlshash":"e12533031be0d06fc286dc372481cb645eed61f5a27dd3af2f468785566536e4fa38a0","first_seen":"2026-07-16T14:45:27.60548Z","last_seen":"2026-07-17T09:29:35.729084Z","times_seen":2,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000033.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.118Z","timestamp":1784280527118,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000033.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"11ace-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FIt5xjWe%2FpjQZaQKT6Tx%2FXa2UB%2F6jdYBm1qwhrvBsFDx6oCDY%2B6l5Qn3k7VVvzfhH0dkCw1jOKKqrdFTt6DwcypkCe9EdXHhtzp7wIAq4UCZEuR0GYzCRpVqcifNUUU%3D\"}]}\r\ncf-ray: a1c837ee8a56b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 72398\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":72398,"size_decoded":73977,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e06417ce46e1e434e52f1e0c6f16c5d0","sha1":"3e4ae157c497f965c22ec3dc7a53768a51a1ab55","sha256":"bd2942c90cdbbb33a9023e9591f1c4a5db3cb3d05fc501af1a847cb1831d8aee","sha512":"3f83b90de8191c2c7f960fde21cdb4e12ff9fa05f156b7e373cd6b7f1bbc7fdeb82aa947e3c6bed1bbef7021bf346dc3d57a6798b9ec6a0334f988d90bb073ad","ssdeep":"1536:jHldgX2kxXVzKF+hO8krioUNW1+VzFFj4nDiOZ3lbK8qs:6fxXVzKwhfkuNNW1U7j4DiONl28qs","tlshash":"116302599779c5410e708908f83f5d20febd4617f58a28d535c2b3b8392cfba82e9954","first_seen":"2026-07-16T14:45:27.68972Z","last_seen":"2026-07-17T09:29:35.731338Z","times_seen":2,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":218,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/09_1.webp?w=320\u0026h=192","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.672Z","timestamp":1784280525672,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/09_1.webp?w=320\u0026h=192 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"6f958cad40e3dca4b05a40581baa3404\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: c09ee2b2-a692-4783-867b-e58199db3a5c\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9VkLv0omP1a6UkUDIDuVYjXwwf9aC9CT%2FKVNVmQVG6%2FdhnbOsQveYBRsubAK6a0eVRUR61o8em8l%2Bt78FJMkvSwhg7lAAbOWKyOg7OLw94SfjSjdD8pJLPlcOuzi4l%2BTA4Q%3D\"}]}\r\ncf-ray: a1c837e57a10b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 60270\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60270,"size_decoded":61589,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6f958cad40e3dca4b05a40581baa3404","sha1":"efbb027f29ff5d8c9dc8d9b05d58f28dcfb2aa77","sha256":"bcbc9ab8100fb2b63a306030d5e4a237635a9d676a8657c1fb62f8d2c51634fc","sha512":"9eb587145385ea0f25adaabb027586b2da2b9a12f2dafbb78c64ed6a7e070eaff2b4ec4b7cde943fcb872dd46e5cd870edd122b571520679ff2fb4770e6a8e9b","ssdeep":"1536:lEoWgsZBwkvIhBxx+Bf5eWZ1za5m73D46aJ3nKC0IJHE:lTWOkvszx+95eQza5e4TJ3nKC06E","tlshash":"a843f15fc545adb952353fb0f0640f85a9681022c7ff47bb4a92951b2a7419a34f348e","first_seen":"2026-07-16T14:45:27.667108Z","last_seen":"2026-07-17T09:29:35.733499Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000053.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.763Z","timestamp":1784280527763,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000053.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"103ea-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=60uqgFfYT8zLOzvq6V8axt1GYEoHC1IaOXYho6VIn0inrq2nbjaHKrPNOrLz9x%2BDv9MhF%2FU9bbuvIDkxtotteQtEL9FTSmzcOhiqYyo4UXeTEjYuTjTY3nupDKoi0hI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1c837f28a8eb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 66538\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66538,"size_decoded":68113,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7d33cd0041fcff5fa629832f45f4ad0a","sha1":"9102139a51e9417269f366a61a7df12d613dbc9e","sha256":"e69bbbde22b86c2358321637849c5c5e9399c490dd6d4b72d7592ca01ff1b266","sha512":"e3e1bef26efd0deeb084548913387d7a6b2053eb39df2792865764543200ad86f2f3111c8e5b87b2642dca898e3b09f7f4bb76327900c27f223d1c93f91f92c2","ssdeep":"1536:TIb3Q3k4XslTgctrSMYw4WSGwsAykktxblZO4cbMJuTi:0b30+xgctrmwx9l3blZO4MTi","tlshash":"bb5302d92864fca987a436a4e2f2453cd0d8ae3c5d745a3c5e03254863ef6746f3a83c","first_seen":"2026-07-16T14:45:27.648113Z","last_seen":"2026-07-17T09:29:35.735303Z","times_seen":2,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":192,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000077.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.557Z","timestamp":1784280528557,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000077.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a916-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T4UUtH8XAUvA5SwgxfZ%2Bh5YlRcZjMokqqt6rC0C1kFFca9MZPE9sJMN2B%2F1DNZ%2F0Et4K6sD9lF4AKzkzq9ZoAttl1ut96A0CkwnXwMj4XC5kvSI1G7X44JKOt5pHjis%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1c837f77ab4b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 43286\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43286,"size_decoded":44862,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0b770b5f64fee4d95fecad5299a8b4d6","sha1":"d920dfb4376cc66d0b4b09a51fdf7bb45fe20d40","sha256":"d4b15abee3b2711bc75b581ba175b310f185744733de285d61c1a1551db89d3b","sha512":"d19487d019c3be485ab2d413df5024aca46064582dfdbf1afddb38f3d6c95a10bdbf16844df8faa1ca9fbac8adeffc7b55ca5d811d525140cf69a00d9a66d235","ssdeep":"768:Fe4eOS8z0Tl05/La0taVVFvcC9reyVwZbs+fHmGwCkrbuL8x3Mxdd5+2A3Mgk:feOS84T4La0AVV6areyWZbs+fHmG612Z","tlshash":"2a13f2ddb0cb695c608a35d8c9378d385dc53661017cc91f99369bffe6b108aadc2863","first_seen":"2026-07-16T14:45:27.698699Z","last_seen":"2026-07-17T09:29:35.736757Z","times_seen":2,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0we0ww-ndg5vl.css","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.473Z","timestamp":1784280524473,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0we0ww-ndg5vl.css HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"20c4d-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67448\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kY%2FLFKGjL0ziV7vnOK1J5aZSeKAHSUGS%2FPENQYkNlStL6SirmmdE7dmHMss%2BmLkW2aPBxgcPS5FEpluOPEKwYegsdPOR7xkepU7xk7OcbHBCfyL0UYXg9syFgP6lSPM%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a1c837ddf9a4b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":134221,"size_decoded":24854,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"5aaa051d5d56b8a45b699353fe9bde42","sha1":"36f98462e17d90cbe6e35c317a3cb759edd390c6","sha256":"e47b1af7d863e79722e2ec0b77b4d9957bc0f52af6ecb1e7152705510034987f","sha512":"4b89817beb0b6c409c934b5596cab5b3c0799caa34ef3e340eb005a94ad002d13cf18b7a0031471ab8903d2b0043d3b1111de34dd992d2c353c4af23f89374a5","ssdeep":"3072:VCKV7gksgZumt75G47tJ/NOyzJnwn0op/7cBMq+WDhldhYVwM1X:VCKV7gksgZumt75G47tJ/NOy9W0op/7r","tlshash":"f7d3e560b129e53fbd37a4f4d3acb88c7229b4c0dd695ae9f951322263d33f10d6a611","first_seen":"2026-07-16T14:45:27.639528Z","last_seen":"2026-07-17T09:29:35.738108Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/08_1.webp?w=256\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.918Z","timestamp":1784280524918,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/08_1.webp?w=256\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"f51d685c06a0c79fe3b3d9f9fe6ca657\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: b7c938b9-40e6-447f-98d0-b37314f518a4\r\nexpires: Thu, 23 Jul 2026 14:44:37 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2HlHggsTx%2FyBhyORAzdInS6RPveP%2BsNVZZTkFaIi8vkYOYG4OW4KGiZKTuw9EtJmqD8TMEkQP2Jps3aHgxGsutBohswL%2BeR%2F1wsy6Np7Gl%2B0ehsPT2IjlS8lMMrD2FMMymc%3D\"}]}\r\ncf-ray: a1c837e0b9d7b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 52328\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52328,"size_decoded":53649,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f51d685c06a0c79fe3b3d9f9fe6ca657","sha1":"25767f7b189a43fd031a2381876b3260e166f1a5","sha256":"181a779b36d36df974ec59b948fe0d4dd8a25d67a34b73c76b2f66372ccf9c85","sha512":"a3aabd760f90636d2e54a64b0a65e5f24233972d8aaf9c1ca4492787d02cec0562ea5f9a203dc4e6e06946691b591650a8e1c69bc3747d04859326135c6d749d","ssdeep":"1536:LBf/MOUB9caP/d2Tmbg6LhHEb8BtTzwFKn8Xn0JpjPq:x/MOUBn1RbgWFEUXwsywq","tlshash":"9e3302211749633aa1b56efd7ec36b171c33644277ae13b290a0cd2bd7d8481f83ea59","first_seen":"2026-07-16T14:45:27.655844Z","last_seen":"2026-07-17T09:29:35.739768Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000111.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.641Z","timestamp":1784280529641,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000111.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4db2-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QYJdIVEa2eW%2FprOKXUrs6zn%2BeMv6%2FGBgWC8W34Ink0JQwvcBQOf5rkLeqEuggppwLIEuOlrsiu0Y8IWLD6FgngaPI1HGsXsUoG0G3%2BQHRmmUqlgeohz7B0HZBhPhNMU%3D\"}]}\r\ncf-ray: a1c837fe4af7b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19890\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19890,"size_decoded":21468,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"898ffc294509050a1ecbad4f8b686866","sha1":"aeb682fcdf02ffe5888e5de4c1ee7306db09c4c5","sha256":"d960ee80162569f673f14dd5b71a5bf2ef0f9b23f373df2dc394b238d31ee0bd","sha512":"d43a8099e1056501a6f4e9e73df73746197fbc4c7c71a69da059c6dd4f9a8e39d7f1138013d558cc61d2b541c83314f1501281fb470c7fc373048b82ed623c7d","ssdeep":"384:BOJZPB+KxpL+U7HDvu9sn8NY2DS1FyOybMbDK+wqzPbQUqRK:BmPBBpLdHrq88rMDK+xzPEUb","tlshash":"6a92d057226ee740a5f7dc628ccd3bda684b1142a4e1bda5fecc01a410a825c5a5d6bc","first_seen":"2026-07-17T09:29:35.740897Z","last_seen":"2026-07-17T09:29:35.740897Z","times_seen":1,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000013.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.697Z","timestamp":1784280525697,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000013.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"104ba-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=COPchVJ%2FY0XoX9xXUuyxqRsyTAs9Ge7Rgr9DODDwFGsYKTSYFDcZspzeJqRVV9hLXJOb7EAZXFyT%2FmEAd6BukC1izaOR2X0GmFkGOfMNtCTr3L5Oi1cfdYnz1DUmH00%3D\"}]}\r\ncf-ray: a1c837e59a11b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 66746\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66746,"size_decoded":68321,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b7fae7025204a3365e05f4fcb35f0279","sha1":"524ca1be09a639d03a0df55a6c5a5c551deda412","sha256":"0bf819a886d0800f50918ce89bac9fdabfa30c8518dae57df96bc40197ff5475","sha512":"a1b941c6e0a00e570ff214fab0bc47b3b28b95228bd8cbb36e99320fa7cb85bdffc61b293c81a837e75d8a44fd77ad2cbc8072603f835a58505e1ad7616b0460","ssdeep":"1536:Yofj8JSM8hSo3CbJJgmm9shD8nda8gfKaBGajL4ju1WNXmMrd:7jo3voSbDSEpfKQvgXjrd","tlshash":"a06302193bc597d0babe70b5010fb98653366fa17179b3b083c116e278e16069cfb927","first_seen":"2026-07-16T14:45:27.712256Z","last_seen":"2026-07-17T09:29:35.742247Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1369,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1324,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/09_1.webp?w=256\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.919Z","timestamp":1784280524919,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/09_1.webp?w=256\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"6f958cad40e3dca4b05a40581baa3404\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: f968d8fc-e97e-45ab-b903-52e5ad8356fd\r\nexpires: Thu, 23 Jul 2026 14:44:37 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2nih3C1v1HeszT5lwOxWQI6hf0MCesfP7dsWHAGfEr9BHfMBZWE%2Bi1aZIKmqR7%2FsKDuabEnxtNEs4uF7frXI%2Btpz0mD%2FcFaAEnYtrADys6guzrFJp8o3s1%2FzF5iUhXxbGxY%3D\"}]}\r\ncf-ray: a1c837e0c9d8b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 60270\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60270,"size_decoded":61591,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6f958cad40e3dca4b05a40581baa3404","sha1":"efbb027f29ff5d8c9dc8d9b05d58f28dcfb2aa77","sha256":"bcbc9ab8100fb2b63a306030d5e4a237635a9d676a8657c1fb62f8d2c51634fc","sha512":"9eb587145385ea0f25adaabb027586b2da2b9a12f2dafbb78c64ed6a7e070eaff2b4ec4b7cde943fcb872dd46e5cd870edd122b571520679ff2fb4770e6a8e9b","ssdeep":"1536:lEoWgsZBwkvIhBxx+Bf5eWZ1za5m73D46aJ3nKC0IJHE:lTWOkvszx+95eQza5e4TJ3nKC06E","tlshash":"a843f15fc545adb952353fb0f0640f85a9681022c7ff47bb4a92951b2a7419a34f348e","first_seen":"2026-07-16T14:45:27.667108Z","last_seen":"2026-07-17T09:29:35.733499Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000042.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.427Z","timestamp":1784280527427,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000042.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"114b2-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t9YhlqqjojjlZJ88TfR1cF1hGlGuiDMIlNaXZ0aQprswlT%2BgJxEN532Vr4olVl8%2B45FwdjeZrr380HzKGSoXWfGyDXW%2B77LSAbaNKiNqidD7%2B3BagvIFixc1bzx4Ftw%3D\"}]}\r\ncf-ray: a1c837f06a69b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 70834\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":70834,"size_decoded":72413,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ff0db4b8bc8f5757017dd22264a2c3b2","sha1":"744fa50ffdf6cbab04cb80943b89040e25fd7ea2","sha256":"7cc097524243536352dc17437d2c2c2cc1834ff40b1af2e526555f554b65ed56","sha512":"a3a15e3f93347f2bafaee665b0c448c3f476b1191acd1c482e4bbb6576e1858954d8ba6489e93a3654b402a75aeabf5ded1156979de9c50a3376f0d50f28e3a5","ssdeep":"1536:w/tiB0XND7E8qSccduk2eTWbHp+EKElwYycaFAQVWOVGJ3daBpeHSeznl+eOMEhC:jU7E82c8UTSKEHycaa0PVWeOSUceOThC","tlshash":"d36302c5207c5d6459bdd8a849adb8d713edfb27a9484c771df0a1dc28819b0aa203bd","first_seen":"2026-07-16T14:45:27.607463Z","last_seen":"2026-07-17T09:29:35.743452Z","times_seen":2,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000046.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.542Z","timestamp":1784280527542,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000046.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10cea-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TS%2Fg7w%2BRqQ3qJDmdjGiSZA3awJkBCG150l10jLKTQ%2FwuOEbDGP%2FlfiXvMDvcdwRWmp5NY7yzLGYO7kgoTKHB3mt2Jw5jrWJ0HZlLDHfmjTSiTvDQ2QjvQv6Rluj%2FxIY%3D\"}]}\r\ncf-ray: a1c837f12a79b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 68842\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68842,"size_decoded":70423,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d1528bbb3ad02bdc0d4b2c20777a1f79","sha1":"d713e80b38f05324c1e31a58462a6d690ab7b2a7","sha256":"5718ae8026834f8e78244c0d9ed014138aff44493c23ce382acf0632f2398e13","sha512":"51071410570854a7314f01a00cebb387b4fcd8f19c15fd8544d31077df0b912c44f3651099be49bb66a2e821385f2d2cf1f50e6f95097eaf17997dca63c6a94d","ssdeep":"1536:JV0z0x/7Jj/d/qYT0xXeun9eMryYQMkxUUNLavRUUxSjtdEJ:J2w5hl/f2PEMrJzUNMCLo","tlshash":"1963122d705d974df814510eb922897cfdd72fe6903c7864aeccbcb88b28df2549a245","first_seen":"2026-07-16T14:45:27.642298Z","last_seen":"2026-07-17T09:29:35.744597Z","times_seen":2,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000055.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.922Z","timestamp":1784280527922,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000055.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"11ebc-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UMQ9Mjw4Pf93ZnGeDHuIYVVPC5R8s5g0v0HyU0V26aOrry8CvbdmqbtJwl2NlUXAWakmA64YA9FZFKs6Xyl20JcFUaTHcJmEOStT4uzlmUQIm03trScCLiQLeRXPPXE%3D\"}]}\r\ncf-ray: a1c837f38a92b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 73404\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73404,"size_decoded":74975,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"da141212df406d22910b2e798f7df789","sha1":"7cffeb88378601e7fe679ceb6b3de4693bd70e0f","sha256":"168f0f0580b73ae65be00d9a7d484ec3e3d1598f7164312384f563134979a444","sha512":"a61e07005a4edeeb384883612b55ab13882891c8c7763e39b4d735d5b10c6a6b9001f6790576af3a0c8122a79a6d184fdf9d2fbe9edc90da9ebbfcdefc406a1c","ssdeep":"1536:qY5qRCo4sQheH4ENtlxc5vj6gv7YbdEQxX2ePN/bWlyUxzhL9Ra51PU:rqCo4mYENpmq2Qt2ubWl7dP41PU","tlshash":"1e7302be594b3208f0ea031ae0f584ec631719d0a635df764e87980b19336ce99bec4d","first_seen":"2026-07-16T14:45:27.703477Z","last_seen":"2026-07-17T09:29:35.745936Z","times_seen":2,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000072.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.365Z","timestamp":1784280528365,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000072.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a0a4-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sD8mW5pQ7w1VcE77F7Rz%2Bzt7Trc5uHC%2FnyLXOVhgKo6t217Q4NDrNqUkKacxP96vDonltmhiURMZk2SbCYbXJHHISCGj%2BeH0Vza%2BQKMEVjdrn%2B9QKm9geezH5MhXa6Q%3D\"}]}\r\ncf-ray: a1c837f64aaab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 41124\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41124,"size_decoded":42704,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b5b6e43e1a7127d16e9e42dc4890f190","sha1":"83012b249367fa49cc77f818e54449a9b71e4824","sha256":"482e96bf8a5a19298507672c52dbd8ed9160e5a6ceeb895993523ab14df8de39","sha512":"7d91b11775a977348b685f3477448367c4f364a68d133327afe83aa72985d14ba32b13cb9301f64c11cddb6385f4798e55019407183cc2e97f3f841c51e8d74a","ssdeep":"768:321NuUwBpguONtQTWLX2tJyruKv281HuQ1wjlFifpoXJxFkB83UaLO5q:3UDigHNvKtgDx1D1wjk6JxxUYO8","tlshash":"6a0301980e8e40d6d788f0ba37d6a1d55cdc01763a16eb57cc1e56a6d01a2ad4ff4084","first_seen":"2026-07-16T14:45:27.625886Z","last_seen":"2026-07-17T09:29:35.747193Z","times_seen":2,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000086.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.944Z","timestamp":1784280528944,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000086.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"9d24-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YR5LVWsSWDHEmBZFuUePHC%2BlbnXAlEiz%2F1vZA%2FWE966Qr3GdfwBkqjVjtQc1ppGsUIo3PsVUBdz%2BnXBlr2%2BYu7fKFdwI467JaG8MZee0fVlXuaslSPDo7Y4OjH4uX4s%3D\"}]}\r\ncf-ray: a1c837f9eac7b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 40228\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40228,"size_decoded":41808,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1e53203e22273d717c929c179569808c","sha1":"01878c68d8c0305db99ec0463824577056b7dd37","sha256":"1db8feccfe7cc9345e07865b6590764a21318c1f074db7dbf68c101760f924d2","sha512":"09ffe97746bcc82fa32127bc103ca7384bd51b73a847d7828d1ca942977394dcc873be8ec0b5f87cb5a7935481d0c28819f5a94529a3c36521ddb3d0d8ffa0f4","ssdeep":"768:slvGG3/TQMzGKQDb6HTgd2gf15wkOBYIz+fOf02AJc3uweQRdzL0uV0SkDc+A:sl9QMzBKbhwgf1SXBuw8cbRWuVPN+A","tlshash":"9b03f1ef19115872c6375d70e05942dd1b9ae1e1a008fe37af1c7c88a39dde07287ba6","first_seen":"2026-07-16T14:45:27.686301Z","last_seen":"2026-07-17T09:29:35.748858Z","times_seen":2,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000094.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.963Z","timestamp":1784280528963,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000094.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"5196-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FAU2CuGwumnedts7HZZ%2BiP%2B9d1W4Qc14u0WRuLEZuoQqG9KtMSxwR0i1bdeLNM%2FUyt7Fq9kdzejjIdiLJV8%2Fm2FIpUQPU9JMsrQ%2Fz1VHFepZp9ZZMeQkL60xRicOs74%3D\"}]}\r\ncf-ray: a1c837fa0ad1b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20886\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20886,"size_decoded":22468,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"75c74c5a0c30da4683cdb102fae629ae","sha1":"7b045689df0c76621dfcd2bf4588c0d0d554b143","sha256":"3a96d3af77a1dbe033666d77258096a0cfe4f3b8eed42b3cf5a03647b5c4da56","sha512":"755a3fa1e0ce5e499e94f9632775868a8acf302019e76559070031388680d8fac319e3ba6ff79aed3571fd568c102c65936304ac09f6991fb6248fba892faaeb","ssdeep":"384:cCjtt53VwVXo3mHOiPD600EdPV8gFlwFEUVTawX6IpqKe1E:fjtf3VwVXoMcS8gFltunNi1E","tlshash":"5192d03ee042997018e88c079f5537729e7ccf8f6ae97a6352d6c219dcb95209530c36","first_seen":"2026-07-16T14:45:27.626995Z","last_seen":"2026-07-17T09:29:35.764603Z","times_seen":2,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000107.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.422Z","timestamp":1784280529422,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000107.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4afc-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xKGHv0Pi1xIX6EyFKB698QMoiFoHNyEo8toy4uwrsuQfoNo6lxStjrmVsL06jcIikXjyc9UtQ0E7KFkbkegrhu%2BGzKH0bjvCPOxLjJ9R8MTFagzfoXg2RhBZq0bHK5M%3D\"}]}\r\ncf-ray: a1c837fceaf0b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19196\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19196,"size_decoded":20768,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"83229a7bec2bfde6027aa5e97e2b7a02","sha1":"185b87da1715a103ee0d9a9747ec67d5e87d8799","sha256":"4a4c9a18868caacda7097b3b3f2ca4748b9dd8616b92d9f79dbd970460c46a72","sha512":"fe5b4e6f686e797560fc697f0d2dae2abf0d982a365e7447da9beebfca0ce5159822e9df27b437fb5553af7776adcecc855ecc2763a940b081101cd32631c44c","ssdeep":"384:gpRzJnUgsPpyrWZmdC3OWYQk3puhkm2TbJfjta5InhAfZ:g2gsRyqZmd5dykmObdc","tlshash":"3982e1357f462e029058d34a5332cc70a9e561d3581af51a633f5d63b278b1fb4aadb0","first_seen":"2026-07-16T14:45:27.644158Z","last_seen":"2026-07-17T09:29:35.767195Z","times_seen":2,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000127.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:50.155Z","timestamp":1784280530155,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000127.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4f60-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MniqBctFVrs3Bxa5cMcYem8yTwUI3WpR%2FSzypmmVGhfwNvVPEOvSLCQQJPtuQvZKTqhUBV7FV%2FPDZGK89YZ7TnNARnJOv9FTEQEuTy7cWqJElPPZIBraymtq0gy4luM%3D\"}]}\r\ncf-ray: a1c838017b22b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20320\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20320,"size_decoded":21894,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"cf2c79126357a965bfa5e5423d03c039","sha1":"22fc5aa57f56ce7f30229a4f06906a68e27ffbde","sha256":"9b063c7ffdcb2ab6758391a7407f6b04a2b759d2cb807d5876c87ce1350ed555","sha512":"a6a7498df7bd32e3df2351ec7234ce4b5fac5d44147697b4bec983d8f50c4791063b1380504f139463efe4a9629c4e7ff509ba4339f4af6a7a90d101147f811c","ssdeep":"384:VKTAsYdu0ly3k8EpucikgC/YybKrC5U8O6sh8M9TRNVf0yLOGC/9qgR:VKTD2lgkBucikNYyT5UHZ20TRN10ySlz","tlshash":"2392e016d1c651d4a3118ac6d4756f52485bf28cf8f1be72962c5f342c6c798dde2720","first_seen":"2026-07-17T09:29:35.770158Z","last_seen":"2026-07-17T09:29:35.770158Z","times_seen":1,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000040.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.421Z","timestamp":1784280527421,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000040.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"11af8-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b08ln9tlmSbow2HK6YnTZq9mPUwvtL0LDDBCczKC%2FXlLGZdTzsdTlcw4ubM1HZ1VhHMXySm0QPRs9hVUQ5A7rHB1cfw25Tb1sRGI0LclY0%2BER27YDv3UDL880it9rf8%3D\"}]}\r\ncf-ray: a1c837f06a67b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 72440\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":72440,"size_decoded":74015,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5ad45eae322a37baec29e7ee7fb53022","sha1":"0aca3729b44ccba98ccd7d1209c62d4dafb55c40","sha256":"310116c7e6795bde0a93bbc33a702880f53107957a9d857eac2b6a44d1abee1a","sha512":"2b011a6f14945fb077f84b9b096e7019ba41204830e8212b4ab5c74c75ec2045ee8a601ec423db198087921a6b55290769cd188a58b28e954d5cbd6d9bfead6a","ssdeep":"1536:3gu/i0o0aYYwmyZVK+kKlf7i32Huz3s/HAAKa+O665raDKYqDUIBR80/V:D2wmyZVmKWOuA/8Y6uraDKlPR80d","tlshash":"6a63015bbb6374ec528f4146140063cb25966eaef82cf50a3aefd57926a435c0c73b52","first_seen":"2026-07-16T14:45:27.707503Z","last_seen":"2026-07-17T09:29:35.772634Z","times_seen":2,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000059.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.930Z","timestamp":1784280527930,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000059.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10050-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pxniEYhQjwZ46cKgtkkMZxBQynaxKr3pQ%2BMyPE6LqJccJa0WBYpojAYgOVsle6QNSOBc13hAnr5nLMZoi4xxt4%2FYBmjS9VlSJ0ZZ95xipI50R3OeTQB4FEZrnLD7R5o%3D\"}]}\r\ncf-ray: a1c837f39a96b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65616\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65616,"size_decoded":67191,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"70ae3893bf822eeffd0fdb17e21ac589","sha1":"588d874e6227493464a91f89b8b0d4b4857c1381","sha256":"f2b4ad0923d2bc5464f3a2bca4eb88b01af315da3193821c79266816b7f868ac","sha512":"9a52c8724ad32af8b279b2be2de1882854f3b6ea03d3a93f312e4c1a4625b6504f461ed333dff661c1c586016e6855556afe1ffb79bf3a975d04e82b3521a847","ssdeep":"1536:uMqpK5LoBLppWCwyqDA4CdoRQuGumNdWd+X1bFcJB4+57yUdTSuM:uM07gCwNxC/nNdR1Zcdf+uM","tlshash":"1d53023d92d7133b2d4a27065e5fd01d394b2f297bb60702314a986fdb088db64a7b93","first_seen":"2026-07-16T14:45:27.650202Z","last_seen":"2026-07-17T09:29:35.774316Z","times_seen":2,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000126.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:50.149Z","timestamp":1784280530149,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000126.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"509a-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i%2BARA2KsKl8yiXILSVVSkFeihWbAs3LCBYhMSQ1LG01siLKmg3ECsqEkw%2FODRmR%2BLLXfz7N00Y3BPwOOYcyZOwftstUOob17i4x1sty5UWeljF9oNEaSN67P8Fe%2F%2Fmk%3D\"}]}\r\ncf-ray: a1c838016b21b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20634\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20634,"size_decoded":22214,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b1e1938907e3f80fb56f32dc05e961aa","sha1":"31206af6a2c2bf0f95ec5b31d3c62c28faae6059","sha256":"f3b624df0d46011bfe9bc72b29f78f60ae9365729c095ccd152d5b90e1ac9094","sha512":"b58f7832cbfc4ff530de9abdd54c7d58b75493faf6aef41bfc931aa4e51f006953a00fb3ea580bf750facad0b652ba5d70655c57436fec38f0e7a1cb137541b3","ssdeep":"384:FZe7oHcaIJbWpbnaEK2rmIUcHVza2lu0J7GH2a5QlqeW58VrTT8gs1:FY74UJaRvllaV0J73RW5SHT8V1","tlshash":"ce92e069dd793e143fad88a563fb514408fa4e285b290392a17fc47cd215e948073bc1","first_seen":"2026-07-17T09:29:35.776229Z","last_seen":"2026-07-17T09:29:35.776229Z","times_seen":1,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":79,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0nmptx~h7ewpu.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.488Z","timestamp":1784280524488,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0nmptx~h7ewpu.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"6e4b-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BOCEnX5R7R2ZtudOFyQCe4HU8eTz%2FP%2F1teh%2BqfzeaU%2F3t8WLQ7fG46QdhKyVJui%2FFa5zxVIR6pJAD0%2BT%2BxUL0EbM9CYUBwx1IpL9W%2FW6amh0bgeHLnayYr2aYV0ieyM%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837de09aeb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28235,"size_decoded":12202,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (15483)","md5":"d37b29553d3cbe8e9a61c955d0e36696","sha1":"9c1e4ffbf9a53a6a56ef3fcbada0b37a1d57da68","sha256":"67f385fd04d73be929178b0b79eab985c66b55a48612edb931acccde9edec031","sha512":"0d6ad0e1868379143facbe724e79ec8866e6404abbdd562d71bf35fa92572f134f82cd5c390cfa559aefcb4f8680d8941dd2b86b08e99eba8640fecb22381708","ssdeep":"768:rNXqGnb9f/kS5mykvzFNjGiyclmniLMRZiXDtELY+:rNFb9o7Gnq0oMRsmY+","tlshash":"8ec24b6532a4fc9d734ac2d8947f440de22d1d74612ae054b3e98ca666649c8e0f2ffb","first_seen":"2026-07-16T14:45:27.714286Z","last_seen":"2026-07-17T09:29:35.777918Z","times_seen":2,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/03_1.webp?w=400\u0026h=300","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.526Z","timestamp":1784280524526,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/03_1.webp?w=400\u0026h=300 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"e73dd63ff2a69d3cf2d4dc6c805c2ef4\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: c7b7ae96-91ae-4996-a699-b68cd236694a\r\nexpires: Sat, 18 Jul 2026 14:27:49 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 500455\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1NsSzzm41Up9PhHqf0vY%2BjGGrQy3%2BzfTykPDPi9NzcE4NpJiz%2Fh8pRfgSK0lyuSun3wE0QPZ4aIvJrUsgtuyLy%2F%2BkYDcvMv%2FifG8vvEn%2BnH2ht%2BUP9NmtRTzqOsNBTP19Lk%3D\"}]}\r\ncf-ray: a1c837def9b5b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 81174\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81174,"size_decoded":82502,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e73dd63ff2a69d3cf2d4dc6c805c2ef4","sha1":"9f4cffc880ca4d205e3c55ac454d2551b30229f9","sha256":"d6f0e2d7c033c6d0d308ff3966452996cdbe1ff2a3e8e385aa8660a2ef61c4c8","sha512":"d475292f4b482c985971847d42f79f0bf46a10ca892796db5d212834269136737753cb9890015ada34fd20194975a67d593941f5c24e896cc99e1154d02f0670","ssdeep":"1536:1uZHO1FWaYJadGOCf2JwQ4kpVr02y37r24qfk1lfG6DX3FaQRa:1kua9a4r0wQ4krr02ffIlfTFJa","tlshash":"868302f0f0dcdf3293dd298a95443348ef9942ea444d9e55d94283e5bf02cd7aaa70a8","first_seen":"2026-07-16T14:45:27.618422Z","last_seen":"2026-07-17T09:29:35.779195Z","times_seen":2,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":78,"dns":106,"connect":0,"send":0,"wait":13,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000104.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.418Z","timestamp":1784280529418,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000104.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4c38-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3C3EJYi6AODN4JIM9c6sjzHHSOvkXosCcgE3kOLlVBvgKjd09Fw9xX717NNOTcfVh0lbn%2FzeEcte9ksg5dOZ65t7oEE1p0pvuwOxPkFJQku2irJNzaY6O6c2zOki4r8%3D\"}]}\r\ncf-ray: a1c837fcdaedb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19512\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19512,"size_decoded":21084,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"665480359942bce1261dce00ad67a7ec","sha1":"37e9e671dce1c653532a249db09728e88e609458","sha256":"08485607ea87935a61c48c9275a76c848a1488af56d52644af832bae35a2a510","sha512":"8c0e6a777653c6ffc1e56df2ff20bd19ddf39bfe470da33fcd8a275123aed30e42f0e24ffe2729e04d29551dc974951e247f18a0d4ecdc3f79ac1139fa10cc5b","ssdeep":"384:7uPjcqvM/jWzQdeR7mLESsUVAp6BWMxiYH4SsAZRq9T2JOERBqzk7:7uY/il2NApAWgt0qmzy","tlshash":"2792e1e82aa4e1d146663002aef65288f568341ff4735e55b8d0bd6fd81e6be072c31f","first_seen":"2026-07-16T14:45:27.678953Z","last_seen":"2026-07-17T09:29:35.780409Z","times_seen":2,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0abdc150p0_.k.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.476Z","timestamp":1784280524476,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0abdc150p0_.k.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"c43a-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f0Je2gAluhwenyDe6Bm%2B%2F5QCX2GlT%2BZTXCb44TIewDmQN1m7ADzkbDt5yB3lVjAoLDvwbyORJNmKpNX7yF0Au6ycV%2FLLS%2BQbHcNpHiujt2HxwmVKZ%2BUZ8GCBHApxnAA%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837ddf9a6b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50234,"size_decoded":12184,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (27239)","md5":"032d4d813c69a96ab5bed27442f0fbb0","sha1":"5ff82701cccec92587b7bc5b2658953380c7cf25","sha256":"bcee9fd433391ca535801a03998f040d5c339de1b16be3902097993fcd926d41","sha512":"e24975bba645869660ebb284b477e71b1d6de6964283d6fe6153c6647729910f8409612544aed78f419025f498553fa5b4e7063e507d36978459e3745eb48275","ssdeep":"384:67jDdkTd9ijjT2DwNGncTI2II2q4eki0rRvI1W16DvXxqpkKM8wjn0kD6wmhuoom:wgwNykIg2d/rRvIs1mvxqml1jn0kDy","tlshash":"bb33e7b232d4faa2539341e1d43f2016f2390c75206d6474b7e89ceb754c88da6bafe5","first_seen":"2026-07-16T14:45:27.692128Z","last_seen":"2026-07-17T09:29:35.78186Z","times_seen":2,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/04_1.webp?w=256\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.914Z","timestamp":1784280524914,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/04_1.webp?w=256\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"ea21f58fc40f227fb2d2f00793c1370d\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: a35438e7-bbfd-43db-b226-5383b3e43c8d\r\nexpires: Thu, 23 Jul 2026 14:44:37 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YvjHMvkFacdgj3DBXypsJxe3l1KhB4ZfHrk7u75MZTNENE0cczBBgQk%2FEviNRiXOl69bDw8tonjb8H9Ug35c0GvbbhG8xgzNj92eeAwHHmOsmHOtgVnHB9XpdS7Cqumq%2B%2Bc%3D\"}]}\r\ncf-ray: a1c837e0b9d3b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 57402\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57402,"size_decoded":58719,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ea21f58fc40f227fb2d2f00793c1370d","sha1":"ef24185de1f8197aea03d359526787a93a7b579c","sha256":"c2c2bec10d66df7fa43ee930791ee31d1e48191a74b1b94970e23e585ff02f68","sha512":"90c5fa9d6025c691cd424cd83bd898304539255624d620df4232e583db41be6c8924e746e3b72efcebff825f5b551163434387480bcef5a604cfb86bcbd12a2e","ssdeep":"1536:2vJFp9oBwqpC3687UbAhcB+Vf1urGGzJry+dUFTDdChmD:SJFMCaC368a+9UrGuxGTDdCwD","tlshash":"ce43025173cfa017bc758a0a0379c1cc8e85e5054d817e626c3dad90b1a85f69bb7b78","first_seen":"2026-07-16T14:45:27.61126Z","last_seen":"2026-07-17T09:29:35.783018Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/06_1.webp?w=320\u0026h=192","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.666Z","timestamp":1784280525666,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/06_1.webp?w=320\u0026h=192 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"0f673ad874e598bc3fee91e58bc2b9e2\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: a3230c79-1fbd-4266-ad32-ced922f53db9\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aVl%2BxinM0AWIydkDubWBfcpk3BN0UFfGndks9vfpwY8vHSPHJUmMmhzFJ%2Fzc0WUQHQpD9cHCS28N3NbKa85Fc3B27HRAGBjKYh5gdsMwoF0JJVNVjbBoSPdrThp4uN3coXQ%3D\"}]}\r\ncf-ray: a1c837e56a0cb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 95820\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":95820,"size_decoded":97135,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0f673ad874e598bc3fee91e58bc2b9e2","sha1":"0ee074bd9ce1e9603097b5680fa889b7f049578f","sha256":"9a3052b1dd8165dd15984cee6b0dc3789201719ffbd62e9ae1b1b516a72c71ea","sha512":"327f9e9f816e3192b42dc5196fb9824ee950121c0605c49bfc06e4946713fd243432f01ed1a5abca2a95140a1a278c0e095f0e5086506c41a0c86bc277021f9c","ssdeep":"1536:x2+3U9LGY7lzFZLtJDy6otMDSFs7D9xyY4vSrwD5MInAO3F8aK2330ASsV3Q5u6D:c+3U9LThZpRotM2F8xxyrlvd3EAdWjC2","tlshash":"569302bd4380af3775f63782c5b61dc2b70c264cfafa40481a7f6996f41628b1ad6478","first_seen":"2026-07-16T14:45:27.674838Z","last_seen":"2026-07-17T09:29:35.784296Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/03_1.webp?w=256\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.968Z","timestamp":1784280525968,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/03_1.webp?w=256\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"e73dd63ff2a69d3cf2d4dc6c805c2ef4\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 9b4a2801-6de3-4067-ab32-84feb94c08ae\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kcEULI9eDIejjNEO2Ki7OLfG8LACpe4GNPj9BfNjMjvvEDagzasv78UOB3wdKf448y2gQAw76%2F2zdaZ2qjqGP2kBYlaCdT0%2FSYByDoOLQA7qzeVsWG1kODhML%2FwVRp%2FGGlw%3D\"}]}\r\ncf-ray: a1c837e74a18b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 81174\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81174,"size_decoded":82493,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e73dd63ff2a69d3cf2d4dc6c805c2ef4","sha1":"9f4cffc880ca4d205e3c55ac454d2551b30229f9","sha256":"d6f0e2d7c033c6d0d308ff3966452996cdbe1ff2a3e8e385aa8660a2ef61c4c8","sha512":"d475292f4b482c985971847d42f79f0bf46a10ca892796db5d212834269136737753cb9890015ada34fd20194975a67d593941f5c24e896cc99e1154d02f0670","ssdeep":"1536:1uZHO1FWaYJadGOCf2JwQ4kpVr02y37r24qfk1lfG6DX3FaQRa:1kua9a4r0wQ4krr02ffIlfTFJa","tlshash":"868302f0f0dcdf3293dd298a95443348ef9942ea444d9e55d94283e5bf02cd7aaa70a8","first_seen":"2026-07-16T14:45:27.618422Z","last_seen":"2026-07-17T09:29:35.779195Z","times_seen":2,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000022.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.579Z","timestamp":1784280526579,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000022.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"1228a-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BQ5HvG%2B1o93%2BQQZL28iTaSMwgK8X%2B9sI1ksKRJCoZGaRSvyjfO07wntj8i41pysOUj4t%2BcKDUnZTC7Tpyi1iztp58p0%2FSSDNQfK%2FPJp6yhUTD2jP7oLciinOlDEL5Rg%3D\"}]}\r\ncf-ray: a1c837eb1a43b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 74378\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":74378,"size_decoded":75961,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3b21bd621951a0731df871c53cd10b03","sha1":"6c5fb86ed926872e0467c242412bf4c6e69a9b03","sha256":"99d73faefc276fc429be06ddb0ef5452603d630950fd3656a51287ac46b600d2","sha512":"3235139ba9289fae3b349e478091856f674a82ff420f4111da68d65995d6b485998c8e5a726f807bad502cd5e5da617c793bcc34b12e5687126e052f970e786a","ssdeep":"1536:fsfkrwmk/ZmhlYeDXqzOoD8IsY6RHwL61qGpNT9VYGBE8heW9dihE63:0bmk/Ucqof6RHuGD9p/XdcD","tlshash":"4f73129b29b606e4d4c101813133677b257f3f9effa7116eb837a2995261833263f851","first_seen":"2026-07-16T14:45:27.61226Z","last_seen":"2026-07-17T09:29:35.786428Z","times_seen":2,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":339,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0_4m0twy_g~jb.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.494Z","timestamp":1784280524494,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0_4m0twy_g~jb.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"11223-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BGyFn1x4jcL547YyaBv82Tyi8%2FvSX69eWYKBStbVfQkJUlATus8b7Eiyp8%2BI3XsreTJncoXeJJl4kbYDJzeb%2BN0midhpkFQaBuwrFfd8y3M3LE9SqU3jZLnaKL7b%2F1s%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837de19b2b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":70179,"size_decoded":29008,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fdcd58310b7154189e75d1e0e1cfb6ee","sha1":"2dcb5f4ec23bdd0ec0aa9c6d05d02d0d7a0235e3","sha256":"2189fd9819998a268ad031ee737a5c9695c9e7498f9c213f6dd585810e056893","sha512":"366d208dd6b238c2d113b929554e8dd694488606038fe311bb792737139a6228884a9c84a3eeb544c5c8a6c19c8c84fc0fa05a57bb717448b3ddb921e437b168","ssdeep":"1536:YeGqvDjMVfp9PnnqVi3BnA+lqqcoSM4odxDtf1E4ZrJ1vYrS:YYLjMRnnqlMp4odL1E4ZLl","tlshash":"e363d6ddb292f426429661a0843f0a4bf337ad94740e096cf229d4cd7d3c999907bf7a","first_seen":"2026-07-16T14:45:27.724051Z","last_seen":"2026-07-17T09:29:35.787907Z","times_seen":2,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/02_1.webp","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.813Z","timestamp":1784280524813,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/02_1.webp HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"bf0e133e890a1a5f10289261faca3194\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 2e5583db-8f12-4f37-adcb-a68f64bb3ec0\r\nexpires: Thu, 23 Jul 2026 14:44:36 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67448\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Yh4KvX6I4BfEylUmRdl%2FbMAIryX8zGTQnBn8Fim6dtFhQSLcgLRMfXlKQoWa1JQsIQQRNmokDQ4SwoEf01HjLC0LTg2F28tLQ5N35ws62a5zlAvO6YP4RmGZXiDt%2Fz0F03o%3D\"}]}\r\ncf-ray: a1c837e019beb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 62014\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":62014,"size_decoded":63329,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bf0e133e890a1a5f10289261faca3194","sha1":"a1b53704bdcc5c210af9cfcd42840be512d79147","sha256":"72b396e53ac3deae87702a15cbbb8f0ecb3753f9368edcbc9c9c7fa7ab9724f6","sha512":"c18c36e4361a5d1a7e8083a4695cf51e670d3217159e7743f8f7135471251d913487a1a3735b501207ab5b5088484a6e0463c6894815ad8848d340857c676693","ssdeep":"1536:xAhYDsb0V2v41sgfQEj66A/PGI6cr2Awozvm4s:wYxQwCsDj66AHGnm/D1","tlshash":"69531288eb85ffd1e9d77686f430833bebb05ec713ec0b6859614901623d9ac627a5c4","first_seen":"2026-07-16T14:45:27.656832Z","last_seen":"2026-07-17T09:29:35.724572Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0_uwzo~dpayvg.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.492Z","timestamp":1784280524492,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0_uwzo~dpayvg.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"213cd-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gLxjstaCjDvhZ1cy2fP1Hch9ksWoi7%2FxCzswLR0KAh4QXpdjCaLXNbQ5rUKjiukHgn7NEb84IVhGFPr%2Bi5yJD%2Bz%2FBWa%2BaLcaeXdihdmeu%2B9TgFMYYAwhI%2BZjO8YeZ4c%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837de19b1b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":136141,"size_decoded":36206,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1f3482b2b412ee775234544fc8c22294","sha1":"e5f92f09d6f77eb00c2797e4e340e3d477746fc9","sha256":"ffeb79f3004bd27479d6db92a06f07551053c4b98782524b7dad8482488b60b6","sha512":"a94a5ab9dfed8fa49e7dea7ffd5bd07149a4b8091f9c89ed299b9b0af44b8cf40deb2836873f7931acbd8d58676cd23bf9321e88664e251f0c2263d5a88be837","ssdeep":"3072:5a/H+1BRf1rEyq5CCQiK7a7/pbXON9z59bJ:5av+1TfhPq5CCQiK7a7/pbXOTF7","tlshash":"7bd3f9b5a3d4eaede1098be8846fd00c766f35acad6ac454e3e49d347d184cc361abd0","first_seen":"2026-07-16T14:45:27.617466Z","last_seen":"2026-07-17T09:29:35.78949Z","times_seen":2,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence-cards/2.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.021Z","timestamp":1784280525021,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence-cards/2.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4c92-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=moZFtOQmQ0MRsL%2FaI2qSqt51MyCIRUZZzZEAXf1bOJpbmCV1Jyg54vXxdcmXwQBo4JquRYX0HPcUJw1ereA3MT9gDnmib57akU8CH1wHpvZ%2F9UqkIUv96VIXLSr8AHU%3D\"}]}\r\ncf-ray: a1c837e169e2b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19602\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19602,"size_decoded":21176,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a8983e5c98eabf94b97554a9d861c469","sha1":"6ae8309f5b54e177bcf4c67d0adbff03b836ad60","sha256":"a0da095159f52af0ba9645f8bf70729d953e0b99e35d069da1068ecf2cee6933","sha512":"8c090d88698a4bef5a661fcde979b5afb4361b8ef6f7f05f0e62fcd4d6a30a9f50c6efd7372bf96d3491bab6de5439885edb8b56945338c30247a9f0b47d7492","ssdeep":"384:Q3D3EFGR8xf1u4wxpL0gkGa2GitS0SBh65T1U7Z/0GyZ:Q3woGuJHL0gXa2Gi6q5TeOrZ","tlshash":"7292d043d13fa74eea70b2844e4ba52b1e152fd38f44432886ee7144ab883ff418bd65","first_seen":"2026-07-16T14:45:27.687394Z","last_seen":"2026-07-17T09:29:35.791295Z","times_seen":2,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000012.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.619Z","timestamp":1784280525619,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000012.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"103a4-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i3NwW8j%2Bkb2g6kh0jA8DCjghCBe366d9NodgsUvJNkykWFdU9oUSsLnK0fU2QbPVEhcDU0hcNWP4puz0LaLlTA22OnZLA%2Fh808As%2Fs1ULS%2F2DbcItbYDyU3XwEvVX6U%3D\"}]}\r\ncf-ray: a1c837e51a04b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 66468\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66468,"size_decoded":68047,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"23618273929adce7b81f85745fecaaa7","sha1":"981854c1f0f4ebfaebe8392b5d79207bcdbc41eb","sha256":"3725dbe23f7e35f637fd7ea23aac08971b8ceade7df890009df40ad52b9b44f7","sha512":"ec9ef39b323a3b53eeddcd3745d35d8a846c950531699945641159bd0d50b7cc84e55fc6b79eed9b18317d2b6c5fe758a50b1c77a67969c0e7ec49a7aa3a1465","ssdeep":"1536:iQp+cVMU1EsYsSlPXpKQl0CuHm1En+Pi/BPX1Zl3zcIe:iQp+cT3Y9BXPOCuHUEn0q93zfe","tlshash":"0a530289d23d7271f34ba15b2f8ce67ea0cd0f6a30e5a4567332b459b49026b1d4f48b","first_seen":"2026-07-16T14:45:27.629991Z","last_seen":"2026-07-17T09:29:35.793091Z","times_seen":2,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":382,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/04_1.webp?w=320\u0026h=192","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.663Z","timestamp":1784280525663,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/04_1.webp?w=320\u0026h=192 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"ea21f58fc40f227fb2d2f00793c1370d\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 54641b91-cf86-450b-ba99-eec7236093bf\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8lfaH2CJqCtKkzKhQT9%2FDIZ9g57gVFHfmovMPR4JAo8k5OaAwTminAXEMo1JgX7lLiWFgGo%2FdUigEM%2B9ChfvDte14CfVCZDzk0NmJlhwQXe%2B2P9S2fhnF%2FnUYXhU7XIrT0U%3D\"}]}\r\ncf-ray: a1c837e56a0ab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 57402\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57402,"size_decoded":58723,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ea21f58fc40f227fb2d2f00793c1370d","sha1":"ef24185de1f8197aea03d359526787a93a7b579c","sha256":"c2c2bec10d66df7fa43ee930791ee31d1e48191a74b1b94970e23e585ff02f68","sha512":"90c5fa9d6025c691cd424cd83bd898304539255624d620df4232e583db41be6c8924e746e3b72efcebff825f5b551163434387480bcef5a604cfb86bcbd12a2e","ssdeep":"1536:2vJFp9oBwqpC3687UbAhcB+Vf1urGGzJry+dUFTDdChmD:SJFMCaC368a+9UrGuxGTDdCwD","tlshash":"ce43025173cfa017bc758a0a0379c1cc8e85e5054d817e626c3dad90b1a85f69bb7b78","first_seen":"2026-07-16T14:45:27.61126Z","last_seen":"2026-07-17T09:29:35.783018Z","times_seen":2,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000078.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.560Z","timestamp":1784280528560,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000078.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a60c-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=G38PKA7hlmDy9K9rm46a%2FL%2BPXsF%2Fs3P%2BNSxGk3gHoJib8jzZGhOKOk9cLYIeL0EAAf%2BnjKOva0S8Nfv2S87tW7wRPLTrxh%2BBjXaTuu5nHQFnYLJGNLVuTAJQ2CHVRT0%3D\"}]}\r\ncf-ray: a1c837f78ab5b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 42508\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":42508,"size_decoded":44090,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c2e60017c955402f17a19d5d326144e5","sha1":"df4fee6d2e4fcd56277ff7dfb6ed66b9eea38b91","sha256":"d50571ba3431ab7f34467d4fc3d69ae0841fedb92f90a48c9315d604a8eac5e9","sha512":"9d6f81be60c9b7397b519a427e73ecdcbf178542f21c62019bfef4480816a7c0b8c964ea874e69f54bde1625281543241d5c1839a5ce88c6c811141b71aad58c","ssdeep":"768:nqgHAxERNAid127wEdjflYIZHJTPqgjhXpopeyu8cQM7NxuCZOastZ1BrFvuostf:nHAxERNPL27ww7lYmxHHseyubQMDnvI0","tlshash":"d91302f19eb63dc2c06c0ebef5449b0e30750e559ae0dab60c694131f1e271e8bbe51a","first_seen":"2026-07-16T14:45:27.651307Z","last_seen":"2026-07-17T09:29:35.79485Z","times_seen":2,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000029.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.840Z","timestamp":1784280526840,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000029.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"12a64-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q8zp4tFg1bCRlxnZVb6jFjyzfKUSnNq4X0a%2BxQ3ME6LHUrM8L%2FGCB%2BQeIuFOQ%2BQAvMAQ5swK8T1iB2iNPwkFcusVylR8Xv4LAj7rY0BFL6XyHEbJYyuli4OQQ0wyXqI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1c837ecba4eb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 76388\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":76388,"size_decoded":77967,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"dd59ab8f90fb9195d6d923c70eaeade4","sha1":"4f8ee17e9d8dd9edd19b1da3c71f6d7b09dfe5a6","sha256":"3a7668b49461e79d77a04ba1af546f7778826198c95836d4885565893958f5fd","sha512":"b9c4e4cbc589f2db094dfaa1433a57e99b83f593ff01d637b5aaeb290b5ead1fc2a409a96b9acf0cc1664851b361556a89e05963c70a73a363738637b896a730","ssdeep":"1536:XAGsUPuyr/EFkmHe1+xTJv8A14UfHrpxnQt9XZUfsTh9owNhQ:XAGbu35eaTJL4CxnQt3Ufch9owk","tlshash":"477312ef578f076f95ffb07132792d2ee40387dc6a43a81a29100de1cd1ed492ba8526","first_seen":"2026-07-16T14:45:27.6451Z","last_seen":"2026-07-17T09:29:35.796433Z","times_seen":2,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":260,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000037.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.246Z","timestamp":1784280527246,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000037.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"12c20-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fnd0MC1SOKO62P1e04Pl5z2nLZFKq3mUHstqsQDT%2FM0jwQSttlZy1ELJM%2FTGXKWBb20EvQ%2F8IfQO17HOTo%2BMuM7mFC0D0wGS2VKw1l%2BvVLA%2FeQJrDZIeEle6N2PA2o4%3D\"}]}\r\ncf-ray: a1c837ef5a5bb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 76832\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":76832,"size_decoded":78415,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d29082704646d0f30f0ab95d614498ff","sha1":"1d8924232b58c459faae1278dea920ca07d9cbfe","sha256":"eb98acad9a7cbe2dbd5c16875f41119c28652df06eb21fd4797cbc8187fc6711","sha512":"f07bc29d22635db564a61bf328f99ecd3fa5cd512aaca02a14d18485142804d57af600cf508362f42cab4afdec1757b6836f17d2e774137ad6e1311c59576901","ssdeep":"1536:PUY13qSM3UFThjPcZRPtj1MFTXg+gaNT1GFzADxG0gt/s5hS/:ZSyJPcZRVjOXdzHNxstQS/","tlshash":"6373028f955c292840d93bad52f7e6d8db33c75e01ce22d011b67e5da2cd8808eda5bc","first_seen":"2026-07-16T14:45:27.738432Z","last_seen":"2026-07-17T09:29:35.798045Z","times_seen":2,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":298,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000089.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.956Z","timestamp":1784280528956,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000089.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"954e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w1HsooC66QqDWD%2FPAhXjUM%2BK50MSsJnsubVydPQUbVnyfxaMmwqLy2jQ4atNBMo787qIjhDF6wbLVSW17VbF08tFM99gouE3TMpIefUXxsW%2BZHF3Qw3UShkCFvPBKGk%3D\"}]}\r\ncf-ray: a1c837f9facbb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 38222\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38222,"size_decoded":39798,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c1fe3f02edb698a658db089ee155f293","sha1":"94b480c67e0c7012afeb12fabcad4833e7b75294","sha256":"94096b346c74e23b017843ddfdeabb65369d11d1ca519c69e1a4724da73c20d9","sha512":"31e83301349e5c33960512a261e76a4c197c15168c248de9fa67400b795fa453f701ddd58047904f476244deb862bbb9d71b11876dd67a8829d8d6e8333a7151","ssdeep":"768:15wWkSS8ikNE38SdaMnX7RALZz1Utx42s8uf7UgGesqWou:HwWskmMSdPWZzqPs8uf7l9TWT","tlshash":"4e03f2c4d3823409d6ac6071e95341c3e889bb465e02dbb4d5c1cf17db267eb65f48ea","first_seen":"2026-07-16T14:45:27.728184Z","last_seen":"2026-07-17T09:29:35.799574Z","times_seen":2,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":252,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000117.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.802Z","timestamp":1784280529802,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000117.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"508a-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N8oJrje4eIh538i4Y2DuETdV0hxIHBIWeiDcicFuK2kgtFvp2fr50YKn%2Baw6UBU9BBJpSJLrFwYI4XWX0d9NZUcq8gvmfuvklqhWWWUuQ2z54fKVbU2mYhmTemmBWr4%3D\"}]}\r\ncf-ray: a1c837ff4b06b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20618\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20618,"size_decoded":22190,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1886bf16f5d08496436f9954062d0842","sha1":"d499069ba68401d8e5d5b1f5eec51341cf9f792d","sha256":"180f51e624bc83a43e98b7f92330b3d4a213b60bb132e9a23103f606520f19e5","sha512":"f0bbfbd8f00a8a3c4e47bbb5fbfd0b907eeca5e28af7b5aeda4bf3f9dd2d28f707b5cfeb239848f0f43c98f66b121c53c4573607b35f4b6a06450259e24e069e","ssdeep":"384:KCyz49Z+Cjr5TH8dIfbrNsCEgmuVmild0puHtIlKnyAJgvuAK9d:xZtr5YCz2gmusilykHgKyqg2AK9d","tlshash":"6b92d0baf4d5a89b998c1238707e1097dd2cb15cd14bc9ec98662dad818eaff3181274","first_seen":"2026-07-17T09:29:35.800687Z","last_seen":"2026-07-17T09:29:35.800687Z","times_seen":1,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":197,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/05_1.webp?w=320\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:29:10.329Z","timestamp":1784280550329,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/05_1.webp?w=320\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:29:10 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"6dea2c3024d92d46c4b800ba250f4655\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: b205aa7b-e616-478b-9c58-bc002f8b5d63\r\nexpires: Thu, 23 Jul 2026 14:45:04 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67445\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wUwMj%2BhK5i64c0xyqR4jj8l0fwcmXB%2F1d45KPJnjjPcYV4mMvxPp3YKnmH4pC3F5D9b8dHtLlmqmu7exDUvhStq6CFloOJ7epihjsDjQCaQHcmyAd17WdEgXY%2FgwAE2%2FdZ4%3D\"}]}\r\ncf-ray: a1c8387f8a51b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 64222\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64222,"size_decoded":65541,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6dea2c3024d92d46c4b800ba250f4655","sha1":"d442c5d36be683637d90b20653c17d43c2f5de0c","sha256":"3c01660962b0a2d8d307aeada9c74d7d6dc53ef03af6d01d98190c2db1c5dbff","sha512":"53913360b84bed701edaf1529d4afdfca660799696abd103211cd66b3ae13f9070f81e545a4c2d9697889f0fb2cf1de8221f25a9494e0c9cb412901bf2a82974","ssdeep":"1536:5Nkn7y3Ay/r3dr8+Rw+sibgxc3mwaOBPWL20QQqbCG:Lk7y3j/DOyw+XbdWw/W60ZO","tlshash":"6653025daa82fb17148e7d6e4cc52e127422b2331950a73a8bedd1ed60282dbd0c15ff","first_seen":"2026-07-16T14:45:27.61026Z","last_seen":"2026-07-17T09:29:35.801857Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/logo/earth.mov","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.792Z","timestamp":1784280524792,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /logo/earth.mov HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: video/quicktime\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"570c3-19f5e9336f0\"\r\ncontent-range: bytes 0-356546/356547\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lmftQVgJSncgKPfyxjTgJYC3NR1sgvE0Dc%2BtZtkBeOfdQDLR%2FbrzCCM21T0lQKA4b%2BrTwLwkYWmbU9Ys25nRR5onwndElhQPAvQBXpPqYf%2FHaDO%2FpNY1Qhd%2BMfbHS5E%3D\"}]}\r\ncf-ray: a1c837dff9b9b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 356547\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":356547,"size_decoded":358177,"mime_type":"video/quicktime","magic":"ISO Media, Apple QuickTime movie, Apple QuickTime (.MOV/QT)","md5":"503ce345198466b2657254462b873469","sha1":"08c796d941c8727c95482f1952b20a48452c6746","sha256":"5162598c99434a580fbf3d1b6a9ffc7bc9713dc45bf9bbab15b819b1a83e25e1","sha512":"e640f9d62be396b39ebef04909cc19fac2b08144f69898212ce02ca5dde9f09ae570c1b698b4e8cb53975de36d4f7a594bed8b9c85a120c962ad95489df9645f","ssdeep":"6144:HtfMGWEshcjqalTPBJ6Pb/3OGuM5MYxsQ6EuJtFZi7u0cBwlf:H5WEshSPBAP7OGuM5MQ6Ec1Ku7wlf","tlshash":"a574010433931ce6f01c93b3c4ce57066b175aa3a5d85a81b9cf96e87f902719d439bb","first_seen":"2026-07-16T14:45:27.668664Z","last_seen":"2026-07-17T09:29:35.803441Z","times_seen":2,"resource_available":false,"data":null}},"time_used":380,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":165,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/06_1.webp","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.818Z","timestamp":1784280524818,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/06_1.webp HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"0f673ad874e598bc3fee91e58bc2b9e2\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 770b6407-9d98-41dc-b7d3-8fc9dd006252\r\nexpires: Thu, 23 Jul 2026 08:03:59 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 91485\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SXDp%2BqtsNPq99rFPCMfWDHgTXKrbDak3ghURldhQpQPTz1IgTS8kwhVcFR5QzTowv7JcsdcyeaBNj2a7XX5XxhsCvDqU2s59NF0DfD27By4AfwRJflFJFDxvVyrX1YkYG4Q%3D\"}]}\r\ncf-ray: a1c837e019c1b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 95820\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95820,"size_decoded":97133,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0f673ad874e598bc3fee91e58bc2b9e2","sha1":"0ee074bd9ce1e9603097b5680fa889b7f049578f","sha256":"9a3052b1dd8165dd15984cee6b0dc3789201719ffbd62e9ae1b1b516a72c71ea","sha512":"327f9e9f816e3192b42dc5196fb9824ee950121c0605c49bfc06e4946713fd243432f01ed1a5abca2a95140a1a278c0e095f0e5086506c41a0c86bc277021f9c","ssdeep":"1536:x2+3U9LGY7lzFZLtJDy6otMDSFs7D9xyY4vSrwD5MInAO3F8aK2330ASsV3Q5u6D:c+3U9LThZpRotM2F8xxyrlvd3EAdWjC2","tlshash":"569302bd4380af3775f63782c5b61dc2b70c264cfafa40481a7f6996f41628b1ad6478","first_seen":"2026-07-16T14:45:27.674838Z","last_seen":"2026-07-17T09:29:35.784296Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000028.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.837Z","timestamp":1784280526837,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000028.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"12c80-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Oje1k3WZv4iENC%2FyfmVzjxDkwoqd1pD%2BTtypGHrXcVAZl%2BZ8LJl%2FNeKHdPZalLPgF8POfEHRH90qcZ5kYvjE9idMRH0Dh%2FI74U7f4ec0nq86CsTd7bUt7UAI5Wze2Dc%3D\"}]}\r\ncf-ray: a1c837ecba4db51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 76928\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":76928,"size_decoded":78509,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"835b84ebe64b131ebc6be05de28f5aca","sha1":"5438310e3e41c7b1a56ec4ed70c1e743c83fce4e","sha256":"2354022198bc6b005da70bfefda7e67e6d18a0bfb379315b9474f2dab7ce229a","sha512":"28fc28ab659c9f921a814616c1913d3ba5395bb7d166dbcfe70f629a66a1aa6ad3c5a1cf6f72880feba8f6c92b310838dc9696d5fd3a84bdbf030d06de2ca769","ssdeep":"1536:xCn1elkRjrEaNKEFqVSeLtUL4cDEB6p1G9i632n1l2UJBXDZ:x2w/UFqpY4Gql21cUfTZ","tlshash":"d873027903e7f8325f883f883f22efdc4a460a99b8704e121a7454d76d9e8139e7c466","first_seen":"2026-07-16T14:45:27.747328Z","last_seen":"2026-07-17T09:29:35.804711Z","times_seen":2,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000098.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.262Z","timestamp":1784280529262,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000098.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"5064-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ffuLUNts5MHlM7UxZaKuN9MZcHlaFbIbhxIgUNvCwo%2B0qLGkTKdDbBQMkumgVpmgc69TWLQ%2Fax2WYZqw9U6IDpWQm0l22GX7H1S2qd4%2FkrYT5iGbDD%2FV1EHeB300AKs%3D\"}]}\r\ncf-ray: a1c837fbeae2b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20580\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20580,"size_decoded":22158,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1c5145962997b70fd3fe6efc10bc4a10","sha1":"3cd13016c390806623992744bab30fc02af060f4","sha256":"0b06e2164d120e676843bc32d730ebe6238abb1c95af4c5212bd948684995e17","sha512":"283bad899c76904f747ab35c31fb4e464ae6379e2c3df12ff72c4d6d047472fd30d78d09168fa362d25299521b11bca92d9ace749bc0f87bb41001a1a25a12b2","ssdeep":"384:4sdNB1hXSisRw9jBkQ3JE0AJMY8yWCNFrJAqFZukf9WawNXm2j/mITzWPVgfv:Np1hiisS9jBkQ5Epvd+Lkf9zwdm2hTzb","tlshash":"ea92d08df953ad6b3198ced6c2c26a600f1634220d46343bc5b79baad065cfab38651c","first_seen":"2026-07-16T14:45:27.734057Z","last_seen":"2026-07-17T09:29:35.805757Z","times_seen":2,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":194,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000027.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.835Z","timestamp":1784280526835,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000027.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"121c2-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nczLdoOqKqhUUGPmJ%2Bwt%2FgPVQUvGeO25okxgIUfV9zTMKtMN5YQjFNeU9dSBmlHCDGYIBAQa1q8NKrziihwWUdsO4z3QUdBWijgyiOg0iLDWde7VsLSOD4Rjcm5Vvzs%3D\"}]}\r\ncf-ray: a1c837ecba4cb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 74178\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":74178,"size_decoded":75753,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b10e90b97c60dd9042386f8e78685855","sha1":"09babea7e1404e828663849a9ef7429084ec81ba","sha256":"4b20281c21bf4e7d003756779bef36f5f8a2a67687b48a031799f481ab097c16","sha512":"a7e203585ccc6d837661b7f53ec812d494113ea665bbc03e56bf442dc0c3b6ca4fe3a6c53fe11f920be062ca094d8132c96b4a78649b860821a823812a70f971","ssdeep":"1536:x5mR+ECVirZzejDBHU+bEZPtBAOg833oAUzBq/xjJrl:x5mR+EYirZzeHS+oZVfgdAVRJh","tlshash":"ea73125591f875c88d7c04cb9676c467d45c48edda76c38b2be30af7251c3862be6388","first_seen":"2026-07-16T14:45:27.699732Z","last_seen":"2026-07-17T09:29:35.807119Z","times_seen":2,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":286,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000052.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.756Z","timestamp":1784280527756,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000052.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"fc56-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bhXb4kwy%2FSN4CUT35fZc95Q51xlS88vz800uPc5Tk3hnvfny29yie%2FnsFAem0YdGHiy5hAGOs18BjDk0ymO4r5obGHHVmCpoIqauMgGnRBmK2lZCuGbrKQzj1RyDgDU%3D\"}]}\r\ncf-ray: a1c837f27a8db51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 64598\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":64598,"size_decoded":66172,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8c706b9b045772d829923e7affd294e7","sha1":"72d9999bfa8f6198892e0eb146fea25050529095","sha256":"e531528702a9fa0701fa25f6f123a7c3e37ff4ab0f9c2e9b5bcc7984af3b6fd5","sha512":"3f3dc5754d1a0f69ee4332ade2f0bc1e95d1e946e3aeccced517e39ed681accfcdf7966354d221c1823f44463a3b95fd1c7c0691721938d5cea97aa91085b1da","ssdeep":"1536:e7s4YnsE6KfYac+/eXLj/+rTDiKkzfnAaedk515wx:ysrsE67JHMkzfSs1c","tlshash":"2d53023024c17325c72f659fe5d42bc4b8e6db8c0529da8f8c1167912de4e3b2b916be","first_seen":"2026-07-16T14:45:27.602354Z","last_seen":"2026-07-17T09:29:35.808386Z","times_seen":2,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000058.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.929Z","timestamp":1784280527929,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000058.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10664-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5l9NzvMhaAo880L%2FGJiAXhzESdwpBvOo4hUCn1IDuCPj9%2B%2BBCCzvXHC1%2FnDRv5Mjm5FCeMAGnZkS4ZssfIV2EwrW0JeF8A27yuna66mR2HgVb3I2yMyf%2BX%2BX8GcZdNA%3D\"}]}\r\ncf-ray: a1c837f38a95b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 67172\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":67172,"size_decoded":68755,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0486ec14602ebc62e020a928f1282503","sha1":"d82f263200d6f52f43a2a1d618602ac4ae5c699f","sha256":"bca53b0f350a0ea9c92c1aec31323c712d626e870d11c47ed9e474c5c6512f1c","sha512":"3ea8b71d0b77985778d8c3554dba293f627821775603657638aa1dab67882b33ba08abb2c7562257a1fc7e17687e562a0955551615e1e6ad98b7ed7e311cde7d","ssdeep":"1536:kalKECbp9MXEdEDFLgYPYDALsZUJA1LAH1Nhq/r:Hl1CbpZdtYgDXeMr","tlshash":"1063027527381961980d98e3f7450c6bbecc0ac895eb50bdefa851e8f29cb05cbc86d5","first_seen":"2026-07-16T14:45:27.670703Z","last_seen":"2026-07-17T09:29:35.809336Z","times_seen":2,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000108.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.630Z","timestamp":1784280529630,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000108.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4ab8-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GH8spWhnxW5CB5KCeO%2B8OkEzEbEFNZ4nRakh43ttzJHxM1b7Da047uAXcETIm4xePk%2BJwgoLhd5pXbEu6s7L3zZNy3DuQ3kyB1Lei%2BOAc7gSyAGBuGOI%2FuQ6XbsiYJ0%3D\"}]}\r\ncf-ray: a1c837fe3af4b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19128\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19128,"size_decoded":20706,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1cca8547bf66e4d628cd20ab246f4f53","sha1":"81cf56b0fda08bbbdb08b4a4e0d95df4f4dec0e7","sha256":"74ecb19aa920303b1170901f42c45ee011fedcbb0744db7fb2a49e7146a4882f","sha512":"944d340ccffd791b2c59a4db220e95bb7b73455b8f0515bc483259c0c639bc49a7bfecf21ad64f15b0e64cb6e70c575ef840ec39f0d528391c3dd477742da4ff","ssdeep":"384:OAzxI9w5sdSxGPQsHBiU5TAKIyCahuPTHQXyr2AmTlkqr:Hzxd/GPjHLWKIybswITuFr","tlshash":"1282d184018433ba57317581a74c9f39f0a376e3a98a7c1c29bcd950e061fae7b57d0a","first_seen":"2026-07-17T09:29:35.810373Z","last_seen":"2026-07-17T09:29:35.810373Z","times_seen":1,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000116.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.799Z","timestamp":1784280529799,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000116.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"509a-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r71OIAl%2F5180SzImdMpHwBFLyL8EKVwd%2BVdLMWmWT6ODVHzOsXySZv6xZd1VJJYPNabUc9nEdU2Xq8ObqiZH70XXkHzTDgOdVFMGIijXae2eM9gkdAW5Mzq4i4EkxX8%3D\"}]}\r\ncf-ray: a1c837ff3b05b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20634\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20634,"size_decoded":22208,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0a729f766a03b60c7c8bf26d260fba56","sha1":"d064252e19f2b5f664b585a4307c29227b05ae6f","sha256":"e3a060ebbe5372417dce4c7fb84402bc8735dd768d2d6bd56468135c75946813","sha512":"013d5280b79289f8698440775df96e7a6271abfe9e95dc92fdf013979e0a33ab5896206d44c6dc6909c02731e06127864d9b046077092591dfeeebd95e4194d5","ssdeep":"384:WyXPWEcX+OTvGgy3b6it/tHQXQqvfwgf3VnJd0gZkCMK/zU+rImG7FAkBQ:WyXPWEcj+gC6ilWJ4gf3VjTZLQmiAkW","tlshash":"5592e1891e9c597f189c3db60516702098b784de5e2ebcb4fd1015f2333d97a912afc9","first_seen":"2026-07-17T09:29:35.811636Z","last_seen":"2026-07-17T09:29:35.811636Z","times_seen":1,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":212,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000054.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.919Z","timestamp":1784280527919,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000054.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"1039e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XencIGObRLIXXJbIuQp0y90H3UmZ9IuHxkGzqAp5Kejn6%2BNRu5Qsgve80Jo5rSFTq7EfVQjyTfTB1aN7JJUSW7lpG1lvNpbqkCwmvRPH8aubyrS4dKBPPUglrvDC%2FZ4%3D\"}]}\r\ncf-ray: a1c837f37a91b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 66462\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66462,"size_decoded":68037,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"342c013d46552baeedc7fe482375f0b8","sha1":"3aec586cc4b025152e965e2221ca8f04f5967319","sha256":"ae8eb7d9ab98c1a5fe7252e63f5f000dce1664114de34a97fc51b8e07fddef3e","sha512":"0b549d56eacc45049cf8f384768dc817db9005fb6c4070eae66529ff08f56a9dbfb619d50094e7512482886c3255c00420372e82618ac72e5d4fc84c9eb21978","ssdeep":"1536:SgWTHr58kmMhXtEyrzb+i/CHVhzMxAr0FTSMSdOYX0Xos/lANd091:SgWTNT9vEK/+jV5MuAFQJm9lANd0D","tlshash":"9e5302c84232d291bd42df08b542b4a509ab60ad3d0d2c9355f3aed1d1d78d6dfb8a7c","first_seen":"2026-07-16T14:45:27.739331Z","last_seen":"2026-07-17T09:29:35.812646Z","times_seen":2,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000068.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.359Z","timestamp":1784280528359,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000068.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"ba9a-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yr09GnUWdC60N6BEF%2F2%2FxfR3BrbF%2FEDiceTqOjMq2l%2BEKJuxi8utAG9PonfLHpGgE0h2GPB%2Fw7mWqwe2VEIYJx3ThpX74PTgNI9XrajNiqCdNj%2BRjZpvYPhsJXw1vD8%3D\"}]}\r\ncf-ray: a1c837f63aa6b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 47770\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":47770,"size_decoded":49352,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"38e014b313c9c8361e5923c99a8888d7","sha1":"37d03e37ac266563ad1f028cebc510dd6129c6ff","sha256":"ac1d2228d485e7536dbf7195fe97c32d012d27043ec7c1d3f73845389c6cbfb8","sha512":"6189a8f8fe861ca4a09c377878b9b673e5f4c276a65070cffc57f547784f6b45c9d1c1e296329b70c10e343a77235d882ff1a3b8c60208aaf300f1caed786cde","ssdeep":"768:17sV5RsWtsl3SYpUsdqOa79bef1mMo0ub+wC53b0PDeO5677EN2apLl2rHr:1sPRBtuzdqfEtm2lbcDf6cHpLKL","tlshash":"f023020e2af385059e25eff2180e7d33442a683b7974bf57ea9011d89766924200fef3","first_seen":"2026-07-16T14:45:27.592931Z","last_seen":"2026-07-17T09:29:35.81355Z","times_seen":2,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/08_1.webp?w=320\u0026h=192","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.669Z","timestamp":1784280525669,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/08_1.webp?w=320\u0026h=192 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"f51d685c06a0c79fe3b3d9f9fe6ca657\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 6dbd8f38-891c-4fa6-bbf3-00207c666269\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Fo%2Bw24oZOaQhCG2fD%2FwiHs9mfchQWyz36oGqkW64ywb1xzXxhnTp7BQvOmzzK%2FsAH6s7ZRZWJaGr3MXJ8VpI%2BrK6VB1q8%2BOTPMed8MaA%2Fad77rQwjviqJah211UOrvmO9PQ%3D\"}]}\r\ncf-ray: a1c837e57a0eb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 52328\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52328,"size_decoded":53653,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f51d685c06a0c79fe3b3d9f9fe6ca657","sha1":"25767f7b189a43fd031a2381876b3260e166f1a5","sha256":"181a779b36d36df974ec59b948fe0d4dd8a25d67a34b73c76b2f66372ccf9c85","sha512":"a3aabd760f90636d2e54a64b0a65e5f24233972d8aaf9c1ca4492787d02cec0562ea5f9a203dc4e6e06946691b591650a8e1c69bc3747d04859326135c6d749d","ssdeep":"1536:LBf/MOUB9caP/d2Tmbg6LhHEb8BtTzwFKn8Xn0JpjPq:x/MOUBn1RbgWFEUXwsywq","tlshash":"9e3302211749633aa1b56efd7ec36b171c33644277ae13b290a0cd2bd7d8481f83ea59","first_seen":"2026-07-16T14:45:27.655844Z","last_seen":"2026-07-17T09:29:35.739768Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/10_1.webp?w=320\u0026h=192","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.674Z","timestamp":1784280525674,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/10_1.webp?w=320\u0026h=192 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"f02b92807e8a29660343c405fb4c09a2\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 63e7eba3-8b26-453a-8f14-bb4803f210e9\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9aNMfAl5ilLFQMoOM%2FL%2BgVKQkU%2B8c0lgYSLZg49nfMbZmYXYEpMXYwu28S%2FHaPITvkC%2BmC%2FFkxjoRQFh7co2KUizCwA62Si4ii25HpzOlfYOout%2BcQCQImY7oFLHw14eB%2BM%3D\"}]}\r\ncf-ray: a1c837e57a0fb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 85100\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":85100,"size_decoded":86427,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f02b92807e8a29660343c405fb4c09a2","sha1":"a8cd711e9da450c3b51d13d6332ce9114f4fb8ed","sha256":"493a1338c17a2b7a145db7df7ed5d726ca43f2e986bf440fb44e64196f2966fd","sha512":"2e3782679f89e5cc06f0112b2ea70a21404c3185ab0b29baf1d4e8c73172df19ca480ca5ceb1958d42c0aa01d3536e1739bbc5e01e153af31cb84172ef80708c","ssdeep":"1536:ucQ3Z8jDjaJVB2tjxu6fysoc/pU7+mRzZSU0KunHVsqiERI3ID:MsPaVAj0KysocBU7+mv2sqjRI","tlshash":"918302a8e4124e236d735d9350fc6ffb20b8c6e14566f58a6adb8b90f0d8404d8527ee","first_seen":"2026-07-16T14:45:27.589795Z","last_seen":"2026-07-17T09:29:35.81462Z","times_seen":2,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0u7ffi487zws_.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.479Z","timestamp":1784280524479,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0u7ffi487zws_.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"238a5-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67448\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DNvrbGwlhN4%2F%2F%2Bv3iE%2FcuESNBtlcM6TVobrUPLmpjqrkjRjbL2smdk2%2FRxeslQ%2B6a74UWCH6iFwuWlS8egmizB3NO90bcHDwOXJVo8lnH1JTdFW4pmr5U6uqEhz9H6g%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837ddf9a8b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":145573,"size_decoded":41015,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b300eae5f7fe0248006153ed98be0c1a","sha1":"e020773e7e684c2d0c75cb57aac67bcc6d1530e3","sha256":"07c6d91cad14844a1b1ef571de67a8459b7f87a43cc139992b6d0482b5646d7b","sha512":"5eb5392dc1a10c80b02ac767f0e064a6f55397dc63fa44c807f383c76bbcb35db784a43cc63a6ac0c9e007dec4d694b030244e450fe1485b4dd31b1ba89bc4fe","ssdeep":"3072:7Z8jNAotoZM+HCHne5OutD/PsGcPkRRK0rtXUSB:7Z8jNAoeZNHse5OuZ/PsGcsRntXUSB","tlshash":"18e3e6f935d1f482076b40aac03f0006f22d4d77189e6860e3e5ddda756465de2b3faa","first_seen":"2026-07-16T14:45:27.729069Z","last_seen":"2026-07-17T09:29:35.81565Z","times_seen":2,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0tjmie.-0gnbk.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.483Z","timestamp":1784280524483,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0tjmie.-0gnbk.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"d55f-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67448\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r5ypz0SWoJgDeAKpkz4W0UMelEiwZhDAGuETs5tUKQYldnaPd89CptDBbaYuproWSw2sMg38nSj9yWgztjc1JU6WE6S8Q2W0ZPEJ5fw9AbZY0HSXfxzpvKhzxorroQw%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837de09abb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":54623,"size_decoded":14559,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (54621), with no line terminators","md5":"91ca71003ad0a5b6cd53816dde90c3bb","sha1":"73c33fd7083a82a8fb95f3cdf7300190cb18ba12","sha256":"81cfe4a7e4126bb13c0033e8aca4c7cc6b84b21b2c94972f4325648f5bc700c8","sha512":"0f38dc64ad7d034b6642d564a814a297b76c1eb9322a4c9e7a083db6aed5a2f9a7c5292dedaf523ea2c83ea5d8996d254b77aaf8631a013f5e17173fba265d4e","ssdeep":"768:HaWstOoD4AYqD9ghnFXHCDFZaoqKctrlV:HhJbAyPKeJV","tlshash":"6533c8b57295faa302db91d9d0370012f2780c71309d24b4b394d8af799dd8992fbf6a","first_seen":"2026-07-16T14:45:27.659384Z","last_seen":"2026-07-17T09:29:35.816644Z","times_seen":2,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/06_1.webp?w=256\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.916Z","timestamp":1784280524916,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/06_1.webp?w=256\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"0f673ad874e598bc3fee91e58bc2b9e2\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: ea881f97-1cdf-4130-aaff-91566231b23a\r\nexpires: Thu, 23 Jul 2026 14:44:37 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3Bo4LzbFEtJjhCvdof0FiT%2Bycb9jtULergUsCSXl5SvsG7vCdP%2FS8hO4l3lNafXG8BweetOAmocC8HyWUZ%2FXP1TLCa9SbCExH1g7Y%2F9XirHK7IMQUS5cle59Axn8IGuwd6w%3D\"}]}\r\ncf-ray: a1c837e0b9d5b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 95820\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95820,"size_decoded":97139,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0f673ad874e598bc3fee91e58bc2b9e2","sha1":"0ee074bd9ce1e9603097b5680fa889b7f049578f","sha256":"9a3052b1dd8165dd15984cee6b0dc3789201719ffbd62e9ae1b1b516a72c71ea","sha512":"327f9e9f816e3192b42dc5196fb9824ee950121c0605c49bfc06e4946713fd243432f01ed1a5abca2a95140a1a278c0e095f0e5086506c41a0c86bc277021f9c","ssdeep":"1536:x2+3U9LGY7lzFZLtJDy6otMDSFs7D9xyY4vSrwD5MInAO3F8aK2330ASsV3Q5u6D:c+3U9LThZpRotM2F8xxyrlvd3EAdWjC2","tlshash":"569302bd4380af3775f63782c5b61dc2b70c264cfafa40481a7f6996f41628b1ad6478","first_seen":"2026-07-16T14:45:27.674838Z","last_seen":"2026-07-17T09:29:35.784296Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000044.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.537Z","timestamp":1784280527537,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000044.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10cf2-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6POsi%2FsWP7e7re%2BfMsBGFMpvbjMksWkTMq7lPKRGWGrlN84ofOnOXOyfymCbgijHiHwhMxtm87erzOYWlWhYT9vuNvX5BJl%2BAO15ebUJ0rto6JlkS3LrS40L9BrDuvc%3D\"}]}\r\ncf-ray: a1c837f11a77b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 68850\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68850,"size_decoded":70427,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"680fca7aebb39f3d2dc902bbc7cff796","sha1":"3bce66ad33e3431906b55250938b44a6fa2baa13","sha256":"a041e38052f17a81321781e79bc11e2e5096fd4bc5373386ba37e399ee3559c6","sha512":"43dccd10abd83d69bfefdfd201acc82935120c494bd56759132bb4caa19d694977246a6d112cd3396c157b79dd4f5e854af9e18652f714534683cd0302c5ccab","ssdeep":"1536:wCapvjCVlNCzRXSouKmYQmAOD0VoVtufrBt8bpiTow5:z0vjtz1/QmmoVtujr8bpikw5","tlshash":"d56301ed14621883c396e945700e90f0b3d821e73115fae9a28daf96e0b57d11fb78e8","first_seen":"2026-07-16T14:45:27.663799Z","last_seen":"2026-07-17T09:29:35.817621Z","times_seen":2,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":168,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000061.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.003Z","timestamp":1784280528003,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000061.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"b586-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bMKVn6rhCDNuLje1lCsBwbaMe7iTNVrpBW63jua%2BeXQ7JRa1MIRxXr21l0k5ba%2FcUMLeaULjBSrzjG2eEePyDunq%2BEg6hosHL%2B06kvQPmjS00v4CLXr64hn9vXjeR6M%3D\"}]}\r\ncf-ray: a1c837f40a98b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 46470\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46470,"size_decoded":48048,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5b7aba016dabece2c43cfcb581c67874","sha1":"abd2619a76aa05620e7caaaf2d16259d8ef59407","sha256":"5c2887cafe60fdf2cccdb285f7c0ddc69d858f820f75212d0ccc9cba7237a22c","sha512":"72b52c9b4ad79a04bbd887f3428e2aac65e6477583c329beb7f198e30125b7e1b4542be70ce08e4b114324032ceaab05e76e642e6a825780162fc309f3224fa1","ssdeep":"768:7sKLmEtkxUri1t/YF7NgTc/Vouafer5wQ4afpLrAdX+ufp33xHkHuT08gQQsdpa/:LqN1tQF7NgTcyuawwQ4OLrAdvft3xM2+","tlshash":"ca2302408ae6054726e250e56ad09accfc679cec267fb0317e6f1f97a18f36cc1d0969","first_seen":"2026-07-16T14:45:27.631072Z","last_seen":"2026-07-17T09:29:35.818734Z","times_seen":2,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000120.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.893Z","timestamp":1784280529893,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000120.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"5114-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iJ97rFG80nxnWpA%2FcP4Fja1e3N94rJHrUPKGYXM7t4XhIUMH6hoDFoPRNKzUeesxne%2B1NO%2FfnamybaRUm9qnKpx2onUZ2hvubfIr8093v0KFZelH7O3w5a0aD5xWBUI%3D\"}]}\r\ncf-ray: a1c837ffdb0db51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20756\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20756,"size_decoded":22332,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"871494c1008e7f91321428302f45c249","sha1":"2b985bd0943653768598926b8fc0594ba78a2564","sha256":"c327fe16c93bdec0937fb667244729d458a36db8bf1a6246d3a41a97eb927323","sha512":"b3db621161729c0834ab5f6069401b7dfaf0a4864e4b7a14d52d3dfd7b7c4cd6c75400cac88c8b1ebe738991ac3527ef2c199fa0f3c5feafd208c46f0abde033","ssdeep":"384:qMwE1N6N8Kh0BX5GZSijY7oeTHaAz3ykjZ/9gbD2Y8I9QarmHGdnNdnfiuSqCp6k:qMHY+KC95jIbA7ykj3gb+I9btNop6ie8","tlshash":"1c92e0333b16a648f8a519a37d6fda2211b3502828137112ed5efd2b454c0977b1fd3a","first_seen":"2026-07-17T09:29:35.819711Z","last_seen":"2026-07-17T09:29:35.819711Z","times_seen":1,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000133.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:50.254Z","timestamp":1784280530254,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /sequence/frame_000133.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-19T00:20:37.747196Z","times_seen":17351892,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence-cards/6.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.020Z","timestamp":1784280525020,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence-cards/6.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4dbe-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iuO8AHo%2FjnFLRCl87EtW3z0kARseTwOgw5u3Y8Sj2qdVEn9n%2FrpaZNJJv8eYU9dZF5VfIaO83iiGrnf1v2L4IlHThRQ2chjpFPjVf8i0bL0Te8rJPI24zpsPUcYDnAc%3D\"}]}\r\ncf-ray: a1c837e169e1b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19902\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19902,"size_decoded":21476,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c8cd0aa4ba0688d63b81b9520517ae5e","sha1":"2fa48b9387a850091a7137ff46671a9fd2a93f71","sha256":"dd80741ba43f702910c9dbc41d315fa6bc4b9a58d0b6000d0cc9e26506a5d45e","sha512":"2cce51316fb74c6dbc9514e64cb4d36a9c7149642b1db691e1e78f71d3526aa0597089b1e28fb9bd07e0d16eb430cf7791848582af284c5be293d17f1a5eb50b","ssdeep":"384:7CS/F9dWrIMD6JVK+VeTT+kpEOa+IKZ9Mpwt2ubU3/Gin994HK:uS/FirIn4+ATTtpf9swt2l3/Gin96q","tlshash":"7192e0da933c0c6867024aedf43e4979580624ec3c536025883de76d9712b6b08a4e73","first_seen":"2026-07-16T14:45:27.717288Z","last_seen":"2026-07-17T09:29:35.820762Z","times_seen":2,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000043.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.533Z","timestamp":1784280527533,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000043.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10f0a-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xHZE0z9sbxqMuy%2FPg1FV3V%2F3Z4%2FNCmupDCuryCuD13LMRDxFIy2vwP7NqIsrH%2FTTT0VpVJpV4KI32Egr77WVl%2FaXF%2FWLNcd6HWWPGmNJ9wRdKYF9%2FlVorPx%2BA9mnI6E%3D\"}]}\r\ncf-ray: a1c837f11a76b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 69386\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":69386,"size_decoded":70973,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0ea9c6d582d53d6fd2280ee9707fbb08","sha1":"ee76075cb9983cd54fc4305fc29d81051880e982","sha256":"ffcab5f96f3a543fdbfe5abdb3cd9ad284bc55f0ddc6ac378e2965e8f2c5cf47","sha512":"e566f6b734331a7a16e43290d1c3c36d1f460a0218afa9d679c51fa3efc87a8b3d478416cc0a7dc9f9fe8cbecac6dcb99b81a2564e14bd6e4297787b0ee483ea","ssdeep":"1536:qqDDtAGgoOSJKlX5+8rrcJiXaOG8fuy6+w/1RAxZOB:/DJAGvKoIQea5tykRA+","tlshash":"016302309d875aad3cfd9b36474a917e901bbc5c2658e332ed3afbc28a251543a027d0","first_seen":"2026-07-16T14:45:27.591973Z","last_seen":"2026-07-17T09:29:35.821823Z","times_seen":2,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000085.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.794Z","timestamp":1784280528794,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000085.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"9ee6-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xB4DYaj6aHrVaAWDh%2Fs8TmduyTHX0nP9iYfQZxlN%2FYXjJVsL9KYvulgb%2Bk1HORoFxUqnh2iziSk3wLH5bHG0ilzeIXQBrN%2BwTx8vqynj7JK%2FJZmrzU0nrzxAAiDHfJk%3D\"}]}\r\ncf-ray: a1c837f8fac3b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 40678\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40678,"size_decoded":42258,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5703fbb9c3bdae9544d7312221c63cc3","sha1":"cced147b10f89feb1d787c38c79e798e2a9f8b3d","sha256":"5cbdbf73b0812fccf3db19eed091347e821442cac653674b3768c5a41256f236","sha512":"217782cc87d9ecb145a2d3bd5f6a266a786dab890690d365d2c2dccbb5d474cbc6992212ac42c4455d83a7b96ec537c9102e863dcc21dd6a9e6b56591a24a91f","ssdeep":"768:ltnuaylnRbwL9LuYlFW21Cfegvgacy7+JnTYEl83L9zVGWMOPmSHhMV87M:7nuaylR69LuYu/WgvggsYV3L3MXEhl7M","tlshash":"4c03f13c765a1aa3830125315b97ccf025344a3e9da9dc05aabeb7fc3bc4215e62c65f","first_seen":"2026-07-16T14:45:27.740579Z","last_seen":"2026-07-17T09:29:35.822741Z","times_seen":2,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":187,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/media/1b99372b3eaef0c8-s.p.0gx2haw2tmll8.woff2","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.827Z","timestamp":1784280524827,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/media/1b99372b3eaef0c8-s.p.0gx2haw2tmll8.woff2 HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: font/woff2\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"7de4-19f5e9438c0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67448\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cleH2v0BVozBsa0n%2BA0dBeS2Q%2B9kRfhTyZOY4hP93DknDO6BcUXXtdIqU434bE0UBDTSzJNIjdVEkdwBc4u0Zzy7uyMnZpd0CVbkvWfjDpJFarW5G%2BOB0AZONXqH6XY%3D\"}]}\r\ncf-ray: a1c837e029c6b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 32228\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":32228,"size_decoded":33833,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32228, version 1.0","md5":"98ccc2b7f18991a5126a91ac56fbb1fc","sha1":"bdba243e0fe78adbaf198d9e11224ca054a4242b","sha256":"92684e4acde79ef07758cd09380b7e01e9824d8b061eddeda046f78c166d7b12","sha512":"ebbb35a8458c42ed3b751c9e586bcfbda49136b7973c8600a316faf3077e4ece030bb9a75f37b9f28771cc01c6aa50faf53768461345e216781eae5deda3a12b","ssdeep":"768:WP4gMxh4F6MRbOI/odAG4x1/y7Ox8ViCE4EqbDwrx80B:WP4gMkF7og+exrv4fEn","tlshash":"1ce2f11807a214b9bd5ab1395f21665eefc054b2b275730893007fc5fe670a86bc42f5","first_seen":"2025-09-11T10:22:24.746592Z","last_seen":"2026-07-18T23:50:43.288207Z","times_seen":4268,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000073.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.367Z","timestamp":1784280528367,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000073.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a8ce-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eUV8sLpygGY7yey9w5eW%2Fn8mcEx%2BTDhV%2BrmQY0djIW3Q2NSKZwpG85TV%2FXnFrQL0gVsLSzVSmx1DrC2sKwEYLPJsnP3yRCg0nMxqkREDnW5%2BFFZBvwPMFbu63PzdS%2BY%3D\"}]}\r\ncf-ray: a1c837f64aacb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 43214\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43214,"size_decoded":44796,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d94fc7a4690255f8f1711ddae1874a06","sha1":"66adc6f4b4c35b9bda6fa272f5e835751ca43796","sha256":"00985093c6bb91eb00402f525793922b0ea68c39606073afa170f9ceb79683de","sha512":"dfe92fd7a9dbc291d66353c2b1c124cee3dcabe7d8ab65a2604139e4b0ce467061cde9c9649a1e3bc77ea4df00de4f046530a662838d6d85d51c590c7ff9bbdb","ssdeep":"768:4CMMsVDi6MS72lWlTG3bjkyv3J8A0o/LAs7eeC6a3S7t0uu:NMX26MS6wTGrjzfjzl7HKfZ","tlshash":"5e13f1d4e302c1b5d14da7f5e293de3d2e85acc479b44aae78a2da471281fc5e2c52c2","first_seen":"2026-07-16T14:45:27.676915Z","last_seen":"2026-07-17T09:29:35.82369Z","times_seen":2,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":271,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000125.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.902Z","timestamp":1784280529902,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000125.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"50da-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E%2B31JZ3qwCrT3bvvoP9wxAjkSYHyY%2FrwPIIyG1zxUpjDJ6HhM3VfuJUkp4pp3ptRe2NKQiJ2BkvzA1mIxfpuYQXZVXMjCU7%2Fxcq6WCx8KL0Wn06ZvCgdHx1CSrc0Xi8%3D\"}]}\r\ncf-ray: a1c837ffeb12b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20698\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20698,"size_decoded":22274,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"40d0a305350eea8dc44d4f14a9ccf99d","sha1":"54a3e16f81c1a22d7b7f0ad422c2a749f1071ec9","sha256":"77095b0cda532bb4161c6896b7d46d69a8fe5721a03ad4b9c52b42c34f29e684","sha512":"486b87c446b300c2a6339d231c6bfa3cefcc8e0d75e324e59604583bff8d75479dce465645a2eab4c4fef28149e3fef94772a94190d41f1b72d751f2182be2a6","ssdeep":"384:uM7f450RbWh13euo9LGDgRBdl4Uae675mOvCEMh658IVH+zOt:7f456i1uuo9LNRBkf75mp5hNIVHiu","tlshash":"5792d16b1a1e0a3fb45ee7b6e75202047a901d9e1915627c76ebd58c25fc7fc0cc01ab","first_seen":"2026-07-17T09:29:35.824517Z","last_seen":"2026-07-17T09:29:35.824517Z","times_seen":1,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/04_1.webp","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.815Z","timestamp":1784280524815,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/04_1.webp HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"ea21f58fc40f227fb2d2f00793c1370d\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: a1451dc4-6230-46d6-a476-4fe94f221244\r\nexpires: Mon, 20 Jul 2026 15:32:17 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 323787\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8UvC4tcVn4A1CzpvTLPv%2BXr8Xfy99ACN8MGBdWwT8slTFkMbE6a4%2FQz8WwQscIAALfJfrA11pZ%2Bd7NHHg%2FrEl42%2F%2FYoIrHSrRAMso%2FNManRshNGE5OLcBYxoxWhalaGr1zQ%3D\"}]}\r\ncf-ray: a1c837e019bfb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 57402\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57402,"size_decoded":58728,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ea21f58fc40f227fb2d2f00793c1370d","sha1":"ef24185de1f8197aea03d359526787a93a7b579c","sha256":"c2c2bec10d66df7fa43ee930791ee31d1e48191a74b1b94970e23e585ff02f68","sha512":"90c5fa9d6025c691cd424cd83bd898304539255624d620df4232e583db41be6c8924e746e3b72efcebff825f5b551163434387480bcef5a604cfb86bcbd12a2e","ssdeep":"1536:2vJFp9oBwqpC3687UbAhcB+Vf1urGGzJry+dUFTDdChmD:SJFMCaC368a+9UrGuxGTDdCwD","tlshash":"ce43025173cfa017bc758a0a0379c1cc8e85e5054d817e626c3dad90b1a85f69bb7b78","first_seen":"2026-07-16T14:45:27.61126Z","last_seen":"2026-07-17T09:29:35.783018Z","times_seen":2,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000009.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.614Z","timestamp":1784280525614,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000009.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10152-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wv2SmN4ZHXw666Z414X9ykwkRAy4n3o6%2Bgynn9VJT2RwJXrQIfP4B1A2cZ6Y1JJBngrXyvxk2lLTNGocv1%2BAWlZ%2B8sT89gnHjCMdhMxyXNa2I9h8EGIsjHAIVgANXWM%3D\"}]}\r\ncf-ray: a1c837e51a01b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65874\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65874,"size_decoded":67451,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5eeba1076033840241d15667e2be3c76","sha1":"a83b0b7eaaf6e75d0ecc8d029357216c3c09af46","sha256":"fc23a2d3dcbe4a2c35a12bd271a7fabbffb464f10574334f66b524f495c05aab","sha512":"1de29c6de1c68556a2bcede4286ef24ad8524e798677147626aee232984855ff6435ef572377f83333daedf0efa5ebffc2916dc3718be8bf2d421c7e11725e26","ssdeep":"1536:5e+QmHmVYpY6cYRalEfNwRGojRmuJhUP4oZU9AzatE:5pQ+pY0RalECRGUmCwZFV","tlshash":"1d53016387c83e3a5554c87d4157105c8fe98dd82e191e87e2338b1a7c84b928bed5bb","first_seen":"2026-07-16T14:45:27.600508Z","last_seen":"2026-07-17T09:29:35.825451Z","times_seen":2,"resource_available":false,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":379,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000014.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.008Z","timestamp":1784280526008,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000014.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10872-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GUP5BRTQXZaNGyD5S%2Fc52pfqsGUun1PO37Wk6Tug6IF3r8JlzbeoHhZ4cLgbIQYqOHC2OcS9KFlfB2juemJwo1DxHLF9oZGo8bq9JPCqX%2BRMCnwQcQakfKSvlZpICbk%3D\"}]}\r\ncf-ray: a1c837e79a19b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 67698\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67698,"size_decoded":69273,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fcca78a0a58bd848dc137a6a475710db","sha1":"cef8fa31cb46832eb38139191cf88534d4892a34","sha256":"fc4ea753d02567ac6e4bacd6b2848738de93bb1ef9f838c46c0d8519bba21b3e","sha512":"ba1fdc3cce6e66b296a082414c555af3e0182fc426cb9dd352aca991e86f40380ebbf4d88fecb089642c8cfe7d5495104ada12e2425d1ed9e0e36f3a49638106","ssdeep":"1536:Vy8MmY15hhW+Mvjqs9tUtZGlhgrTAVeHnOiR2PB73I+QPRItBUF:Vy89o69t+GGAcHOiR2PVIJRmeF","tlshash":"0e63f1e18d4752cfcf43b11b4a319a78ae1b5764cf7f6b91aa04e8a0b0a31f1c147697","first_seen":"2026-07-16T14:45:27.705446Z","last_seen":"2026-07-17T09:29:35.826431Z","times_seen":2,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":310,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000034.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.120Z","timestamp":1784280527120,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000034.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"11e2e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BpzIWNrGnl3Qitmf43x%2BavcwqJFHq%2BQ%2F54HsGyo0LSxPhRH7V5pTCuKVeUa%2Ft%2F%2BSi6waQAx5tn4vuK491q4J0Hwngl3l3lNdIHF5shZ7ehTQGs9Z9bRg%2FWaF7bRCsAA%3D\"}]}\r\ncf-ray: a1c837ee8a57b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 73262\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73262,"size_decoded":74849,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"84e06d655702e12d808ee2190729a6d2","sha1":"8cb856a8c074d6b826be8f46868fdf6b8a687971","sha256":"a8e986538056e2c83abacfc8577755eb3b376a9ec3f36395386dfd5feb24dcea","sha512":"c17c148a5fbe29046a8a5489046c1e1d4dfa92f2eb0f85afef5d7bb9ca50a3545f617838db754ecc2cf50785993973e2d72781e43fbf34c0794aaf85eec01022","ssdeep":"1536:S7XNT9XYBTloa4NAZTF1w9V9Um7goMpd233rZ3:6oBTuAZTWT3nMvkl","tlshash":"8863024eb766b9cf6bd150c26a6c5f1d23f1970d3300d8608ae87b7c82b9f890b59245","first_seen":"2026-07-16T14:45:27.662724Z","last_seen":"2026-07-17T09:29:35.82745Z","times_seen":2,"resource_available":false,"data":null}},"time_used":281,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":232,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000049.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.646Z","timestamp":1784280527646,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000049.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10332-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q9s8joB9x8QKLI%2BtFLpwEsUw56ofRrsMgSnu5kFnPoryUbftDPLZwh7R3HcwMj21yOaW%2BTfGgv8LhvqZrlpEw5Uu4owALU1VHp5WilMIxryxphP8opwnieF8%2Fq9AWHE%3D\"}]}\r\ncf-ray: a1c837f1ca88b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 66354\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66354,"size_decoded":67931,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bb8ee8ec59ea4e7026bdbd5241655fb0","sha1":"058bb07f7059f363736855f0c79b18b480e37d37","sha256":"18e9ce96d921ec3efa76a61be6fef04bb29228d9394bb15f1a37c3c658051ff1","sha512":"d1c6763e7746346fdfcaab180c1ee252988850ca1b2128edb193442a841e657361501928076d4d9dddfa04650758692848d7772f38b8e200cbcf1762684ac91d","ssdeep":"1536:WjbYxphxX7spyXT25mMmTMT9tpnU0A0rooLStU3qLuiz:WjbeXwph7PpnUZ0rHSiqLuiz","tlshash":"7853027fdf9998217f223e9f105a304271302c50ba7599d27a2d513eb3d942b360f4e9","first_seen":"2026-07-16T14:45:27.708444Z","last_seen":"2026-07-17T09:29:35.828396Z","times_seen":2,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":83,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000095.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.965Z","timestamp":1784280528965,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000095.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"511a-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FhRrFL%2BOQNzZE1RTpjb0hOs8xfB%2BFEZXpp0JWv1H05jjHIbeGYTOR3L0%2Bka3K7yazd9XYPWVLx6wEduAL1ewqCAX8Kvv0f8Cj6BPUAk18dXl4znln8cdYH0%2Fpjg1BPM%3D\"}]}\r\ncf-ray: a1c837fa0ad2b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20762\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20762,"size_decoded":22340,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"688e1126a6b8dbfa10ebd265bcb3835e","sha1":"63f62a60fa6fa5e41deb94b3671e04fc6a7b5297","sha256":"90fc286b0dbc70dbeb180422770a4123fa15e0cbcf90693a2a3384ee0e6de7ff","sha512":"8e8a4a609be889c28ec380f13ecccd48752c31e299b4a720d35ed768497af78b739cee43f7389b7b718981460f0582f13592db0c32e097b1e8eaa89cdb86e548","ssdeep":"384:LyOo+yQwHEW+ioemKuq+ZeI9gccSAoI1kwUdz7dgg3EiDXiwhLmGB9amHjlQ:Bo+dTioem3ZUzxUdnSgEOieLmGzaEm","tlshash":"8492e12bdf707c1bf53e3c8055915634a2ca73722e517f6d656ea87c480209a4a328fe","first_seen":"2026-07-16T14:45:27.604259Z","last_seen":"2026-07-17T09:29:35.829433Z","times_seen":2,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":239,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/05_1.webp?w=256\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.915Z","timestamp":1784280524915,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/05_1.webp?w=256\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"6dea2c3024d92d46c4b800ba250f4655\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 7c907a2f-a91b-4f65-b9c4-2d36b5a2f43c\r\nexpires: Thu, 23 Jul 2026 14:44:37 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tXye9BSIQkV94ZhT%2BSGFszSJxPFpBJwIKhDMkzFWp7ghgJqM3kBcq93Onk%2FIqCghczgocly3JZxYBRwXcmMLrAcvOHAe4bqhKHBHxdeY4hbTiMlR38ovY1e26mM%2Fje8mTS0%3D\"}]}\r\ncf-ray: a1c837e0b9d4b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 64222\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64222,"size_decoded":65539,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6dea2c3024d92d46c4b800ba250f4655","sha1":"d442c5d36be683637d90b20653c17d43c2f5de0c","sha256":"3c01660962b0a2d8d307aeada9c74d7d6dc53ef03af6d01d98190c2db1c5dbff","sha512":"53913360b84bed701edaf1529d4afdfca660799696abd103211cd66b3ae13f9070f81e545a4c2d9697889f0fb2cf1de8221f25a9494e0c9cb412901bf2a82974","ssdeep":"1536:5Nkn7y3Ay/r3dr8+Rw+sibgxc3mwaOBPWL20QQqbCG:Lk7y3j/DOyw+XbdWw/W60ZO","tlshash":"6653025daa82fb17148e7d6e4cc52e127422b2331950a73a8bedd1ed60282dbd0c15ff","first_seen":"2026-07-16T14:45:27.61026Z","last_seen":"2026-07-17T09:29:35.801857Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/10_1.webp?w=256\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.920Z","timestamp":1784280524920,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/10_1.webp?w=256\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"f02b92807e8a29660343c405fb4c09a2\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: ef17e36e-f304-427d-8641-6894cb2dfdc4\r\nexpires: Thu, 23 Jul 2026 14:44:37 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R4cEAZsYGyw78lKEISujyj%2B%2Bce%2FWeeENMsX6y9D1AH8Dvi3sSPv6YKxxzboe0LpKt%2FRmlW7G74pi%2BoV9eDgEDas%2FM4Cyazm%2BUHz4axWciibuAKr11b0QPiyQxZ%2B16Fktxxg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a1c837e0c9d9b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 85100\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":85100,"size_decoded":86427,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f02b92807e8a29660343c405fb4c09a2","sha1":"a8cd711e9da450c3b51d13d6332ce9114f4fb8ed","sha256":"493a1338c17a2b7a145db7df7ed5d726ca43f2e986bf440fb44e64196f2966fd","sha512":"2e3782679f89e5cc06f0112b2ea70a21404c3185ab0b29baf1d4e8c73172df19ca480ca5ceb1958d42c0aa01d3536e1739bbc5e01e153af31cb84172ef80708c","ssdeep":"1536:ucQ3Z8jDjaJVB2tjxu6fysoc/pU7+mRzZSU0KunHVsqiERI3ID:MsPaVAj0KysocBU7+mv2sqjRI","tlshash":"918302a8e4124e236d735d9350fc6ffb20b8c6e14566f58a6adb8b90f0d8404d8527ee","first_seen":"2026-07-16T14:45:27.589795Z","last_seen":"2026-07-17T09:29:35.81462Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000031.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.998Z","timestamp":1784280526998,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000031.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"12562-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IVkm41TTyXoRXITZxu1t1ggkdzlK1yiWXyhNv28%2FIHI%2BPX%2BJJ%2FLcESiUfgaBdOu6IqF%2BC%2BV7op2Z2MUMYDrQW0bsRW0iTni2KkCpeBhbOq7UZprFJz1Onl6X0YKyexU%3D\"}]}\r\ncf-ray: a1c837edba52b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 75106\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":75106,"size_decoded":76689,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2ca1fa033f0367d7964bce3d99592dd1","sha1":"7b7849f713b34cd2a7b2a9bfc0f657c9354f5e3e","sha256":"544c21af70a7a1c93d857441fb152f3231dca236f55c92742f0d3f6989c3ee4c","sha512":"abf61290c68a2e38aafb6091458040f7832e6cbebffccbcef59c4fc9cb8ecca8cee4c5c97e4375d5f07148662f8ceb7de0e561259e721156f7952bac03e81ffc","ssdeep":"1536:z5pycNkFWrRNxBvbKgi2zqlyr0yAaY+FfL5ldvDwOvzinah:rvrLOasyfQsLDdvDwOv9","tlshash":"9d73023e06735a00a1145c588976b890f8990c715ce53c84dbf9ae4bbe8bfd2b4fad47","first_seen":"2026-07-16T14:45:27.646133Z","last_seen":"2026-07-17T09:29:35.830422Z","times_seen":2,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":264,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/video/05_1.mp4","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:29:00.574Z","timestamp":1784280540574,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/video/05_1.mp4 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:29:00 GMT\r\ncontent-type: video/mp4\r\nserver-timing: cfExtPri\r\netag: \"55481e1996c7b4b3d4eb45276dca7c3b\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:23 GMT\r\nx-amz-meta-content-type: video/mp4\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: abfd3c4a-60c7-40fb-8fb9-3d5f1619cb1d\r\nexpires: Thu, 23 Jul 2026 14:28:03 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nage: 68456\r\ncontent-range: bytes 0-990815/990816\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a9t0cKv3q%2BkszkxlfOj%2FCmwObfHRrbqdOnXC6p9mbfwc%2BcBt1RqgjuHUnHN2Rk3khtVEIiydtVl6TBMiE0bvCFGkU42cOQiDvaGvoL6klt9DsaT1y%2BWzViGB70PAvuFOJEo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1c838429ef5b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 990816\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":990816,"size_decoded":992153,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"55481e1996c7b4b3d4eb45276dca7c3b","sha1":"a24fc904acd5856ad09b9718ce46f943e67fde9b","sha256":"23a6594b81d55ef92206c8ae5c5cbb26c01c75cc7e277ba7673114df61236531","sha512":"697c504cd51dadbd159c83836380298842ce76e90a83ab6908f04de0913f3863ae25e58f1dc02fa1457599888584f4674a0daf95b93a09599160c758b137490e","ssdeep":"24576:xTPNd9fjIfoOwMxIdRx8HtX/nFEZRxXhp22DVjJfR6/kr:xTPRM/wMOHx8NfF43hpPNJcW","tlshash":"4e2533ce31098218ec4a663d6bd86bb501e5cc5df9d52721470e8cbead08ed42ef49b7","first_seen":"2026-07-17T09:29:35.831421Z","last_seen":"2026-07-17T09:29:35.831421Z","times_seen":1,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/052.883c7lu2m.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.475Z","timestamp":1784280524475,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/052.883c7lu2m.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"5d80-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67448\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mH7t%2FY3tO1xValC%2FN0BH1Of9987W3pKhus3P7IH2EW7eX4JMhu32wxAxpcPpB1xqH2PbpFrppxtyAzV1lgWy6GCc2AInmFra9oENhN8xhuOD95rZ0YJoNrEQvvNO%2BWc%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1c837ddf9a5b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23936,"size_decoded":9664,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (20503)","md5":"431eda43c48f2e73d5820d728419d4a3","sha1":"6a2d0abd8f6f5b16dc686117a1e5fa2c961fa2b6","sha256":"2840abc629213d60b35d824f329e5099dfe304a735d932ac4209c5421ece5dd3","sha512":"bd754869120e9654b584ef52e7c6042c661e906b50b849b0eded47974b0abeb2a2a0ef6479bb302386cae5ff2f78dd6fbbc760903fccd8ba5a4549fa4bfc6bc4","ssdeep":"384:o4Yg7tBgdBfIkdFXSjkdzm3CT2eNbL2GhEQ0IIT7N:ovg7cdBQGFijKm3CbNbL2iID","tlshash":"b1b218a8b195f4521ba360a4507f500bf2382876286dd0b0b3e6d8f1b9f01aed537f9d","first_seen":"2026-07-16T14:45:27.723113Z","last_seen":"2026-07-17T09:29:35.832528Z","times_seen":2,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000041.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.426Z","timestamp":1784280527426,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000041.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"1177e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4ugV3ikfRTvSbS9%2BsvIlXH0mruZWyEXDUtbyYaVMMHuXkxuESnaTybEZTlQDNemv29MeaY4dp20OlViJXAcRayn8CyVQGHWWFuMtXSogAZPDEZG13thNDPjUbaz7qfo%3D\"}]}\r\ncf-ray: a1c837f06a68b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 71550\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":71550,"size_decoded":73123,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8256f3e323f0d2fd0a2b5509c9c33319","sha1":"eaeb638c4ee03bcddc7c2477309e211c071f51ca","sha256":"a39de97a1d4612202b69f4038c04ab12ca356c9f1aed91c3e3cc7bf2e853b686","sha512":"ece34e2dc7df0c8f64cff9fabb09a7a92a828cbcccb464fc832170efea6005bda33ae593af76d1cc0ebc9ea0bc8bec0b376e153c39b9cf370f1c9ce246e9710a","ssdeep":"1536:TGjEUmOwrq+WQjLKNCYr5U3yu7K41yqS3DwnmqAvfPlTp21r:6r4q+PjGd5uZK3RTVXKr","tlshash":"da6312e7c6c88f4fc987abe5ccd07a99098447a8a267cf5e01e5166d5c21133cc626ea","first_seen":"2026-07-16T14:45:27.752391Z","last_seen":"2026-07-17T09:29:35.833518Z","times_seen":2,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000082.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.677Z","timestamp":1784280528677,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000082.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a1f4-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fMLaGoBCL%2BuQYgjhHTBPw%2FhL9IHRpkPCtRu27q9XCS79cvMCYyQiAG1aP%2BWy8lee3XIUwcgK8WxKiDDdQZclbqBdWqjUnPle9xyCumvn%2FZ7zO0fkXFGTTqfTNgvEEI8%3D\"}]}\r\ncf-ray: a1c837f83abbb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 41460\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41460,"size_decoded":43038,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ff388714196389f1df11dad1cfc1792b","sha1":"a7efb53382882a8065444a99b55e3b7a1bf42315","sha256":"0e33884147685d4ebfe188d8dd89a68c8b838fab992baedaa2d866016b92c3c3","sha512":"d081d55951add4ac592b49a2389ed31ff57f1e3ca89cde5e8cf0a1052b5730a493c755e2c300ef0b613b6a947f0dc0cec45b9a880bb754bf915dc9797787cdd1","ssdeep":"768:Fj5QrTS63K8v8SAUeKn2Z7F8iGDhLCwPKWeo4TIAFfcvKBCjhNtWvzhb:FKiPZUeKS7yDhu2Klo4LFfcvK0Wvz9","tlshash":"6213f1f3c25ea5d4d4b662f33cc18940f8b70579926acf867eb21029db6660270636c6","first_seen":"2026-07-16T14:45:27.727084Z","last_seen":"2026-07-17T09:29:35.834382Z","times_seen":2,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000087.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.949Z","timestamp":1784280528949,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000087.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"9a48-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rRzQd7%2BzgB60DyMCBIIB7B5LFQVJD1NZGmF91SJ7UZtBGF%2BJIN7Jd3GE%2FPOJK8WXrxwF5uEIlhZLdhZ5hdM8p%2BBWYTLwf1aUk2YtEd7IDw6KqaI23yfrOUaAs1vfp7I%3D\"}]}\r\ncf-ray: a1c837f9fac8b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 39496\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39496,"size_decoded":41074,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"729a79c7323d70ce6445cae7b4047a0c","sha1":"928a7db0a01fbe3aac264611872a48c7a90093fb","sha256":"707ffb19c046d4afc50bb506ac4802be0770f5ea981fff40908833d26dbee553","sha512":"842a7f22159dd4fe6a55156c8b2df18139a9b41993e6043cd3524d46f8b78f4870055dace446212edfed25af16d16a6571e18ca316f6f569302fd68661ecaeb2","ssdeep":"768:LdCuRZzJZ8iqWE25DYdbr0iHAmcwCbzYLvwtdahCzzt8KHXmsgm:hCCJJDYtjHAnwAzkvwn7Z8KJ","tlshash":"df03f15ee21d6317e0639fb03faba053a41f1443f26a6e53d5b126b7522405dd8bce32","first_seen":"2026-07-16T14:45:27.596546Z","last_seen":"2026-07-17T09:29:35.835366Z","times_seen":2,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000080.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.564Z","timestamp":1784280528564,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000080.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a07a-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BOhYiXtaAyaS4rA7c%2BuBb1KxlXqxBVMhvXPFlPieaPSGgJEvR7T4kDGuyYutILPkk%2Be4UoelrgdccOIlZAttMrHEHGwsaXQ2j2Nb4l0h1MmH7PGAesxRDdOV0b%2FVVcE%3D\"}]}\r\ncf-ray: a1c837f78ab7b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 41082\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":41082,"size_decoded":42660,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a01fa25a6c7545f4ac28340dbe2e958","sha1":"9636e71c7e552bf17510044fa91a6fab68804f81","sha256":"93c17b525e68dad60bd494063d8f29ff749ed91f744a665c00efdf0ba37b10dc","sha512":"8b619f60fb1d666c3647af1b3ee4fc3fe2e1edcbd0bd0b823617f039de5e292eeab6777369fde1f690e1b3666f346d8cfac27aae01d5f391c9c4b7d35005c29f","ssdeep":"768:s0o7HeGFAqt8K4rRKhb6uddQd67DcXaBkWSdB9rttRUwZy96wg9OFk:1dqtsshHdmd6/BBkLdBhGSwg9OFk","tlshash":"f50302e8c2e6b165d44c267750743ab3f543ec20af8720153a561d26769e9ec38eca8d","first_seen":"2026-07-16T14:45:27.664892Z","last_seen":"2026-07-17T09:29:35.836364Z","times_seen":2,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":172,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/turbopack-0ifxka.-w4f_-.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.480Z","timestamp":1784280524480,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/turbopack-0ifxka.-w4f_-.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"2954-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67448\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MR1RGp9F8YsNCa5DsIq%2B3jyQO%2FrbBi1k6mffM4fsO%2BNutVDMH7xB%2Blz%2FlidnAKWsjncRcp%2FJO49Gu12t35VEhKgfKfwZkBAiobG0nDyqrsd%2FlpjNFidatjbf8m%2FL8w4%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837de09a9b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10580,"size_decoded":5825,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10580), with no line terminators","md5":"407eb7795c47a4989d367f573109f532","sha1":"7b9af44ada94a14ef979b6599481e576f52df555","sha256":"4f09e72dfa328906d63c4dbaec2adfe8ad48cd6b8254f8fd6e45de872c1979bc","sha512":"aa7bdd13a44b95d449e714560aa9bb6853795d2aed785c818dc6eda10cf3da4dd00f30d07a6f467f605730f3e31fa317ab06d0cd5e2b4bbc44aae7441f2fbf97","ssdeep":"192:KH4gM9BC83EsgdLUEohxOpldETN/8N3sBT4fCTKcXX6PpH2:KH4gM9tNoplq01sqCTT7","tlshash":"e622c7da37a6f07343af90ebd06f4004f17984a9145d541cd3aca8eb2c394aa85e7f76","first_seen":"2026-07-16T14:45:27.616502Z","last_seen":"2026-07-17T09:29:35.837303Z","times_seen":2,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0q2jphz8e79uk.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.839Z","timestamp":1784280524839,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0q2jphz8e79uk.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"4672-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e3SCOJpyGfdkwFwKZMywAVbfMxV3CVj3RYay9ACyDFxXwP9fGSZ%2BTGH6NJKsbGi65RrW3i1fLsNGX3TNzSxu%2FOZFpiUULD7HdKB5RTJbtaUQHhuxBLe3TUnhNwUcRMU%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837e039cbb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18034,"size_decoded":7763,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (18034), with no line terminators","md5":"21409bda9eb842c230082d90cfc9074f","sha1":"f2eeb4f24ff5666a9905119df129db07d50a5c2d","sha256":"579c0f95a3ddf37c94320026a1f9caa75423723d2059b0b51711e87424c51920","sha512":"8234161c6a6a714435cf67e95650311500c0c0a566417ef31e42a038219809a6d15e3fa171dc2036e096a6839b69eca25e167c7d6ee67b909db7653f241cc9c7","ssdeep":"192:e5cnovJKZwEglyzSOJQ3ZRGOhPfGOWZUaRC7pQ+mKER+quAGGBC6oblTocSHhpbM:MKZwEdza3ZRnPacpQvLBAgG","tlshash":"4c82d7c8f0a0e5ec92931194805f5109f2593e1cdc4d942cb3f9acf96ea6c98272bf69","first_seen":"2026-07-16T14:45:27.660432Z","last_seen":"2026-07-17T09:29:35.838241Z","times_seen":2,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/01_1.webp?w=256\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.912Z","timestamp":1784280524912,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/01_1.webp?w=256\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"0cb00374a367475a65d6970587c08836\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: efcc6f0a-52b4-4c10-9782-f85ccc3ec449\r\nexpires: Thu, 23 Jul 2026 14:44:37 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D31qOMpyEBQsdFWtmO0LLN%2BdshDqQmLlYRyJHbJQggf17Lsbv6Y14Nm53XtlhA9cZnIHv%2FeNnY%2BGJJIqRGXdz0oC3f1lP0HyrwQDpamqxVy0UCXXnFH2p9mYpFyaKoELRqQ%3D\"}]}\r\ncf-ray: a1c837e0b9d1b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 48396\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":48396,"size_decoded":49713,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0cb00374a367475a65d6970587c08836","sha1":"07ce244d22fb50dd7f496eca81e74cb2b10a280b","sha256":"a31f1f83cc7e4c39e8a44e4775c06c5c8b7176c8ada8c13c47b0f61bcc473f8f","sha512":"05ab1d7ef139a42555baa7e3663b06d5d27cfa5b5f4f995aac8d2c5abca03cfa83ec05e2da2b5446e3e51dfee474e0d645d9d3f05d7c41085f5cd37ccbed2ef4","ssdeep":"768:VpmcqCXpj3PeLNU8a4lJNSvIT2Ir6nRyMuK861GFTAh1rB6zsrMH9Fr:Hm1A3PeL4sJB2u6nRyCZAy0zfr","tlshash":"f123f18c3cfbb7aa3db40ce5c095e5cd48767a23138959158c7a9c1c57920e1ee84eb5","first_seen":"2026-07-16T14:45:27.681236Z","last_seen":"2026-07-17T09:29:35.707834Z","times_seen":2,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence-cards/1.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.017Z","timestamp":1784280525017,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence-cards/1.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4d9c-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zd8vN3X3OrEBVL%2BlTxVAenjODQZzECQe2DdD8noeKcN7ADJWGoo91Z9YIy8v74oFyZhtm5A4E1ShZm%2F0DeNvnF8vUX7JU3Arnryu9is8wnwnGh4giyczobG%2FCJD3AAA%3D\"}]}\r\ncf-ray: a1c837e159deb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19868\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19868,"size_decoded":21444,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"fcc83f1ca70e20b9358dd2ac4fd0f71a","sha1":"3f88ec9d2332a9f54264ae04ea26232bbb7b5d07","sha256":"b27443e2c3a4887f68aa776ca48057c6ff5e9b4550757643143885709a7a4a8a","sha512":"50f077ddeb449e2398ba5923488e2c3456a685c64da6dcc0b9be5f9beaabf2fcf50ea4b717be5455de56cf03abb34246342354deeecee602dfc85e7778fdb990","ssdeep":"384:TChh0pbAOcrSsPyMeaJislV4ecg5KEarb+K5u7dLjaaewGetu8HO/:TcuK+syM3isF4ZO7dLjaaewGetuZ/","tlshash":"7d92d1e966f22943fcaddf0dbfa5124b7d6b10b05b10b42d4e42ce51ea5c899c64780d","first_seen":"2026-07-16T14:45:27.606494Z","last_seen":"2026-07-17T09:29:35.839154Z","times_seen":2,"resource_available":false,"data":null}},"time_used":295,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":293,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000093.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.961Z","timestamp":1784280528961,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000093.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"88fc-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SxoR0am%2FVs6FaKWx8pcRW6y81C4hGhEKVheqVkDr3%2FoJu8YC5gF3ifUYpwGxHwcftPL3jxJPEA2Q6bWiQttrG%2F9jbUEjkDQZ4%2F2BTSl6LqNiskSwBwY1i72hfnuxWak%3D\"}]}\r\ncf-ray: a1c837fa0ad0b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 35068\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":35068,"size_decoded":36646,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fb229bbd890657f4b7051bf512018a75","sha1":"29cdba1033907f2e09d38f0ed7a974cfdae79f4a","sha256":"e7d796f622bcd8a95eed68ea93e13026d099cbb739434f677aa14f401c5f8e7b","sha512":"0b60dff5ad4fdf51612fd18f121b2e20bad8c57c7044cf71025ea74df3b048c4c52b5c39383c2ee5fbe655260cc05c0e9af0181f2dbff577dbf3ebeec81add11","ssdeep":"768:Hk5hEquQuuJZ/db4RxVJpuBCH9i+2uhdttQvHX/hmuMJ:Hk5XSMv4puBCfhQv3Jmuq","tlshash":"7cf2f13d09f1a3aee182b372410a17922f6a09e0d61f9a25d3dbfc058e4b3c4d55bc72","first_seen":"2026-07-16T14:45:27.710392Z","last_seen":"2026-07-17T09:29:35.840142Z","times_seen":2,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000026.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.833Z","timestamp":1784280526833,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000026.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"125a6-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BX5k7uhgTRqc3KLx%2B%2BcKdBuH%2BBeeFcOKax9qFn6%2FFZ2URS4ctSEf4lapLVXpMgvZECbZit1O9%2BC7ds67QIOoilYPfeUbzXeWXxa4aO%2B%2BaVrcwt36qN0vxKrBq6%2B3iio%3D\"}]}\r\ncf-ray: a1c837ecba4bb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 75174\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75174,"size_decoded":76761,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"acf4d44e52eeae62cae57f6a8b653006","sha1":"28d81e3ecf4f0fd3ffb91f102e42dc679fb80b8e","sha256":"0127297216a9679d494249c76539390048d574cca36ef47369554e9b07a8fad5","sha512":"3cf454ce1aaa072ea07cdacff27c4ed22e6ee3281099e1474bc5c1d910a7f6fa4d383ca66f9384ec1068e226c8423e4ab17c52e77edc5952e50a71e93b386efe","ssdeep":"1536:eVQQFptGy9p7ENhFd5bdUpR/pqj/JU/z06xxgMfN5qCgKsvZ1qs88HfW:e/ptzf7ETFdnUpR/pkhUL0dMeKsHHe","tlshash":"187312786d8f3d92b03684adb3b270ddb4e99170d8042993b73889bcf1f41664f8d65a","first_seen":"2026-07-16T14:45:27.737476Z","last_seen":"2026-07-17T09:29:35.841304Z","times_seen":2,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000096.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.106Z","timestamp":1784280529106,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000096.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4f82-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CkHfD%2BysYuxFzjNzcC8ioMFGUTKQoQhwW6UTYw4LRwmPh9qXJz4Qat%2FQ4VS%2FMGJ%2B30SsiW2T%2B%2FNfqpuc4HTr42KyHZDN%2Fu3fg8yFuZpdvGSzBK5tgxc6JosPp1jx30o%3D\"}]}\r\ncf-ray: a1c837faeadbb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20354\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20354,"size_decoded":21938,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2c8e56215f23076583fbdb8351380e45","sha1":"87be2fd81a9cbfc236c0e8355a9ce6eedb633fa5","sha256":"ef4a6b584ae55897a9ecc8e2a3405b54d23dc7586ed44a25610fb2247aa1c137","sha512":"12829718dd7e1344344076067670aebfd70eb458a1c22c6776dc869f36d459ec5a46b173a6da6a79be13792ecf55d0d679d0fcc46aa93dfe04e97ce12e9a0a56","ssdeep":"384:1R9yyUkzF4MJsoY7iEWwRfzp9bx/Gcgx9UZXBMCLlahLb7BjgthvuPnviQqP0z+o:1vKkzqMSoY7iEXRPbxOcGUZxlUHBkuPt","tlshash":"d292e13e94359864d427b667cb80ee3d4761ca9830a3834ac7234f751d1b7ea9223e79","first_seen":"2026-07-16T14:45:27.749531Z","last_seen":"2026-07-17T09:29:35.84227Z","times_seen":2,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":183,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/07_1.webp","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.820Z","timestamp":1784280524820,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/07_1.webp HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"d321cd1d708dd84823cd9a34783bbf6a\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: dc943da1-41a3-4f24-bd78-a6e1f4e89ba0\r\nexpires: Fri, 17 Jul 2026 14:09:28 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 587956\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tO5RJGQ7x06vhvPEGT5LgM%2FOm0mLVf3gM6KwQxw8FLnlrXnCw0pPPiQCx6u%2FktlGlRjm0JD2Va%2BYScAjs7iAn0MIy3maebIXaPV%2Fu6Z8CqB6WK6HVHrxZm6Elz6ttvWGgrU%3D\"}]}\r\ncf-ray: a1c837e019c2b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 54788\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54788,"size_decoded":56108,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d321cd1d708dd84823cd9a34783bbf6a","sha1":"d97d0bd410fe3031ff30cc1cf8f7f596141234af","sha256":"3a8b31e00d7c8a9ac6b677ee563945801df523dcb9c1a30073c94c896d6d726c","sha512":"8bb1a9d8e0a112de72e0dd7241bd969e33187e74fa39c913c7aed49a5e79a6f610ab0c99f76b3c55858eb85ed8e1550a01759bb98b248edb590134d0bed0b7e6","ssdeep":"1536:jLGQfyeDiNK2JvBgtqRoHvtFL8cai61/v/4:/OuadjgCcWn/4","tlshash":"2933029fca712f419c42b36e9cefce9e39b75e1e7e65d1c42d56c6804e462c6a2600c3","first_seen":"2026-07-16T14:45:27.63419Z","last_seen":"2026-07-17T09:29:35.843203Z","times_seen":2,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000004.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.607Z","timestamp":1784280525607,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000004.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"fd0e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xxn%2BYxyCcatBY2eNblWWryG2yo4O9bQZzDVrR%2FI1aXcAGvlBUzNNYfbZWBM2zHJY7eYDQ%2Fo0KBgmgS%2Fh%2BWTGkk2v0AzZfa1q6CneQkwDaWVSM8TD%2BfgwWVA%2BezuoSl8%3D\"}]}\r\ncf-ray: a1c837e509fcb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 64782\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":64782,"size_decoded":66366,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e3d4b705cd532115c42e7411d091ffd5","sha1":"ce0a8303ca9bbbf45b1e5c9ab44a977358977eab","sha256":"69436643e9efa4b9c7e24b99b529f8e6a936dc329faf3944a2b2294cdfdea597","sha512":"3a624705c2333971087c318f51d29ed753cbf971a170f700e46280283fb98c7d0e7abe572f034522e4dbe60814304917ce13517083a817daab61e12d629e9807","ssdeep":"1536:UjhTQpA8JnA+0ozyvGW3LJMcIvr+w/EViY/eUWqfo8PW:UdTQp/nA+LmvTbJQELGUWqfhW","tlshash":"c95302934bf89533a0dbf2ba2c620b141bdf2454be59ecc31a371919e571bb865c68cc","first_seen":"2026-07-16T14:45:27.696546Z","last_seen":"2026-07-17T09:29:35.844348Z","times_seen":2,"resource_available":false,"data":null}},"time_used":469,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":410,"receive":59,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000074.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.437Z","timestamp":1784280528437,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000074.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a3e8-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8w23sdyFax26lIWINiBcusSM%2B3awsJh8WbkNBteSEPbyxk8g49Sd9WAczB5BWDet75XzsCdOwifa5U7HpOZNWvj9DRdr3vYDxVZ0mry7gtlRyb1EnD%2BQWK26N1giHK4%3D\"}]}\r\ncf-ray: a1c837f6baafb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 41960\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41960,"size_decoded":43534,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f0e9cc8f47b30011bca13d3339632b2f","sha1":"9c2033852c5395aac91cb3d6e98f80a32fb95bd7","sha256":"539b9945efea8f1c5e741f62249ecd02c760814876f9b40eb7d5e502c9575c23","sha512":"2387b18a4226c07c71078d3a76e52355171a29c997fc282d69509d9163217af7d8bd22eff20a187fc2dd10e6ea18811fe3f6fcfc071165e4cc66847df8015d5f","ssdeep":"768:JeQooGy1wJHtxg0mdSCqd0HJTTnICgLV6R9QUvXp6lc58SZxgSQSRs99C:JeQbGyWJtxg0OSC00HI6R9QIX4lwZnQQ","tlshash":"ee13f12fc760954bf5a61fbc2e8103cad5c3da8591c6815bec218ed6abd631ce8d841e","first_seen":"2026-07-16T14:45:27.609366Z","last_seen":"2026-07-17T09:29:35.845372Z","times_seen":2,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":264,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000091.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.959Z","timestamp":1784280528959,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000091.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"9874-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EF3lnj0XQAxctyjQhnS9kbgpU1ZFifl5Mc0i8W6AsyGYGnFvZdH6OAwBsCdrsOBdnSBHi33J9mu86akkHTJ5fMzH%2BwAIYkNNviy3kbYevd0kR1P8mqff0Bpom1WTZSE%3D\"}]}\r\ncf-ray: a1c837f9facdb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 39028\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39028,"size_decoded":40600,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0f3349b5fdc0ca522050a0cd5fc4a535","sha1":"b8bcea9d22a7846671ac2eca48c24309d8ac51e3","sha256":"8be4654a7699a71e5c45263b6cba8e356f96a97888b408ef0023232d446ee49a","sha512":"e893457365ad158cf42c8176aeaa24c677cf46f01d32b73ca1f5bc696b6691df6902b5d81fa1bfaf4fa7a264fc2ed0c8fbf37199f533e46d8e684886bde2bfe5","ssdeep":"768:9E4xUkhhoyZrrPWRzX9fXgbUZbRPsdh4z5VyZF1oux4XRoM4jPtsN1lB:9zzJn0D9fXZhY+z5oZFCuxkRr4jtq","tlshash":"f60302e689275416d20fc07b3875404de34ac5b1caa7d9758bede0a9c3e6307786b9c8","first_seen":"2026-07-16T14:45:27.665934Z","last_seen":"2026-07-17T09:29:35.84652Z","times_seen":2,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000100.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.409Z","timestamp":1784280529409,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000100.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4bae-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EAqLXtIRUF7sxEaWwGfVCUD4u%2FcVK5qRK9p%2BuKNeWSbWF%2BixwD5Q7oFMbDerSySIDSLj5sWlsm2hmZMhmX4ULunUZVHkV%2BYxMpmTjIj0b3EWGxcvvoQlgWQMfC94jf8%3D\"}]}\r\ncf-ray: a1c837fccae9b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19374\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19374,"size_decoded":20952,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c84e3a6bc15ca05250acb8b743bfbd80","sha1":"fd0409e509fb10475fb468c2b917957952bab0bd","sha256":"9f563c5b627914a24847a3c5bc72250fb807b464ba348598295cee953d6b36e8","sha512":"70efd96e73f1c31e27cd32d6bef9745613c39be2240d202269d23049a5035ebdd57b1b063f0422c8602daf21c17493f276b3956fa72f6bb05715c63c2433c33f","ssdeep":"384:CSKDVuWHGdjBr+E7vxaHuwv4FOs3kNipz+rkU0XSa1yQuqFfK:CRFgXVaHuwvLs3/6x6SBVqFS","tlshash":"4f92e172cc0f7630ead9b5342a4f193fcdc495a9d94621a8cf7d43873e330a4169a91e","first_seen":"2026-07-16T14:45:27.677929Z","last_seen":"2026-07-17T09:29:35.847977Z","times_seen":2,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000102.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.415Z","timestamp":1784280529415,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000102.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4c90-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pB5CZcEbYR3HJWdpOpMplyssu%2FpkAxNw4T09PXbr26Bw6w3w9NGl3v2RTpjpcfeN64T6M8zTVOXqTjaA7LOV7dgBStvILB2gjLc1BgKPfpGP1KQERhxP33SZYSCPCiM%3D\"}]}\r\ncf-ray: a1c837fcdaebb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19600\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19600,"size_decoded":21172,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"940361be98e26602d9a2e8fabdef3254","sha1":"543fe7669ea754e111eeae623dbdd3256ea070f1","sha256":"6a2db8567030e31b731f9c26c3c11bc5d33803fa20a6f0f5bba7069ed6c0c116","sha512":"ddfffe9d948414f7b05b034a07a8700f432a220fd0f6da1a05f1c38bc0a476c6c7a6c3df28c6c69b0c014b9148fa6a563efd05af3a7c968096aef922f7727477","ssdeep":"384:jDiM1KJMdEOA1XeGY+EXd2HN6GavtsSynmnA3ZV79vv0og809YP:iM1KmsxhEN4mxom8Lxq8DP","tlshash":"2992d1e12e65bf71eafd2853f8c615eab507826800d00275e82dd598cf0c734e5dabd5","first_seen":"2026-07-16T14:45:27.652556Z","last_seen":"2026-07-17T09:29:35.849096Z","times_seen":2,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000130.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:50.161Z","timestamp":1784280530161,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000130.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"510e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QAn5XQwBouyeLVoP7uWISRLYZZbIjr%2FxXZu7khAxf19tk3z5uJRMYnUUT1s6m1y6f%2F7LLwlviYdJ1on3KLzwy4uniynqOwhWSh1QOE552I2Kdu9IZQoqRfERjjwa0u8%3D\"}]}\r\ncf-ray: a1c838018b25b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20750\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20750,"size_decoded":22324,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"eda5e5eef649579db942e120b9e76a09","sha1":"322dbcbe49946a128b3960f6c451f742dd662492","sha256":"8d3dad56611ffa1d725f5a6c175501335a3fd7e4370b499c31a6f85445671fb2","sha512":"4fd83b859bfc7c88cf4c1af9c39ae4714395fa2a0c3ef9f26d972a8e9e301fbc29d993a4f2aaa1bb11a51c4d574ef73030635328306b47587473b49eec499961","ssdeep":"384:jQuZrTHPrrVUs8s+TZFYn5f4CuAxAa5NLZFJVxj1pI4ZyGxjBLgGmvCo4XRoK2w7:jLlDus8s+jYn5TuuXbRjZnxj5RoK2w4g","tlshash":"7692d15f645e3c34d6fa279c4ab8d8276bea4ceb39004458528bbe164c10de8f7300db","first_seen":"2026-07-17T09:29:35.850329Z","last_seen":"2026-07-17T09:29:35.850329Z","times_seen":1,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/video.mp4","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.795Z","timestamp":1784280524795,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /video.mp4 HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: video/mp4\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\nage: 0\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"62b5af-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncontent-range: bytes 0-6469038/6469039\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dg2COJaJF7PmtTuqHInml4pa2DP1rjRw%2F4q%2B8TORDyIZ9TrjoYP0Oeg%2BNRXNpE8OvvVyaWgsTGEiNyCgzRN5MkMGbacXLYINiZKhYLytH21hUj4mEbytiAdoNXRT16k%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1c837dff9bcb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 6469039\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6469039,"size_decoded":6470647,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"507d95df6cac443f5554dd33e29e34e0","sha1":"6e4aa4f58c733dceba8c568670bc587e66c20b13","sha256":"6d05c9546192ed10845102fce05bfba8ae6a7182eab96bfa7d5e29430102374c","sha512":"8fa5df80d55db89c73a37d5ff5deccd564171e6848cda3d9ea0a3ebd2b7ee460025ecde4b438803dc44771d3e638b2128a4367184be81f24a666500f68a592bc","ssdeep":"24576:ei+uuqlrp31uaXxxsWOtP+hpGdxvbkCj14jIhYWwCk7qZ:e9ullrtRX7sdGhp+hbkbIKWt3Z","tlshash":"6b25235ad7d21e86cc1a553184c9077633b2c5a8739b03cf2a8876f9dd8a3bc5d2e1d8","first_seen":"2026-07-16T14:45:27.654809Z","last_seen":"2026-07-17T09:29:35.851697Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1550,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":1259,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/00cn986oeb.h..js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.842Z","timestamp":1784280524842,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/00cn986oeb.h..js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"ae8-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j093W2r79RY%2Fyl0ndo45wcvSIDdNSjxpZRa71JApwTgziSr4bkwBYKN0wshQX0rtpumn7MJydeTzEN8UDs7pHb%2BJyzhsHFo38mrwQ11LVTSGswz4lOCrw9TYp3vCWoc%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837e049cdb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2792,"size_decoded":2760,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2792), with no line terminators","md5":"1eec9ec5cda6c89ac77a42d050acef5c","sha1":"299927bebf85e471ec87f8fce893eb7c5ea4600f","sha256":"f65aee26557dbb5d852ab95e5c1d12f48eca0a303ac07d50ab7df49c0d59bed8","sha512":"92878db8f193a5d92d926cbeb05b356d268ddeca95daf4a1e922e66aed56cad7739e9796306522ace9ccf094064298b4664270c9599e3246fb9fb2301b9f0421","ssdeep":"","tlshash":"51519545e268aeadf92a14cca46e842c610f9e88c24f48b8fcb92d7517515c43a57fcd","first_seen":"2026-07-16T14:45:27.640409Z","last_seen":"2026-07-17T09:29:35.852816Z","times_seen":2,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000011.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.618Z","timestamp":1784280525618,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000011.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"101d4-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9LGMJErsOw254cfa9cFrRZVOPR6K6exlZwSEZl8b5EAe1rHLcl7EByEDrWQzhRjymm%2F0KPKlYCZ19Gbyh5ncpBd0qPgt6AFhCBwh1TzEtbpm1hyzdn1JFP4Sjl8bja0%3D\"}]}\r\ncf-ray: a1c837e51a03b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 66004\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":66004,"size_decoded":67577,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e127f90ab627ead3464d78e3594d13c2","sha1":"981f1792c17b41ee1344bd566ac58aba7176ab5c","sha256":"c78f9e22eff0a7d33263dcd26dc033adceb063bf623604eb4018020bc5c3cc05","sha512":"0192e1a87fb40b56648b85f28a3c60e7ce6d07f891d99c0ab9bf6ff48df4639434e82dfe53659c9af944fa2fcf9ab39845a097350385f1321271eb4552ec6d14","ssdeep":"1536:9AnmkO5p5TwTisqZrplELuT4KXlOTdk0klONdPlrycpye:9AmkEp5TKisfLxKXlOFLtrjwe","tlshash":"a153020a682fb408b18c7b432c80972dd624e7ce4b792241579f5bcafdd64674e1fa39","first_seen":"2026-07-16T14:45:27.718207Z","last_seen":"2026-07-17T09:29:35.853893Z","times_seen":2,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":447,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000064.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.080Z","timestamp":1784280528080,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000064.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"bff4-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WRclUPP8Oy4yRYSKrF2PLR%2B0kdx84ZisIKV2j8efvGxmLva1KlBob2EEuliPfJpsGyTkRv0o%2FlSEyDimITSpFWjix6yO6i7hIB2jkGM9Ufugu8XXyGZKp%2F4PJc5IBnA%3D\"}]}\r\ncf-ray: a1c837f48a9fb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 49140\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49140,"size_decoded":50716,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9365ad9a37fc92d102d9792d2bd04dda","sha1":"17b1e8802c7fc633730ce580f8b270b0983755d2","sha256":"79a8d6ebea2dc1eba9e77b3748f7842e59caf6e1821faca4e361fbd52c29a543","sha512":"b80754027c29eac6a3aa269941aa5a9b1949d426e1b7abf5d490737030efbd5f7e9aacce65b02075ec2a7d1a4d14850301df429b307d18d4a2daa811b45bc726","ssdeep":"768:ER0dsowOXdr4O3yv2616bCSpLA7jzXnjaelJ2mHDn8Lv46Hux+yUkDgSV1nxrYW7:EK6mdr4Cpg6GSe33j/L8rrHuxSkDgSVN","tlshash":"ca23f279866aaaf6b42ccdb205925f106725281281dc5e34c487fddf13cc296b5981ef","first_seen":"2026-07-16T14:45:27.615431Z","last_seen":"2026-07-17T09:29:35.854892Z","times_seen":2,"resource_available":false,"data":null}},"time_used":334,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":288,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/07q469oi5.rsr.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.844Z","timestamp":1784280524844,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/07q469oi5.rsr.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"d2e-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vkDWTiyqXIaijrJfI06Om1zvoKG3ASw4Lg7hp749%2Bc21G8phcBuVURMo8ADtKYwiEH2%2FFzFSSPresxUPAUIIBEoklfot7nsnwwiNZV84Uy1EXe%2Bj%2BakKkIQL2cnHgAM%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837e049ceb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3374,"size_decoded":3011,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (3374), with no line terminators","md5":"1f26f6c3fa3d58675af0e20d79f2f7fd","sha1":"5ab48a1e357e35f57596680039d1316d3fba38c1","sha256":"f6a539600fce2b237f76e84d55d5bf00eff189c5ee62aabd0f66e758db58436b","sha512":"c13380f9ac8be00dcacea37791847ae98ea3fe45472f2d1f8a828e9bd3c240fb60881e07679062e4306960f06fdef86e21fef1a9bd827624e69b597db5de583f","ssdeep":"","tlshash":"7d61028992159a9df52a50d96a6dc20c303f6f48cb6f9c74b57d29741f414d8b6037cc","first_seen":"2026-07-16T14:45:27.59861Z","last_seen":"2026-07-17T09:29:35.855988Z","times_seen":2,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/video/10_1.mp4","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.929Z","timestamp":1784280524929,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/video/10_1.mp4 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: video/mp4\r\nserver-timing: cfExtPri\r\netag: \"460714a35738ded3eb4915819c44e3e6\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:25 GMT\r\nx-amz-meta-content-type: video/mp4\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 587b8864-bf6d-4757-a348-74998947d1b6\r\nexpires: Tue, 21 Jul 2026 15:12:48 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nage: 238556\r\ncontent-range: bytes 0-1090464/1090465\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J0xo0L3Gj0P86ULKsZMoFGKV7oNpvI%2Fb3OBj3G2p3jwvqe2Om6rOB3WotuBIAZkinHhillggLWI%2B8GhIVKwzAVmpOfws9J6NWrurmrhEoIbytqQDX0IplHoJJ0hGU4CuQb0%3D\"}]}\r\ncf-ray: a1c837e0c9dcb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 1090465\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1090465,"size_decoded":1091802,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"6bcb37be0fe686c33f2be796b38d508e","sha1":"2546bc7bdbce098f0ce9db275b71088344d07cbb","sha256":"ca13c5d2b80c6faf8cbeea3bf422c1553d632e57c584023a38ae11e33a0827e0","sha512":"6df0fd6a07be4d981bed1f46934908ebf954a9bf8c885f4432464adfd2bd6568e4fbbf2af49f92ae923d14fdbdce61634c94cc879f023f4ccce33662c9b020a7","ssdeep":"24576:6PNEgGH2rfGUh9NZOcpqqKmdZC9fBXO1yOBY7eQv4gLGir5WWGMLDuJHg:AEpE9h9NZ5D1C9hnOBY7eQLF5WWGnJHg","tlshash":"b42533046e3f8e45edfaf17074c51f97a8b601abe6a727af20c515a0f5a38071e44c2e","first_seen":"2026-07-16T14:45:27.715311Z","last_seen":"2026-07-17T09:29:35.857425Z","times_seen":2,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/03_1.webp?w=320\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.935Z","timestamp":1784280524935,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/03_1.webp?w=320\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"e73dd63ff2a69d3cf2d4dc6c805c2ef4\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 36a38ecf-6e7f-4d3e-b84a-75fa64557397\r\nexpires: Thu, 23 Jul 2026 14:44:37 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=G4HiYP%2Bsb1nIpNTHm3e9%2FOy%2BGf9wZFEid%2Bu1YyyQ79jjrPcYb10uGIKoALvXHAlrOP3il4y%2Bg6To8JdugB8oRRfufAUc2rMIaBqtdTZlkBuIzXAalfQ%2FhFhoGxHAc0RCYK4%3D\"}]}\r\ncf-ray: a1c837e0d9ddb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 81174\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81174,"size_decoded":82497,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e73dd63ff2a69d3cf2d4dc6c805c2ef4","sha1":"9f4cffc880ca4d205e3c55ac454d2551b30229f9","sha256":"d6f0e2d7c033c6d0d308ff3966452996cdbe1ff2a3e8e385aa8660a2ef61c4c8","sha512":"d475292f4b482c985971847d42f79f0bf46a10ca892796db5d212834269136737753cb9890015ada34fd20194975a67d593941f5c24e896cc99e1154d02f0670","ssdeep":"1536:1uZHO1FWaYJadGOCf2JwQ4kpVr02y37r24qfk1lfG6DX3FaQRa:1kua9a4r0wQ4krr02ffIlfTFJa","tlshash":"868302f0f0dcdf3293dd298a95443348ef9942ea444d9e55d94283e5bf02cd7aaa70a8","first_seen":"2026-07-16T14:45:27.618422Z","last_seen":"2026-07-17T09:29:35.779195Z","times_seen":2,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000047.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.544Z","timestamp":1784280527544,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000047.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10b3e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fU3DOWxN1fSFaazSALX%2Ba8WlN1HwnzLTZYB4Y8cdx%2FpsM3ATqJFWuzrtahOxzcaQeSYv7b11LawCeg0DS8ZQUk%2F%2BnofobNlLuiCmcagIw4B4ivYTkEv0uFoM7zrdDxg%3D\"}]}\r\ncf-ray: a1c837f12a7ab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 68414\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68414,"size_decoded":69993,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c7e8509269a35befd68d38bc1c3ea939","sha1":"df6a91893323068b12340c0a57d13da892a840ba","sha256":"291d7e6cf4a50b41502323b4d76d24d378466efeda5bebd736025ec948fa5edf","sha512":"6a2f1cd55f9143d583115ed7b9ff618cc9a76007e7ad8c7f8747cfcd8a3c09a1e7462f047921611c49a34a985862d13db5e5ceb5de82bcfe141fac70af96b8a5","ssdeep":"1536:57U6lPiZpQZCcyvSKKxnGByTvmQKXDwaQmeBJ:5Q6UZpQwX3ByTvmVgmO","tlshash":"ed6302687c4dad6660190c2457f3e01eab0460396e72a5feb35c740bfe594ca075d8fb","first_seen":"2026-07-16T14:45:27.601449Z","last_seen":"2026-07-17T09:29:35.858553Z","times_seen":2,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":175,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence-cards/5.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.019Z","timestamp":1784280525019,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence-cards/5.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4a74-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BCuimEboETN%2Fyq%2BdbFLB5yo17uHBDtcIBIHO1tEmUl4kbnTJy%2BRGmM1KZldLBOErUM8Ut40TiRAz6Q%2BgHttiIYazRYNGCAnLCM5DnWTWtLGLx3VfluRQlN7TMtssFWc%3D\"}]}\r\ncf-ray: a1c837e159e0b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19060\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19060,"size_decoded":20638,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"3a945717fcb1b7758595f3b997071df4","sha1":"9d61adb3832590468338e57b1d1eb48bc92011dd","sha256":"f3c9f7b34434b29bcf7239364fd6b56c6d2b32ff33ea9ebe1a682ae7e21cdfd4","sha512":"cd8176f428e443364b0d0c4aae0190741a07d40335b789de486da79efc37191538f79c7a4c5f93219f25017d07b7f4c50f0ffd24150fef55504c266d5fca1bf3","ssdeep":"384:O3JNyDZre3YeT/PO/grhFOF0m5JlZSaC8B1LRW8iw8+jQdC/bsyWr81Q:AJcDZ63lzPUor0j5JlZrBNRWxw8nAsyK","tlshash":"be82cfbcaefe601159ca61046fc04da0c26a5523b1764ebfb2574a9c9bb38f9742b047","first_seen":"2026-07-16T14:45:27.71624Z","last_seen":"2026-07-17T09:29:35.859537Z","times_seen":2,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000005.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.609Z","timestamp":1784280525609,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000005.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"100ac-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BrqIk3fdZYRHWuEgxCaDxzUiLHs3%2B6WRKd9ZbTLLSVVUDCAIGp%2FXMdiefLUlQfc%2FBs6jEY8WvgcJtUuhHHQRlesLTOtG7x3NytqREq6p%2FKLeXhaWou8w5fB%2FJ9C3EK8%3D\"}]}\r\ncf-ray: a1c837e509fdb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65708\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65708,"size_decoded":67291,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"94fe10fecb0404eabce326485afae622","sha1":"c3e9e875b64e73183992032082a6da31c4e9daf9","sha256":"fe7e550c6bf063eed1223280b58ba43b40318e523481b20fdec3118d8288f071","sha512":"a9b1aa1708f1dcf4283c013a3901b1e9d02865b1492272e8063e7c13b0c8d20d37e80a5caeafbe8ce033500e2f7f26f2d006dfd0772ffb33ba56215c1a0a408a","ssdeep":"1536:iZAdObhqTDwcf9paL9ZQmvUBwPdIAVE0kCrL61E4ib4OZeOqFE:HdObMDwcmB6rBwm49yiCdE","tlshash":"1953019457248477f5320c9351bb5ee067c2bb5d2d192a3cb70ad95eb07eabad4c1230","first_seen":"2026-07-16T14:45:27.672737Z","last_seen":"2026-07-17T09:29:35.860668Z","times_seen":2,"resource_available":false,"data":null}},"time_used":377,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":339,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000018.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.468Z","timestamp":1784280526468,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000018.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"1180a-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RWf%2BAkWXV5vyPeWF3IktLuUYW2gs2TwWLhx6nSD8y7B4RrWflSnwnnzBxK2dGzPT7jstzfoy0vt5CZtfAIxBdhIQv%2Fx0StXX3QQOJpO0Dm5a4VJAAUM7u20JFMpApAs%3D\"}]}\r\ncf-ray: a1c837ea6a3eb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 71690\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":71690,"size_decoded":73265,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"801dcf0eccabebb281267392415af2cd","sha1":"e8821062d29be76b4a53a629738d43183770b745","sha256":"678edb4b2f1850ddc8c8996ba1fa4822bee0ef7fd6ef55994598580d4e8f01ca","sha512":"5eccaae0974632c8658a959669fd95148772cf77905a7e55c8780d63beb9d79e0945fc568580e81fb9278622789fb65c0112f5160f569cf612c90d57d8f8ba40","ssdeep":"1536:YkmvaOkja6LXKQ3uRHiviXHijI7thA09P0EtJs0A:zmgaLFdia3ijIZhA09Py","tlshash":"1c63027f940560236ecb41cbc468e2686aa918f84337d7463d1e9b75c53b478eb8cf0a","first_seen":"2026-07-16T14:45:27.622971Z","last_seen":"2026-07-17T09:29:35.861884Z","times_seen":2,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000019.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.472Z","timestamp":1784280526472,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000019.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"11d6c-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ld4o2IN6ebjthvu8traKrXjbJgXyiclWEeCmBJS2phAmECwZ6fNVY71M4c5BY2bicihAKHQwf5vtBUhS6IoQ7w0gO0PwABtsn3H0c9W0c6VCk8n3z7DCGLhsprSE088%3D\"}]}\r\ncf-ray: a1c837ea7a3fb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 73068\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73068,"size_decoded":74639,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a6e273d14314a68053784d278565b989","sha1":"586b1ec490f555352d4b2b91459309ca43ae93ef","sha256":"2647ce1a873c0070d2b4f5ff3905ce0171788085eb59e0ce4dbd68a9dde974f8","sha512":"b4e369e5201ca46fb51af190bbebc708ad957ba699b36591a0145e8c5da1b899e9b815e45698cfe780913f871fa45fc90a41caa0410f2f19b4cb0e37130a05d2","ssdeep":"1536:Tf3HtY5OrDxewr1vy9nabzGmgqvOD9vkqpStpdNUPd:TfHm4Dxewr1vy1czNO1StPNod","tlshash":"446301124ea40d743928e192eb41ae8cd0d7253c8fc64f726d54f5f098df7384d769aa","first_seen":"2026-07-16T14:45:27.71144Z","last_seen":"2026-07-17T09:29:35.863012Z","times_seen":2,"resource_available":false,"data":null}},"time_used":239,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/image?url=%2Flogo%2Flogo-text.svg\u0026w=128\u0026q=75","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.847Z","timestamp":1784280524847,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/image?url=%2Flogo%2Flogo-text.svg\u0026w=128\u0026q=75 HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/svg+xml\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'none'; sandbox;\r\nvary: Accept, Accept-Encoding\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: Vy8iNGM4YS0xOWY1ZTkzMzZmMCI\r\ncontent-disposition: attachment; filename=\"logo-text.svg\"\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nx-nextjs-cache: HIT\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CdpPEMcFtobZ43gc6tjXDKa2%2BVH1FVVJTtkwECdBP4z6R1vhtE2I5ldBc2uaLhV8BL5KFfpcxl2YXdUj1yG8HeurKhaqdl7Oe0BXhMoSVnQzsFm9VkVGEWnxoNKA0wE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a1c837e049cfb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19594,"size_decoded":7669,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e2257a2306b8f2b284bb9f554a6f3c9c","sha1":"9e8ab7314cacc4c67cb6e16e5e01d10418d2fd4b","sha256":"03caea388eb545db4228ebc92aa08cedc346ea4c7cc7f5dd7f00e7a94db07519","sha512":"c2239c641b6806585e332208bc9a5c085f347c6d7c9a408f0ef2a816d2d78b6a888dae1ab77afa0ac106c3af7767400a02658337ab838f7bb8fb8f65f5283451","ssdeep":"384:W7Ubk99vqycPHNUVfR8IVhypQPPSHW/5YKPy3xtGxn5PYdI+f7Pn:q1iLU5j9aHc3y3Pn","tlshash":"a5921aa8d7b1aee8f156d7b9e600c831700b84e1fa02c79dc6ed365b905795d4d2e8c3","first_seen":"2026-07-16T14:45:27.669692Z","last_seen":"2026-07-17T09:29:35.86407Z","times_seen":2,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000038.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.249Z","timestamp":1784280527249,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000038.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"121fc-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kBPBz3QU1ptpUrJDnx8HKRci4n8XptcYFo%2BL%2FNX4vDLVFU9TJkjqWYOr3Qpqlrf%2FPyN%2BMNwe5K3qh7pJPytLxVxvOw9o9x7Jyqj7N3jaSx0RUYCsexv0IAFN82OPBTc%3D\"}]}\r\ncf-ray: a1c837ef5a5cb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 74236\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":74236,"size_decoded":75815,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"89dde56a37b2592a99e98401d00b95f7","sha1":"86f14a0a1ef589d20db6373b2e6e8c61359b916c","sha256":"ad713eb4f4422bdcf53be37e95a1427faa09e744554021f16ab1f66986b4ccfc","sha512":"67a4068c67a3146711ce006b2951a8a78f8a63ca0bb0b9b9a119b6cb7e096d1108efb2ac88cd08ab50e611bd488b7553305b86b18f8b189b1f7207dc589f0087","ssdeep":"1536:gpHOtSjOyRDWpxcKWs08ph1KWRa99NHb8d/V4TjQUEb2avu0:gpBOkDqbWs08p/KMw9NAVVK+","tlshash":"8573026a4c82d34d76a64f162ec56bcc31cfd41a92c04b8778a5e1915ceb772ebca8c4","first_seen":"2026-07-16T14:45:27.658434Z","last_seen":"2026-07-17T09:29:35.86521Z","times_seen":2,"resource_available":false,"data":null}},"time_used":346,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":299,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/08wg8j9aatrhi.css","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.472Z","timestamp":1784280524472,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/08wg8j9aatrhi.css HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r89WZQbtCAkGCd7mP5n9BfVyELTngnRXE0pxOafUpKzASkPVlXwMB911U3iGc7co3%2F6UW2bpjNBtguI6EQ%2B5NKzzxk84%2BQesPQ82T6u%2F0zCxT7K3biX88mIXhurgoYs%3D\"}]}\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\npriority: u=2,i=?0\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"3ce-19f5e9438c0\"\r\nvary: Accept-Encoding\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67448\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\ncf-ray: a1c837ddf9a2b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":974,"size_decoded":2135,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (973)","md5":"8478d8c565bb97785a5b435edf4ddda1","sha1":"0c823eb5994fa90d8b96ff23cfead59f6d1263c4","sha256":"41f885d8d33fe0513a47492775d87dbe1c22603cbca3c51b3121a84ec1bcc785","sha512":"fc8f0ef66ab94f756f6d56c8bdf1ddb7b23f5ba11825b4d9f88bfd06e98ee9f583baec25d8e738fa5500eb4ff12f5f5b87df80a065fb4349441b696c07dd5cc4","ssdeep":"","tlshash":"b211e134081ab108d2f74c5330ce7983b81990618af75663dd5a2eb94ede43f13e0368","first_seen":"2026-07-16T14:45:27.734907Z","last_seen":"2026-07-17T09:29:35.866284Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/01w4epfjnw3x1.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.835Z","timestamp":1784280524835,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/01w4epfjnw3x1.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"cd43-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C5vVY2I5qQZuagMyBPnd8rNNAJpYTYcTw6eJGEUUyYkfK6%2FmAOT0JrBBBBQ%2B1%2Bf1egOY4yDEMI43rhOYkod6sP%2Bpzox%2F5XfEDsH%2BH4SStz1SbNOUdjtffuL454xBcCE%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837e039c8b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52547,"size_decoded":17430,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (26666)","md5":"944bbb4348479faae529b46cfd1afebf","sha1":"90d0c3572141549eec911c1d2e856791cfffac21","sha256":"67b09120a0355e5e8cafcebd87c017b14b3065eb3dcff2a808ff5551db98ca3b","sha512":"7ad92e37e75bbbaa74d893def6a3a2fb1fdb553e216b5339a7e46f137bd2c4c67c9cd71b5c55bdcfc55a5d10a85ccd3ca0b3621800647eb5889b97933cc671e9","ssdeep":"768:pPGOomRkwSjd+kCN5tXvHXmrgqJZ7nFNXGRd9KEr:pPGJuQkkqHXvHXmrgqJZRBGMG","tlshash":"a833e7f6332138204ea2d5459867486ea22a3594300f5e2ef5bca8df349cd9d797c773","first_seen":"2026-07-16T14:45:27.632151Z","last_seen":"2026-07-17T09:29:35.867814Z","times_seen":2,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/02vu_.jrdr2l2.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.837Z","timestamp":1784280524837,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/02vu_.jrdr2l2.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"1ece-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NkKgVFn1afmBuB5p%2F6IGZ34zikeL4Crm5FsHFXwVhsgvQZ45O6NbH7PNy4InTNEZwxClChQeNycuMsOlbrobOeE1QNAiey5jqGzFZpVFJp%2BTx4137eAIkV2wqt%2BW6Zg%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837e039c9b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7886,"size_decoded":4527,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (7886), with no line terminators","md5":"c1e865f647a92fac17b8dd509577c141","sha1":"2b8c36caed06280d97940234bffbb30d4e5a0f21","sha256":"02538bee2f9e28e8f144f492fb9d3a92d1df1f67c93b25fbc193f4a5c9ac10f4","sha512":"7be34394f0ffa0dd8cf05a90fcbe0f5949e13b26e1d64ccf4a0482267244af7e7c40cb65cafb9388ed202b2a4041ce6f6c18a0d40b85fa22943d545328b081d6","ssdeep":"96:WeJ4k7NyDnvDSDz2gie0bzuTvuUhjmOTFME5BRv7ajEmAuP3bo8hgHIjZs6:D8DnvxhbzAuU9mO5MwGRhrSWs6","tlshash":"46f18795ab14eabde17f04d4a4eec10c613b2f88a50f48bcb6ec786c19412d4f1a57dd","first_seen":"2026-07-16T14:45:27.597558Z","last_seen":"2026-07-17T09:29:35.869617Z","times_seen":2,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/09.kc.g7.9~fi.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.838Z","timestamp":1784280524838,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/09.kc.g7.9~fi.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"d93-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dW%2F5cVsSv4GJlEHBuMRBiuEGs5AB2qbNgYDWSw%2BL2%2BPC18NVWr8rc4yRdL4YSQstXvDXbe0S1trk%2Fz4K%2Bj4fE2rdYYoRefz1mx11Dg%2B%2FUe1j71aM2q6xUieX5ynfP%2F4%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837e039cab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3475,"size_decoded":3126,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (3475), with no line terminators","md5":"92da3a89e1de5d3dc4151927e3f3f49f","sha1":"53d1237e7b7ee266186e808ae7836a5a182db9ff","sha256":"d4338d85f1d148086f4edbe1a4b86bf7b9c8939c1d04fb191ea4131ef059a670","sha512":"b78f54c3a03d6562ada84181ede2949ef9190ac14e82c35a2b3da55d15d923512cd5a3e5da73ed118f71637dfcac398d802d0b11cdb33e13abc31a08c75795dd","ssdeep":"","tlshash":"f26145a9a554bed8e68f10d881fa480c202b2bc8d90f08b4fbec78bd35951d0b5527df","first_seen":"2026-07-16T14:45:27.735726Z","last_seen":"2026-07-17T09:29:35.870861Z","times_seen":2,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence-cards/4.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.018Z","timestamp":1784280525018,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence-cards/4.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4956-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z6L%2BbMtOHnG6fLDyQqESH7AcwCVWD9hbj5X%2FbFz8z1A3bpGVp6MiZjh2u2E2yXBjmVkM5JLV0d%2BQLvjokQ0mpL0NsHnVs3QPYmINfbkDqLzkOevPoyLoTe0DkZe1TqU%3D\"}]}\r\ncf-ray: a1c837e159dfb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 18774\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18774,"size_decoded":20350,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f0b9e1f04aef3ff88769dadecf8c241b","sha1":"86afe567fc815ee9359a6e769be1a17d81509e35","sha256":"f7ce6f3333d5c9694c18601979bc7206e181cba1ef63fcf09cf34d9801ff00f4","sha512":"5410ca17b93136573b65bb7810120bda8137acc6e8bc3351ac7d1770e1073331d13e35b421397c4877c46a3e013e148b442a5dee7165e3b8abf34507987ed27c","ssdeep":"384:bYMDssunjbeTfFNuelkII6XEc/Yir9B6EF5hfz/91ccRX:bYrnneTfFPIYgirzzlzV1cMX","tlshash":"df82e1f8e493c68ee1089087bec7b996a72d50666f1dfa2c0dd14c73af3adc006b5841","first_seen":"2026-07-16T14:45:27.641255Z","last_seen":"2026-07-17T09:29:35.871973Z","times_seen":2,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000039.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.418Z","timestamp":1784280527418,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000039.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"11f22-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a%2B3qS6opmmhOkKI4x%2FWMdrHHrE5PcLgICTiSS4qsPeXcIVUE5L%2FrzchUAdhA%2BFXv5c%2BDoR7Z5pSN8HWDORXXwdDNkUzxmrpglOo1Z2ThMEDVC3TBk9TTYot7X%2FMTQyM%3D\"}]}\r\ncf-ray: a1c837f05a66b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 73506\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73506,"size_decoded":75089,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5698ccc29ed7d2d4cfb2b2a012bc87c2","sha1":"1e31ad81e02a9b3606f50c07e6c8cf8065282fa5","sha256":"f3991d477c5b71dc89163f3259ca3df292f88bd28afb35c791b6edc1e4ea9b24","sha512":"9d965eb458ea6fa0070c000320d13d50d38c58441829398d9e92e5c4ec278a2f8c6a13716479eba39606fe4443be4cd2f56b52743d45f673903bf7c1c04a8550","ssdeep":"1536:YAsPcP1Pxu8qkwedN09LZFtVSPyBJWjNZHvLn:YAs21x55wU+LZFuaLoVjn","tlshash":"197302b7bd12bef0ce5e1881bdde7348453a3905785cb893a25313461689d2c328fad8","first_seen":"2026-07-16T14:45:27.647115Z","last_seen":"2026-07-17T09:29:35.873121Z","times_seen":2,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":74,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000088.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.953Z","timestamp":1784280528953,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000088.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"9cc8-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UM9GQTUqo5X6tCzUJsed%2BOttnSD0R2we2P0qICJBjx9fgRD5oOOcr68UG70zAYTGjyY%2BOSJp8jnAtqvcQdr8%2BY4g7Vu99F05%2FF%2B4ZvM3IJPjiHjhInBOTeImbHR2laY%3D\"}]}\r\ncf-ray: a1c837f9fac9b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 40136\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40136,"size_decoded":41716,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a3c2821f0219752fadf0d3578e1e4e1b","sha1":"1d1a53f57a3bd2cf11d1f03742e829264fd9b033","sha256":"f074d38f438c912c8f48d64b6fd64ba17baac782bce71d42ef4a1aa1de5f0a64","sha512":"8c0cc6c2517257a17c57937c974dbb11b21d74610cae380ba8f9b2b4747a8a2bf73cc580f2fe6b70d988a3e2a35820f6ca3aedc85d311a41fa16664c601d269b","ssdeep":"768:peW2FhPVLcZVWf0gkllfd9kqYK/gOEgznNMyr62Gq048OcYS/:8FhP5cZw4fYJOkgzWyu2x8v1","tlshash":"f203f141c9dd7b58e96f92315edcc99a393abc4d9fb219494c8318e2061fa1cc72cc5d","first_seen":"2026-07-16T14:45:27.690875Z","last_seen":"2026-07-17T09:29:35.874537Z","times_seen":2,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0k-ks1ol~9kkt.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.834Z","timestamp":1784280524834,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0k-ks1ol~9kkt.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"2b58-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3Kmx2bGoXT7XC%2Fgk2S1Ay4bIESSqlhY5%2BchuarQWWCdYI9%2FxZFZBWDQ%2F1ZaabMsv%2BmbUVQ%2FoMXOhY4DN2iTZt%2FrV2Exw46QKp3MiEK4iQdpeZGPp5cXMPdo8iWzkpB4%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837e039c7b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11096,"size_decoded":6476,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (11096), with no line terminators","md5":"4c4b7350e90652c4525aede1d4352363","sha1":"700fdd718c03ddbcf88bd7dc1faa591bb7920cd1","sha256":"5e2f2fcbc3adbbe40f663e048d54bee0c6c7ba09f73b6854caced5939d8aa159","sha512":"f00513ba161da2cfa0da09a7ead4b19424f28315862297c1692e3c48355ee4e96b8ef4d468dd83fa4c24a3ffc3aaa597250ab008211759e04ff3391b129cefae","ssdeep":"192:GdMoecoUoLqefKkDF9KFanJssuwdLgZmJZ3zp3tEpx4W1Mk9fULQ:uLecobocFka6MjXw4WMk","tlshash":"3b32e6e97380b873d3536246583b8156723b6980b01f051cb67d44ea7d288cbd2baf7b","first_seen":"2026-07-16T14:45:27.745259Z","last_seen":"2026-07-17T09:29:35.87564Z","times_seen":2,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence-cards/3.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.022Z","timestamp":1784280525022,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence-cards/3.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"507e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y0Aoq01JihPe3%2F0VJQOGrGDwSg0wWansLkCyuJG6saViEg799EQV0wxrNqLNcEocwc6sU%2FJ8bSF3z11DHneKtNGDPyRbIaaKQmsolpeQqcTBCWhknyzYc8TgVARnxbI%3D\"}]}\r\ncf-ray: a1c837e169e3b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20606\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20606,"size_decoded":22180,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"38b18f33bfa1ae55ceab9355d3ea6af5","sha1":"365a288e870876c5a7697237120e702adf7224f2","sha256":"12cc4eb03d6635412bd430a2924c8c54c893dd549fbe231ed8fd042608393a00","sha512":"6ba06166a1df2eddb5b33c73ce23ae0502b231373233aae827aadd5f9cc577854726d2330dda0503026b7351f77b1cc8ca6290512b8d6006a546304268f3ea66","ssdeep":"384:RHMbBluOCU1m9mfQ2aQ1U95L871gGi3ZtDs0LosWgeT2tnyXQfl/AFxr13:R86U11fna1958KG8ZtVosWgeT2tnygRe","tlshash":"0192e1d4eeed7f398daa01089c98f631b0302597e65073e6d8830a5a9e452da7377363","first_seen":"2026-07-16T14:45:27.66165Z","last_seen":"2026-07-17T09:29:35.876674Z","times_seen":2,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000024.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.827Z","timestamp":1784280526827,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000024.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"12508-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=61cJAjqRs1y6Lm0ZuQEnasoEBZKz3zhXASU9ppyfFWdCDVSFaCc8y61HIQyzGrhnXgZfF8M03sza7Lj76VD6fxGfcJ37YpDcBhUH%2B2KAl3YD4R5nUEHA4KrG19E1UbE%3D\"}]}\r\ncf-ray: a1c837ecaa49b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 75016\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75016,"size_decoded":76589,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c7a66ffb3e005f0f64d2ef612451b229","sha1":"54e21280846aa7d49933d2fd4c13e935bc514bba","sha256":"ca10bd57277dce60a55891dcc2861633281c18272c1055f5a4774d32e90db5fc","sha512":"8e6f0384cfb96626be1d93e16a567da6d2f428c14a54327576c62270b6d011bc55b8ba09cac8e5cc3095eb1c672c3a13bd0cf32f6dbe43ebe43b7a4640e98331","ssdeep":"1536:am3l57Xcg7TJxg/sIou3hno4aDiwBozlDMGgeitSumrUfMiMBRLCbH:am3lls2dxW3oQfaNulIGg/tdfMiGCbH","tlshash":"cc7302b053896f9cedb8f186a14192084fbe9c98404629c34e99d7c2ded6e7c4da1ce9","first_seen":"2026-07-16T14:45:27.726111Z","last_seen":"2026-07-17T09:29:35.877642Z","times_seen":2,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000056.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.924Z","timestamp":1784280527924,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000056.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10b96-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EYqNb6ICiQOqTEn45xR%2BzwOn274w1EdWmLev%2BOdNwxg%2B4qOO1lzJSWmQyf6hhYi8rsS7BSV169vgNk1YLrStJuus6IOiH%2FkM9Veg6W%2BYYA3sPrVaGJcuCz2oV74%2BHts%3D\"}]}\r\ncf-ray: a1c837f38a93b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 68502\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68502,"size_decoded":70085,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6240b8501b85e5c28e51086ecf1e4a9e","sha1":"0f3dbcae9a890d6aea94323afcfa5601e865d062","sha256":"48a3dbf04bb8c7677d01715883a434af82df26f67db29aab19b1f65e840d54b9","sha512":"ceee9eb1666a7e9b69cba48554462d7739fbed291c72b64c3731f032311855aa167f3d16fae68697dcd69762a7626ca59736b89a1bac41fde9d367f278c72283","ssdeep":"1536:W/HFtzNiFVl+BTPqQJhtqVeVQct/IBZ4PLdbtEglJQnxvC/:W/zzwFVoTByVO/+BZ4PLdbtEglJQdC/","tlshash":"84630252a165f273c48daa3d39b56dcb0a4bc08d289c12211694f5f17a849baef1acc3","first_seen":"2026-07-16T14:45:27.64902Z","last_seen":"2026-07-17T09:29:35.878776Z","times_seen":2,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000113.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.644Z","timestamp":1784280529644,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000113.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4e84-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7wuGOC4DTpelB21DKF8bR4%2BqX%2BLC2vZhQSOYRqJaGb4UbbjDGThGCcd8MceFQ47s3Q0%2FRd12VfAwrXbQGeqbF8o%2BjNvyZr7I3g7IwmpaKwHEdGAj4PVOrZ0qXpjeEII%3D\"}]}\r\ncf-ray: a1c837fe4af9b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20100\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20100,"size_decoded":21678,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e505ae00c5e7c2275c3bbb603eeaec53","sha1":"c713a287b6cb495c78400d37f6c0f370474bad16","sha256":"2a9e647d1fa6208b746921e1a5b942480c6eff4d5d6bab10a0d84595bf8727af","sha512":"3fc57d107dd26bcc01a05dfc59cb3339f24572a676b789d23d447447b38d8cd7dc6625b984392303bec5f3637165e9b62467a230cc6c2084325f2900c9e79a0f","ssdeep":"384:C7fz+iMnuqJCfGWqVMed2TGIKe18HXWxyv8iu81opPnhc0cyIGB9TnbWZP2nhSZC:CDz+iMnuqkfcVIOHmxy/u1pPhcdE9TnH","tlshash":"5392d02dd7fea6e9e93e2d630630171e00a70594e693338a67c73b04189c9b4f1bd8c9","first_seen":"2026-07-17T09:29:35.880084Z","last_seen":"2026-07-17T09:29:35.880084Z","times_seen":1,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0cs5~yg25e-yi.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.487Z","timestamp":1784280524487,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0cs5~yg25e-yi.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"107e4-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\npriority: u=3,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qCCUPvsb8reyDBB8upd38qovSs%2FSqO%2BrhCjZWrahJBlrPfcPRuhQPNdqeot1eYWfGTyhOqAxcgzqRhOgPZCd4JMQkcYYirbbyiZ6LC0XWkoPLg6Qb8NbLx7cVBCTrf8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1c837de09adb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67556,"size_decoded":22249,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (58482)","md5":"56a7acac86ae82389f2c72930443680b","sha1":"a628bdd2b477d1996310da05a97f773431174107","sha256":"dce020232edc492bf01508892e18c257732156bc1ecd9b82be01203073dc4c79","sha512":"3ee9ed09161cb680e57b40c175393f93a2944d38cce43fa12cac4c651d72364872e155b84b76ac7a39f1d20cb3aade40356c93fd4b51ce56a42e285a2ac94f80","ssdeep":"1536:ldzd8frN77+kk37KqlYhHJNPkOsMI2T40G3v5aCl5VH1f0TdcmcQt7KBxpqTq0KP:lGmB3+qlYhHJNPkOsMI2T4t3v75y8zP","tlshash":"7b630821a242217b0e9b43d6902c07099f3d7965a24c450ef3ad4ef75f05eca46befb9","first_seen":"2026-07-16T14:45:27.653612Z","last_seen":"2026-07-17T09:29:35.881495Z","times_seen":2,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000002.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.599Z","timestamp":1784280525599,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000002.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"fe5c-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ttCn47HydNfqUU%2B1dV%2FGkFZCQB23%2BITk5Ptlt6g%2FVnkq5FKCGMN82a4N2zwKMEyyffuHoFUoW84bmNtXHyYXNwEJNXIYfqWRtWkIGe1Fp3IkY%2F%2FcHL8l7p%2FXFy47X9w%3D\"}]}\r\ncf-ray: a1c837e509fab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65116\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65116,"size_decoded":66700,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1a1f361880c7651c729f6921e16fbd7b","sha1":"76f1d74aaff50330c8ae869225e950b70da3fc8b","sha256":"aae12831761e1faaf7d47d1b488f087dae92c8ea6b3cc17376694755652ba489","sha512":"48b8ae3eb4f93de4f1a8da58e6cc7e870c5c60d73b3efa4c543fffbed9c6e53be21ea5b230c6b49c376c59c85e1f94a8599c6a85eebac159e7a43b5f71613743","ssdeep":"768:ZBnXOsz4I2R7Yt21OycHOcsraQD+eO59MbaIidAUrL+LFmRseluoVxOKMhmx/YoK:bnX2yt21jBraQalIbLFWuoVxOT8XYYEB","tlshash":"bb53029f31f61f78bda4d68ec582b066da1b07d92d08d76b26cbc35a6dd19c1f04a083","first_seen":"2026-07-16T14:45:27.741634Z","last_seen":"2026-07-17T09:29:35.882484Z","times_seen":2,"resource_available":false,"data":null}},"time_used":352,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":318,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000017.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.465Z","timestamp":1784280526465,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000017.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"1120c-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5aOeT2QEdORRjxQi%2BPUA6e%2BtR7bjMArZz5SqjtHDOqqdQmeY5UwISoKdt1%2FsNn%2F74jr4dm53JYZOarnk24bdUwiHZcEL7mNHjGZo0d9zLXdyIgb8UZIpqdkXIBJLwYo%3D\"}]}\r\ncf-ray: a1c837ea6a3cb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 70156\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":70156,"size_decoded":71735,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"812707569aab668b9a4775f3e57f96d4","sha1":"bbc470553597eedd1359e9173b1f225af63512b2","sha256":"d61f2bef98a832bb584bc07d3760f6bc1f6cef11d82426e4b91fdce2ee2fe9ac","sha512":"c2bdade1fdaeb97e5bc3104ed36f1299fa52e7264dd94b144b54455103c3a08c75db85ede3de80259c01fb0705699c78d197c540e2e3deb992a6652de17b4e8c","ssdeep":"1536:By5PY8ex6AyMdAHciizP5NiHp6P9mAFzes0PjVo:By5wzrvdoc77iozevO","tlshash":"9563029448143c186bc579127f75154ca8be20298bc2179c9fe6a9c3eef5ec877e980e","first_seen":"2026-07-16T14:45:27.706447Z","last_seen":"2026-07-17T09:29:35.883757Z","times_seen":2,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000060.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.931Z","timestamp":1784280527931,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000060.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"de1e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YM1rY8GoEmA8c8zzMBFszTwKnbKaKPm3dVqvO%2FvvX7RekOaczbks2yynIl7yGlRjuUEJYn7ijYt5sj4o9CKHYXHSc0cYd00Y%2BYMZpwaxbxc8hwnD8QJ%2BOYPMIZCFjfw%3D\"}]}\r\ncf-ray: a1c837f39a97b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 56862\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":56862,"size_decoded":58438,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a7198e7cc6fc03be89d0bc13e258f9cb","sha1":"66effd4b80fce263e4a0e73d817d1d8567b43de2","sha256":"1bce5d9b1c3c3a8001534dd2e2c852a6b4e7b013fb7be6bc0c804144fe242734","sha512":"f99e320cdf94ab534d7fd9d7fa799f760597ec636362f0e49d543c1a284ece42fb7bcb866affd36b22990c618071696258c2841faef15877f203b6d728b37682","ssdeep":"1536:lyehh6uCEEjlk/c/2VodIWFKSJJAqRlN2:lyehYLE0lk/C2VeIW8SD7J2","tlshash":"c74302bcb563e88048097a29a1a996e6f32a6c1457d84737f9437cfb0c78f8c5069356","first_seen":"2026-07-16T14:45:27.748609Z","last_seen":"2026-07-17T09:29:35.884902Z","times_seen":2,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000065.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.170Z","timestamp":1784280528170,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000065.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"b85c-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CC%2Bb6XVa%2Bi5DQFxiYAuth5S7wFMSiH0W0Al3cK0jPMibYQOLu2t2cON6Wc9eGkZQ0G8CHMLp2o7cZiv4Zegvu2%2B82g%2FqHE21J7gJdrVJd%2BAvDQMKjg9azMsO9P6DRvA%3D\"}]}\r\ncf-ray: a1c837f51aa1b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 47196\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47196,"size_decoded":48776,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c1546462faca32e006e97c28d3b65fc4","sha1":"88ed5ffc93a850b4c5b373d2c0a5ae1130af8b41","sha256":"0c5ac740bda2cc2f1d746054f05bbaac364238b619651ee26df279b17db8420c","sha512":"a1926e3ce9c9ac3968daa19ced0dabf8dbd5da84d2bcc0386e4233f6e97b6e00b8febf888d1381e6909479f03685815e0905c773db72acc39cb230ff3ce6e5da","ssdeep":"768:uGcSScT8hRoUF6EllwUBu6eo2akI6fsNr2aI9IbVHjHw8n4JWsuZbUNmWn9AG9av:uGcSS9RFVPwUBu6eo96unICbVM8fs4U0","tlshash":"3d23f12f8d0aa9605b5f113a114ff7aa054bf2e35cef7f036b5998193172d02acf1285","first_seen":"2026-07-16T14:45:27.608388Z","last_seen":"2026-07-17T09:29:35.886033Z","times_seen":2,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":174,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0i2jaxqwee8bp.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.484Z","timestamp":1784280524484,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0i2jaxqwee8bp.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"e7a5-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kCpsN3kybbJC0%2FZeytkoRdiGKWkJlyW07dbghWBcyImySz58WmdnsLEl%2FrVVo8sixv%2FKPxmhCFrsiY0RkkBx1mhRs4GZu6ArzjiqLN9YZ7a9o3XiyQYpJ6Dx30mT4mM%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837de09acb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":59301,"size_decoded":23016,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (59301), with no line terminators","md5":"7361b2961f1ae02c7a6b85a2077d971e","sha1":"1be90bce8c88b79246f1122bab7d790ac4c504d5","sha256":"56ec390fe44a1469dfbf0968a8e0929f0729fbd082323e250d96594bb322405e","sha512":"68d8f6a348b2e21e861609cedbc52c302f92ad5459c751c5778f885fc15fb1af8416c6a9b6f09d4b9018781034e7c100d771fbcfcad5001af7912ae735221549","ssdeep":"1536:rSfbpQH+AOWui83g2exXjcy/s/OONqaoBBdBK28324iYj1zB:rSfbpmuidRQz0BXk1V","tlshash":"0c4319e63242b574d7ae819b907f821c733a16a5200e0414f23d8ddd3979991e2b7fae","first_seen":"2026-07-16T14:45:27.693155Z","last_seen":"2026-07-17T09:29:35.887139Z","times_seen":2,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/03_1.webp","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.311Z","timestamp":1784280525311,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/03_1.webp HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"e73dd63ff2a69d3cf2d4dc6c805c2ef4\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: ff55d4d3-546d-4ae2-ab4b-240d7ac4991f\r\nexpires: Thu, 23 Jul 2026 08:03:59 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 91485\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R0RCtlmnpG%2Bh8XGiBh8SXrmi%2BR1TLq6F07X1rgyoYxrQP23GmcZCwiv1sc87OD7iqDFsfMCAxcJcUnrIxC%2FWIIIEnZ7JzJ4ILbCSzVbhmCJwnAWaN0gefQ9ou8EfGT6hiFo%3D\"}]}\r\ncf-ray: a1c837e339f3b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 81174\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81174,"size_decoded":82491,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e73dd63ff2a69d3cf2d4dc6c805c2ef4","sha1":"9f4cffc880ca4d205e3c55ac454d2551b30229f9","sha256":"d6f0e2d7c033c6d0d308ff3966452996cdbe1ff2a3e8e385aa8660a2ef61c4c8","sha512":"d475292f4b482c985971847d42f79f0bf46a10ca892796db5d212834269136737753cb9890015ada34fd20194975a67d593941f5c24e896cc99e1154d02f0670","ssdeep":"1536:1uZHO1FWaYJadGOCf2JwQ4kpVr02y37r24qfk1lfG6DX3FaQRa:1kua9a4r0wQ4krr02ffIlfTFJa","tlshash":"868302f0f0dcdf3293dd298a95443348ef9942ea444d9e55d94283e5bf02cd7aaa70a8","first_seen":"2026-07-16T14:45:27.618422Z","last_seen":"2026-07-17T09:29:35.779195Z","times_seen":2,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000066.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.351Z","timestamp":1784280528351,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000066.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"ba22-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CpQaSOiL3rnLnpuoPquYn5PRAIXiU7EJPmfq33omdR01U1I6Z148crph759EU7XqNIfTyTyqvaD638x8PyL8uLo2QuSXxrt27QJmCGF8CG%2BoGgyXakBYcwiy3biKPEo%3D\"}]}\r\ncf-ray: a1c837f63aa4b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 47650\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":47650,"size_decoded":49222,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"643ea7e55df2bec4f151acac324d5624","sha1":"494271f38a1f08b6dc00c8d98e51d354232dcdd7","sha256":"0bf41428c2e56612d566a1b4da193627a4978f471b7fcd9015b333c80c29dd7e","sha512":"26fafc05e0e16cbfec741d7fb5479246b17dd2b2cd169bf98bf930ab690b163d7240cc822c8388f40eab6a94f93d9a4b97d8f9fc0989ffdaddcaf9f7a7819d50","ssdeep":"768:zE5QklT6IAAiEikwn0jcz9PF0tVmYdekg/9VK7amjXh2wnRBtyWzkxiS20c0N+:zClT3AXEikwbtERdekg/immjBRBtyWz5","tlshash":"fe23f128a14546d4cd6fadaf86deda03de47cc871017e03a344bb813fab99a6171ec48","first_seen":"2026-07-16T14:45:27.671701Z","last_seen":"2026-07-17T09:29:35.888117Z","times_seen":2,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000115.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.646Z","timestamp":1784280529646,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000115.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"50ce-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HYtwHkKpsxwMYFSbPPL4rkWFjSq4Su31rmEtbUeXK70TSw%2BNkKWdRPA0AEVnwtW1t5Gqmi0TxaWhshok6kBQF3MMJBrYJvdm6ZXc%2BG8DzRo2w0iARgO75CPJpUh5G0E%3D\"}]}\r\ncf-ray: a1c837fe4afbb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20686\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20686,"size_decoded":22260,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a7af325dfb683b64449cac0d1e2a357a","sha1":"d7795e5cb8b318f7e89238dff69726f6734b83fd","sha256":"85f1802c52b7993f23a7ad8b33cfe43cc43d3ade7f1528cca8016879ef6e2970","sha512":"cbe3d39ebc50c7c6821053b49f6ad7e1b62f48fc71961fba043ad128cb96dd35a8a5c5cd3aa0b2b3a0409522618ea5cc5430df45df8ea14be90952a49c809b87","ssdeep":"384:r+H1Usjz13YEXVAEwoCN2g6xBuwBK1BrUUhIYX7Ggqd1+/A31CEIDP3Zt:ru1v3HA2ChwBu0EBoUVXiTGYFC1DP3Zt","tlshash":"4a92cf0d9ba4ad799a8cdeebadca1511ac0f693e3110c05fe553cd93648fc3a16638e4","first_seen":"2026-07-17T09:29:35.889078Z","last_seen":"2026-07-17T09:29:35.889078Z","times_seen":1,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":88,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/10_1.webp","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.823Z","timestamp":1784280524823,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/10_1.webp HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"f02b92807e8a29660343c405fb4c09a2\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: d8ca91af-6fac-42f9-a9d6-7b32b8be99bc\r\nexpires: Fri, 17 Jul 2026 14:09:28 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 587956\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2BEDd3EBRsGMCKbG4RBfMljvHyo5Vo2JIv%2FtwDBLxk%2FhX%2FtoucZ0ajK3Ta%2FLyNiPyNzZdJR%2FFCROj8wZwIbhq8egDfN8lJUxpqY7H6aIfIqWP95A51Ysoq13PyQ54o%2FX3WE%3D\"}]}\r\ncf-ray: a1c837e029c5b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 85100\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":85100,"size_decoded":86424,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f02b92807e8a29660343c405fb4c09a2","sha1":"a8cd711e9da450c3b51d13d6332ce9114f4fb8ed","sha256":"493a1338c17a2b7a145db7df7ed5d726ca43f2e986bf440fb44e64196f2966fd","sha512":"2e3782679f89e5cc06f0112b2ea70a21404c3185ab0b29baf1d4e8c73172df19ca480ca5ceb1958d42c0aa01d3536e1739bbc5e01e153af31cb84172ef80708c","ssdeep":"1536:ucQ3Z8jDjaJVB2tjxu6fysoc/pU7+mRzZSU0KunHVsqiERI3ID:MsPaVAj0KysocBU7+mv2sqjRI","tlshash":"918302a8e4124e236d735d9350fc6ffb20b8c6e14566f58a6adb8b90f0d8404d8527ee","first_seen":"2026-07-16T14:45:27.589795Z","last_seen":"2026-07-17T09:29:35.81462Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000007.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.612Z","timestamp":1784280525612,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000007.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"100a0-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=udLYG0z7Lmowncbg10MFw%2BE7B7AFqyIE6k6jmS%2FqygjoEWmTokw5meVjv1oiet6w%2BsB%2B6cA6jJNugV%2BT3FmUGVCV7G83DuU1363q%2BY6VbL8qLZ9q%2Bv3o0GxA0YdPRpw%3D\"}]}\r\ncf-ray: a1c837e519ffb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65696\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65696,"size_decoded":67281,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6fbe5c8c41c9f12acf0b7f2290b33b14","sha1":"31520d62daebd439c5bc0aaabb05bd9909ca1d97","sha256":"9f39ad231074f4f3fe0e420f601286b17b55da69bcc3910aa39d116c36af9781","sha512":"a14bb4dd90ba1c9a47bbc16636fc7978f53cdae77aa746a47d9479da44676cd7438cf8dbb45114d6ac3b4722aa35b0155ed93763f4d00caaef26054f6671b19c","ssdeep":"1536:bdGfRuulrRMJ1PMN3ql+aqldOiQn6uU6r8ZyeMXN:bEPraJdWqxq3bQnD6yB","tlshash":"77531245b86606da14e5693e2b8adcedffc866714cf8337c126ba0c4ed3724204dc66d","first_seen":"2026-07-16T14:45:27.599527Z","last_seen":"2026-07-17T09:29:35.890215Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1483,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1421,"receive":62,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000106.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.421Z","timestamp":1784280529421,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000106.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"49c8-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b71MdK7ecNHS7XdnGwQWS5df3qGapia2oJASK5Qz4MhEQvhhSPrDJuj3NkzvaNFUi9Mw6ejjCWiWXb3h%2BUdv8GceOCmtq8R2oFI77IaUe15L6Ea185%2BtTZnEQISlr8U%3D\"}]}\r\ncf-ray: a1c837fceaefb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 18888\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18888,"size_decoded":20462,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7cab980a7d07e0e4c8cd7ed3afc46ed2","sha1":"93d05c8953be393cecdf6cc68b071ab7d97c7363","sha256":"6148861900d0c3e2ff5d6633b4e1d65d6421362c181082646c143e7ad5a65c05","sha512":"d9b9b78d245b14f86b65bfb271d06f58cc0c9f70a9ee3d6d4d462a4b507db66604913d833c06a4b22babda17e57fe87ba6dc82022d4b378f3ac3877408b2c5c6","ssdeep":"384:8b1lVuxmwYvQWaTa04YQRy/SfqoneKRKjWHn:o1qxcvQ0NZRB9nxAjw","tlshash":"4582c012649f5ed66ae11af1795a6ee7262f039c0a1691337327d2952c82ef0be0c125","first_seen":"2026-07-16T14:45:27.638343Z","last_seen":"2026-07-17T09:29:35.891272Z","times_seen":2,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000035.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.241Z","timestamp":1784280527241,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000035.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"116da-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=et669GSe0HIRx48CtyCKY8mMZ2WvR2vfZZq1S2lmXxa7i0iDfZPgrWZn3UrL96F8iPdnVF92tCPe3v2NN9AIikcD8P55xd6mLmao%2FfnpImH2yXfgWLIjW35VxUDJOsU%3D\"}]}\r\ncf-ray: a1c837ef4a59b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 71386\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":71386,"size_decoded":72959,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"969598d3b2f76147c810d592ed2ff5dc","sha1":"a149745bf2d01f25cb8fa5aa3a56643a403fb046","sha256":"714894c493a49e30e900ea0db63101181b2034b5c0c4842a3b68f622e8a5a5e0","sha512":"ffccd6d51fde3ac9e337601c50b414fbb9e94cb7fba7a8ed455d4d29d7382df8db5eb30a6e5c8f435889929c3184283411129db93a94596d688ddac85623ab8f","ssdeep":"1536:cht/vOOjIYuEtsCtuU2ALwITkQiAbVMtJh1nrKAQdmyAHxllDzk:MXOmxue92WTkQH2r7rR57xg","tlshash":"836302e99a0697ef39047c27364866bd9b2bcef096c805754e3865d30510d7012fbeed","first_seen":"2026-07-16T14:45:27.751395Z","last_seen":"2026-07-17T09:29:35.892546Z","times_seen":2,"resource_available":false,"data":null}},"time_used":355,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":310,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000110.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.639Z","timestamp":1784280529639,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000110.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4cd4-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3MsFAouiCAdt7wF%2BnnJmUR80Ue9EfF84VwVgl2MmpQabxj6hzPGMTN0rY%2BF4ueT1yPe89sKGdW%2F9y7mtSNxYQDiyalPXmH88HVBB1bMG7nRCW9aoBEElbXtmFEH6UBI%3D\"}]}\r\ncf-ray: a1c837fe3af6b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19668\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19668,"size_decoded":21244,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6699f6fb1967876ad1ae89038d41df61","sha1":"5e9af0fd39576e95859d691d4c41fb8d96289d97","sha256":"b395de491fc2c0a09ee1eedbd3a90818cc45aa7ae148593cf3118916c573b811","sha512":"8535b694f1e7dc3731bcc7f420e5a60fecf0fc3ee8e478a79550d58f48615e086b1049378cb7c32154a087257f086fb0c885745eda2527ce7d53d5601e56fa55","ssdeep":"384:9QzkRyGvqqqKCSA52niwGZYibMZTzBcgNj+Nhb/UFXoqXZOAfogzFr9xs:9QzkRXrqKPni2vzdBU6zXZOOogzFXs","tlshash":"d892d03fb142ca105709f0f4f8a89a335c43862179dd23bc2c362974aa16d98ff754e6","first_seen":"2026-07-17T09:29:35.893713Z","last_seen":"2026-07-17T09:29:35.893713Z","times_seen":1,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-17T09:28:44.012Z","timestamp":1784280524012,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nlink: \u003c/_next/static/media/1b99372b3eaef0c8-s.p.0gx2haw2tmll8.woff2\u003e; rel=preload; as=\"font\"; crossorigin=\"\"; type=\"font/woff2\"\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\npriority: u=0,i\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y2HJ8K6TD2wgSq54O979pZeYZieB3L78glTy7n9CMaXqVj%2BMaoQu0ecY9FussVx2jpLjRii92%2FiPIIMshTMTiLZTiGEEhjoj2IGoi9coVqdk%2FsqS5yJZVPvOq3sQBKU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=11,cfOrigin;dur=303, cfExtPri\r\ncf-ray: a1c837db3970b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}],"data":{"size":181400,"size_decoded":26248,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (65522), with no line terminators","md5":"0488c6830c277e9db39cfd371dfec28d","sha1":"2d4ff65ab5ab75eb2880ae618165c40ba0b89e88","sha256":"f49cb5b33e8c032c04e4c8bc1ac9843349a6fe60d75930b224b8488a55958bd6","sha512":"a341f1f3ff72808aadfd83a238a674289ad4f828bdb57477006ba80b9b01de0e1e9fe82611de67a1630065609c5fbf90649a48d769c1b068922fed1045d2c178","ssdeep":"1536:2ypYS7M7Vg8s9Zn/57ZCBYbKOqYW8MO7B7n78Zxln3:2ukMBgl3","tlshash":"be041b795011eb3ee01f5bf8b234ffaa3566f279cac2c50873ed86924b51cf84a18651","first_seen":"2026-07-17T09:29:35.894749Z","last_seen":"2026-07-17T09:29:35.894749Z","times_seen":1,"resource_available":true,"data":null}},"time_used":474,"timings":{"blocked":0,"dns":8,"connect":15,"send":0,"wait":10,"receive":441,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000016.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.130Z","timestamp":1784280526130,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000016.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10e66-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F2%2BWip2v42VNFGbFfHZJYDfc3qWjFoFOauC6otE2ynzKgJi7gKvBR8one%2FgbJWTkYkVwIdiFcKWTkhsbPEFndfBZ%2Bu%2BCnAVgxjzyrYZl4PSajsiwhOdiFQ6zLU9rKuo%3D\"}]}\r\ncf-ray: a1c837e85a1eb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 69222\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":69222,"size_decoded":70801,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5c660709b544a2a2446b0007dad50a84","sha1":"4fc20ce9ba93ed49af9b2cc6e70c9f2e26ec0e23","sha256":"758ed2d53ae2fa516a3703a2c2d34dd6fe5b1fc0278ed429e67d843ef867d84c","sha512":"173efa04ae1a04863e5d677be59235e267fe2cf25618bae04f87c470ba06eb263a9e590bf1bbd8e582f0abce0968efb98ab1ac232953e563950bc4fff527322f","ssdeep":"1536:4t6aMrwLkabu+O8k9KZn7xjWz6nmzzCQVlfGbABnZlTisi9FH:BaM959KZ796zCQXGM7fOFH","tlshash":"0263025029e5b0c1a4d93d84f00200685fe85baaba1e51b05cbd9bed3e4f205fc7ee59","first_seen":"2026-07-16T14:45:27.683282Z","last_seen":"2026-07-17T09:29:35.895795Z","times_seen":2,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":217,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000070.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.363Z","timestamp":1784280528363,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000070.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"b828-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=taCvgA01K7PnD7tPlAqT4H%2BZmlS2sW4O0Xj7%2F5YYJkwL%2FDyLuRAbIGgpdhXi9O3bg0wQNUAVyHw3rCPeqMVGC9ciYOLAhQjF%2B7u%2BkFxEeIiz9s00bPgxEMiikI0DZvE%3D\"}]}\r\ncf-ray: a1c837f64aa8b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 47144\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47144,"size_decoded":48724,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b2099c2c587028219f4305d145317968","sha1":"b76033da6baa5537a856d4fe0796f6224002f49b","sha256":"5ddd1640be6e43c5a7e43e3ce20b9a06d8953e5ed8a4d59f89b240abcc550d8e","sha512":"3a01141f8bc3b5792396d7d0904e00033e1dae0c8e6fb49cfba530ef62bb6b865669ac6766455f6f9c48836326f58e281e07f34e917f8ba3a6a05c25375c08eb","ssdeep":"768:TXUtOzEjXXLH5qgDeMLmcBrinE+iqbGvK1RpX1GdiIwN8eyF7Q2CIwn2lvl7i5h9:TUtOzCXXzX2PiS8sR78er2vfv4","tlshash":"f2230176d9e8fb5fd0302a35e6079598356a202172b9e240e4ed9e1ffdff1944623500","first_seen":"2026-07-16T14:45:27.624922Z","last_seen":"2026-07-17T09:29:35.89682Z","times_seen":2,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":283,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000084.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.792Z","timestamp":1784280528792,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000084.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"9fe8-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H%2BULbUWyIrNfAocvdFXYiv4iMOKwfw3Fp3k5%2FfugXe9lduFomA0VI8x42ErwL01lRlyAsCl8%2FWSjxFOXLyZiltohCLCor6FMuOpIkYxqjt7Pjk0ystBaLrY9LskSYoo%3D\"}]}\r\ncf-ray: a1c837f8fac2b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 40936\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40936,"size_decoded":42512,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"45b2f20688278de430f7646b516dd054","sha1":"cd07d5c230bb2987fc757e8bf416d1754b952bcf","sha256":"88eebc047b60dd09e72593729ffe45be3e8bd61862099005dbfb300d09a3e8e2","sha512":"00950ebe08d6ab76111fd0a60082ea28e1fc589e9d74fd11ebe35cebbb20937a102ecfb61461e4a08d236c7327e930227b85c70d33e1af1426c5a8f82b07b7f9","ssdeep":"768:07pvjQ49mSxRNcDZeVdQmcAgtdj8aJgrmfVgNEQN/w3ox0ei/u5AAB4q+TQ5iiUd:07pvjQEmAiFNVAM2aJgytgBY3oxtwuU5","tlshash":"7503f15771c12449c8f0e1f8b2f4cdcd78bb9e20978589a7cbda7681c8e7601996853d","first_seen":"2026-07-16T14:45:27.733106Z","last_seen":"2026-07-17T09:29:35.897846Z","times_seen":2,"resource_available":false,"data":null}},"time_used":305,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":279,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000109.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.635Z","timestamp":1784280529635,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000109.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4aca-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7uGm2uFOQs5KfU2Is5LqVCjjdC5FuEHZN340GI79f%2Fro7biOVhvSaPp9P2apz1JV40C5pphEQS6mjLJFjV23oAQofTTyjlOxJrvj%2FIN0BpqBieWu9BAaOy1CUTzV7LU%3D\"}]}\r\ncf-ray: a1c837fe3af5b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19146\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19146,"size_decoded":20720,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"90d84ff2f7067ce777aceda9389c07a0","sha1":"81f9c66d58e0a1724a3b3143c0d7dde923be15b7","sha256":"e4e8fb8887b029b13b802bc7847c97d5776f3420f5448a0c2d5f86bc4dc3c021","sha512":"2f24b20f4b96b61835b6224797d7079354083da7e8d399da234d5f8195300d12304d1d27c5626e7d7ab2357e5dd3e30b3d16ffc39193d8314550c47a6667999e","ssdeep":"384:uhe320Sg0cVFeO5x1mA09FPOYB7larSgVEwZ1TOh6w+UzoBNuh34:T320Sg0gFeO5fmv9FPOuQf++EoBNuh34","tlshash":"e482d0a286b3d9199f47076f1da778806f864f867a0c387ca960e69854c25fc2150bee","first_seen":"2026-07-17T09:29:35.898871Z","last_seen":"2026-07-17T09:29:35.898871Z","times_seen":1,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/10o6er6i0h171.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.841Z","timestamp":1784280524841,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/10o6er6i0h171.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"6085e-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3S7ppFtYpoyxrdFjapja8MJPs3er0R1ZBAAU2gt8Ne4TpCSTCGOAmFBbD6zmZDT5bOFdQpgyGYjBm%2Fhlrdlvu%2BPDDzs%2FRI%2F1m8eMjwZv9Ir%2BbCwmGAKj5kHRuhoFOsw%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837e049ccb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":395358,"size_decoded":107603,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"32b6f2b430946bb75aa4a9db1ae9ad84","sha1":"9eeeb4c66c7bf2aeb5ba3740deab2d9b25c61cc6","sha256":"fe6e338ed611792598d963ab647ecf240ebfefbc11476a81b68b8f3e5c069bf6","sha512":"51d59ae87275c912bb162a00fc882f5bee98efef55c41863382580d6c2ed8ecb827b832bbd96eb41d6dd039043d6b7b9a7b20412989a1450786ce1bcd9bf0666","ssdeep":"6144:SEjZoTo18wICSCoSQ6yMW8Ht1uB7jpUGr5Fhd2ZMuoXbnvZ9ajRKTKNHlNxmey5N:YgbCddXLuoXpTGNx0","tlshash":"80841a88f191f07543e361a0403f190bf23e6d19a45ea494f366d8e4bdb889e917bf39","first_seen":"2026-07-16T14:45:27.736526Z","last_seen":"2026-07-17T09:29:35.900088Z","times_seen":2,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000003.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.603Z","timestamp":1784280525603,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000003.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"fbc0-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7ETSEVUqBS6yJ%2Fsqw9drHk%2FpzaMjzsu6B%2Bl5F6bdM%2FdRMnhO%2BFDmQmTpX%2FbWBuDPuxPHzGbT1Mfk4I2bUIpXCHJG1c4ie%2BM0YRBAA68MxIKfmmZpbjT7Il8oVSBXVuk%3D\"}]}\r\ncf-ray: a1c837e509fbb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 64448\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64448,"size_decoded":66032,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6489c9742c9311ce9318082f22a536ba","sha1":"5a0b566bc61b37eff57f39c24c03c28222d82ab7","sha256":"9b865a4c923368e7a3142b570df109e54f67fc382eed0125a1c1f140560cd7db","sha512":"5c769b6c623a55d1b3d52867abb1dcd6acd29d7cb336e0557054078ed4b2e9c50f34276466b994dd5b3f7f6d71f27d8cf8cfb6816edac27acb11082e2cc84fc3","ssdeep":"1536:+eUHGmkmEqusDYpB3nqChV8oEYzXCfPtGQ5bst+T5m8A:zO4mEquZB3qCYo5zXc4gg8A","tlshash":"1b530223e976cf71c534969cd86f1c56600f02ce0f6411a0a67acc7859a378fb7b0b92","first_seen":"2026-07-16T14:45:27.633216Z","last_seen":"2026-07-17T09:29:35.901155Z","times_seen":2,"resource_available":false,"data":null}},"time_used":429,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":381,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000015.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.128Z","timestamp":1784280526128,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000015.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10afa-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2PdPOPaW%2F5aRpbvQVUlMhDohvo9evMJn29fTpJ36NvdiGOi8inXPRuV5SjBKMHkbVX%2FTZ8cRsYZqTAZtb8Rn9V%2B2ieMoeEpyS1dxNBywQA0YLTq%2FNjXKgDJpgJiSxhE%3D\"}]}\r\ncf-ray: a1c837e84a1cb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 68346\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68346,"size_decoded":69925,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b73426844b6eecc5cf2da8a0e6c92979","sha1":"ea8552b67e4d847917c370223966748f6a899d29","sha256":"05b2677489d3e0fe44c7aa8d362b5565c83ba84b364b1d6860edb00fd0b15788","sha512":"4d840161392abf3e38bb6e57dc8cd3b89904aeeee21ed504580624e488e8f176f290e8f1281bf8cb75a82dadb04123c9a5d0662c92c81d5ac780c95a5ead80e6","ssdeep":"1536:3VWSp6zI07seszbw4syetZUNDKe71oM5Se2pNIO3by:3YSpKI0DsA4UaZKGyneYN73m","tlshash":"3063f223c70358dab928973b5585046646b6e43196ebdc408f1a0b12ff52a9f37cdf4e","first_seen":"2026-07-16T14:45:27.682241Z","last_seen":"2026-07-17T09:29:35.902168Z","times_seen":2,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":233,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000050.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.648Z","timestamp":1784280527648,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000050.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"101a0-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kQ5CpNgpVx8H2lotDKYsOG3uKJC4tfuZW2wDpzAzbSvGvpoOOlU%2Bbq1TLXg1YD4U%2B8rej3VwKFbp81dwHiyLHBlwYzn97iIdd8hF68o3UQgaSVen%2FaNHWWSAjCqcdU4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1c837f1ca8ab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65952\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65952,"size_decoded":67529,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"938bfb707194c3aa5a2afcb8b9dd8417","sha1":"7da58b63d294fcd03e58fcedc918346ea48bbf12","sha256":"73d7d1218f256f91ec104f2a5af514e4998350e4dda7fc3a3efe150c00af8c21","sha512":"301a86c98f0e9fba170887a4b4e533b83eeaca5de4d763abcecd78b462d0fb62d1c5a92b9143ef1aee536fa7f7f9f6a981b1aee65b8b78d99353067c58fb5776","ssdeep":"1536:AjQ+HTRQH82H8nyrto56+ICEPrBGifCTvYgy:whHFQHJ82tATzOBGifCTwgy","tlshash":"135312bf5e4fa3c24033a179d352e1581e8d3f964bc0b7ae5cf2e25e41215a425cc6e6","first_seen":"2026-07-16T14:45:27.721157Z","last_seen":"2026-07-17T09:29:35.903172Z","times_seen":2,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/01_1.webp?w=320\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:50.128Z","timestamp":1784280530128,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/01_1.webp?w=320\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"0cb00374a367475a65d6970587c08836\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 06b24e75-b2da-405a-ac82-946e27d23a24\r\nexpires: Thu, 23 Jul 2026 14:44:44 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67445\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JdLN7SKWb9%2FObpb5mOpjXnYYr2ET2KPYuwfmERT%2Bq%2FqPhaKDfy%2F%2F937HwqWQ9J3t1P%2FdAV8U7jiupRbsjqXkgzsIKq87vODL%2BPjrtBsA%2F6ZhAnaz8RWWOqKs6aK2aIIlyvI%3D\"}]}\r\ncf-ray: a1c838014b20b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 48396\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48396,"size_decoded":49723,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0cb00374a367475a65d6970587c08836","sha1":"07ce244d22fb50dd7f496eca81e74cb2b10a280b","sha256":"a31f1f83cc7e4c39e8a44e4775c06c5c8b7176c8ada8c13c47b0f61bcc473f8f","sha512":"05ab1d7ef139a42555baa7e3663b06d5d27cfa5b5f4f995aac8d2c5abca03cfa83ec05e2da2b5446e3e51dfee474e0d645d9d3f05d7c41085f5cd37ccbed2ef4","ssdeep":"768:VpmcqCXpj3PeLNU8a4lJNSvIT2Ir6nRyMuK861GFTAh1rB6zsrMH9Fr:Hm1A3PeL4sJB2u6nRyCZAy0zfr","tlshash":"f123f18c3cfbb7aa3db40ce5c095e5cd48767a23138959158c7a9c1c57920e1ee84eb5","first_seen":"2026-07-16T14:45:27.681236Z","last_seen":"2026-07-17T09:29:35.707834Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/08_1.webp","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.821Z","timestamp":1784280524821,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/08_1.webp HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"f51d685c06a0c79fe3b3d9f9fe6ca657\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 3470af04-7428-456f-a2b0-37a17a74b133\r\nexpires: Fri, 17 Jul 2026 14:09:28 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 587956\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dPDJs6CUoVQ8E7liLSaxiXC7AmFD8%2BZWpcwW5r7ww5pAJ7i%2BTGQBDieeczp4PGOsDs9L372oqwpXPa7eXNq%2FWW9WU6bYX7G3X2ILNEMf9oZZx4MdkpAM7cFJWe5R5blj%2BP4%3D\"}]}\r\ncf-ray: a1c837e029c3b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 52328\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52328,"size_decoded":53648,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f51d685c06a0c79fe3b3d9f9fe6ca657","sha1":"25767f7b189a43fd031a2381876b3260e166f1a5","sha256":"181a779b36d36df974ec59b948fe0d4dd8a25d67a34b73c76b2f66372ccf9c85","sha512":"a3aabd760f90636d2e54a64b0a65e5f24233972d8aaf9c1ca4492787d02cec0562ea5f9a203dc4e6e06946691b591650a8e1c69bc3747d04859326135c6d749d","ssdeep":"1536:LBf/MOUB9caP/d2Tmbg6LhHEb8BtTzwFKn8Xn0JpjPq:x/MOUBn1RbgWFEUXwsywq","tlshash":"9e3302211749633aa1b56efd7ec36b171c33644277ae13b290a0cd2bd7d8481f83ea59","first_seen":"2026-07-16T14:45:27.655844Z","last_seen":"2026-07-17T09:29:35.739768Z","times_seen":2,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/video/01_1.mp4","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.925Z","timestamp":1784280524925,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/video/01_1.mp4 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: video/mp4\r\nserver-timing: cfExtPri\r\netag: \"25bb808c5d2ddd72d37fb800236455c4\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:23 GMT\r\nx-amz-meta-content-type: video/mp4\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: dd38e40e-2ea6-4f8f-9476-081bff0d3ecc\r\nexpires: Thu, 23 Jul 2026 14:27:51 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nage: 68453\r\ncontent-range: bytes 0-999792/999793\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bXR%2BJjAFyim41c8U3orMFAve0eJMmm9INb9vmSJQKqS7fx35CFTTb3nlYtZXQ%2FJIOiF1ffd983Cg%2FQLWqATLdasNj9Y3hi0GysmqrXmjfoeN%2FOF5%2FRxRyXyzn%2FQ%2F%2Fa5CvcQ%3D\"}]}\r\ncf-ray: a1c837e0c9dab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 999793\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":999793,"size_decoded":1001138,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"25bb808c5d2ddd72d37fb800236455c4","sha1":"8c3c694662a71cf968b8ab4d3c5e6b53a750a46a","sha256":"03785d179155b3abc96152fde3291e938a68daba6a4d53c843f433e2501ad58b","sha512":"5cfb32eec00e99fefaa6d467ce8dbf8054d33804e5546f347b4b125b7856ea44487279d0013694822b9a971f0873df0db720c18fe997dd9bb7e131eda4ce3664","ssdeep":"24576:mEFvRGxaNzGZlU3ELZB04HAm/OiP/WX+9VDxPl:BFRa7fMENB04HASOiGXcZxPl","tlshash":"d025336ca385b89afd1c057ea8fc8321818e643290cc8d57d75f8b9d6d8387d4d06abd","first_seen":"2026-07-16T14:45:27.746411Z","last_seen":"2026-07-17T09:29:35.904188Z","times_seen":2,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/05_1.webp?w=320\u0026h=192","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.665Z","timestamp":1784280525665,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/05_1.webp?w=320\u0026h=192 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"6dea2c3024d92d46c4b800ba250f4655\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 6269e3be-732d-4cec-8e3b-4919f86eae89\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6O8PDOFp40x3EHXEzG4vsIyK0ycxOSh8fUegmHTW9RQV4Y%2BlMwW9ySJMwbL2zBEFihZ9hoeQYUdLKP1NNHsn0ZldROylVUnphlA%2FUfHrVn8%2BH1t5ZjQ99QYTFGzG2t3LnUc%3D\"}]}\r\ncf-ray: a1c837e56a0bb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 64222\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64222,"size_decoded":65539,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6dea2c3024d92d46c4b800ba250f4655","sha1":"d442c5d36be683637d90b20653c17d43c2f5de0c","sha256":"3c01660962b0a2d8d307aeada9c74d7d6dc53ef03af6d01d98190c2db1c5dbff","sha512":"53913360b84bed701edaf1529d4afdfca660799696abd103211cd66b3ae13f9070f81e545a4c2d9697889f0fb2cf1de8221f25a9494e0c9cb412901bf2a82974","ssdeep":"1536:5Nkn7y3Ay/r3dr8+Rw+sibgxc3mwaOBPWL20QQqbCG:Lk7y3j/DOyw+XbdWw/W60ZO","tlshash":"6653025daa82fb17148e7d6e4cc52e127422b2331950a73a8bedd1ed60282dbd0c15ff","first_seen":"2026-07-16T14:45:27.61026Z","last_seen":"2026-07-17T09:29:35.801857Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000097.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.107Z","timestamp":1784280529107,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000097.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"50ec-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6FxWB8jWRPA9J5ENrbtx5X%2BQaSbx6R1IuU7r1U6rmgUHl4dwbCs%2FgFX7qHjiSXAAeBfFWX1ab9dC9OYpEoTrO0QPAOlwkYCCnJlvK9kMTxvr5XynvT1%2F1hKNROzoxoE%3D\"}]}\r\ncf-ray: a1c837faeadcb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20716\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20716,"size_decoded":22292,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"621735035eada7c7d3e46fe8fc6496d6","sha1":"8e497ff9938689d90b45c16a9359be59d294d595","sha256":"02a6da5d72b9aca3a6c1476bd45b47167308cf82971bd82a2615454b0cac426f","sha512":"896729c93449f1ea058cda5d49b67f4c768eddac0f7304b24622e115a9f93374117539d7ae5d71a373ad87d5fec73c02858f2990b22de1e4db9d62e661ac3058","ssdeep":"384:mnDXP1sRfhLVBBzL4CK5hfynlQDPLFxhHKsKF3/8zK1jP6X5W5u9sP:mDXohxL4Cafy0TH8HPeFKP","tlshash":"bf92e1f0ff5c6ad023cf92e640d95bd99488819b36fb1e112c78d5c84c984f5982069e","first_seen":"2026-07-16T14:45:27.704453Z","last_seen":"2026-07-17T09:29:35.905212Z","times_seen":2,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":186,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/11ad056068qw4.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.481Z","timestamp":1784280524481,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/11ad056068qw4.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"4a3d-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67448\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BQDQArMMuSYh9Al4g5zh25BsqsDaKgx%2FkXIkBSyUudNHPcXfew52xq1CO3oXvmhL7rJKsdE8a683eRAoP1ap40%2FOigvt0gthAecCF3WRvNx4EWj6GVlKS6sH0btojmE%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837de09aab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19005,"size_decoded":8374,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19005), with no line terminators","md5":"1ff1ce9b40caf4d7e425fdb0717c24e2","sha1":"10ff32d92f9acc125eabb11ab31a7a37140f17bb","sha256":"b15031fc3479b4b8e95adb04f375e73d7572a93bd67912b4955131a4f046ab0b","sha512":"5789f7f45ff4a4f10cd8ff33285c7bc099578512494e0a2a8ffbbce1d621f4a6b35abf0157ab0b51aa392dca30475212a199cce6fd41aa89e1461d170d17dd71","ssdeep":"384:7zqh3mGN9oAoZMgJ1z1xB5rcOQSyBxX33JFhY8uoEe:7Wh3mkCMi15xLQOQvXHfhY8uI","tlshash":"298208e6b1c2b9f9d36a8081403f911eb72a1a74244f1460f7b99cf92664a45d1f3fc6","first_seen":"2026-07-16T14:45:27.744017Z","last_seen":"2026-07-17T09:29:35.906268Z","times_seen":2,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000119.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.886Z","timestamp":1784280529886,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000119.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"50f0-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TTmWQxrWVxIcxAX6303W1mu828S85zQS0SDZ9A%2BwQFNDyzHSN8q8YsiSLEyw8F4ltcGfi6QUYgia83YKjWiS%2B%2F%2BYiwNK7JKU3SZdmg%2BefLtrKeVwTHUjbKU0NcWnsCM%3D\"}]}\r\ncf-ray: a1c837ffcb0bb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20720\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20720,"size_decoded":22300,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"546d8400776dd25cc279701d4f746804","sha1":"62f3251519e3063237f8b127e6da318ccf311342","sha256":"a4afedbb9db4ac52fba8b7535cc5ee26250ba8ed295cf25cee334198c27f71a3","sha512":"09b7b15f8058d9d4f0b3f52a18c47ae2dde198ca279adf1aa7ae58f54cb9f90ce2cb0cee1c40dc1d40ea976c639494fd1047ddfb74d8c32585444a8bf4d906b7","ssdeep":"384:lpOYCAtdruOBW0gVYPJ+9V70VLubCZl5Tu1PZth57bHN/Fr/jacja/I2:lpOYCAthuOBW0XJ+D70V6mZlc1PZr57e","tlshash":"f992e08a9853bed4dfc24d3300aabe5a84e87c6068378768d1ba1551cf1456bc0b5bbb","first_seen":"2026-07-17T09:29:35.907246Z","last_seen":"2026-07-17T09:29:35.907246Z","times_seen":1,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":264,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/video/06_1.mp4","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:29:05.489Z","timestamp":1784280545489,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/video/06_1.mp4 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:29:05 GMT\r\ncontent-type: video/mp4\r\nserver-timing: cfExtPri\r\netag: \"8b5042516196f80f900a3163a325f5ec\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:23 GMT\r\nx-amz-meta-content-type: video/mp4\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 139552cd-7ff1-43a2-8af2-b392fac5b613\r\nexpires: Thu, 23 Jul 2026 14:28:04 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nage: 68460\r\ncontent-range: bytes 0-1035326/1035327\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zScfMZUWsTWhSg0%2F7ZeAkD9YTgAPUv4D5NkCu0xGISo3jgY7iQgAnC7pfNhTOUNRcnAgtYm7PArWwf%2BATuarhh1UorhFaxHJOQe7NOGhtSE1hQ0hHS3IUu4BtuPDZ04YzNk%3D\"}]}\r\ncf-ray: a1c838614844b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 1035327\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1035327,"size_decoded":1036663,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"8b5042516196f80f900a3163a325f5ec","sha1":"03131de6f1dd5587bfac6aea432d4bec969697e5","sha256":"0d87cac2f6b8b17e3fa51022ab0bbe17829dce0bf3dd3b2c582d67b9205743df","sha512":"cc1c8f57ae81eae1619dd3b5c89f7b279339127ce283d611f3918017d9a0478020449c78dff16cf75fb16714f54c779cf7eeaab4c36e4d59187f78ad04d4439d","ssdeep":"12288:ijUdLs4N9yWEzAuosBBlwPthlPV75xqXYZnLf3PEO+U9rM0P1EkRFUzv812Fbc:mUxsURAos7elpOXmnTPj+U9rykRPIbc","tlshash":"0e2533630f411643eb54957acf53614d705ac313fa2bd3eaaac42d7be183b082e9e1e5","first_seen":"2026-07-17T09:29:35.909085Z","last_seen":"2026-07-17T09:29:35.909085Z","times_seen":1,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/video.mp4","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.794Z","timestamp":1784280524794,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /video.mp4 HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: video/mp4\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\norigin-agent-cluster: ?1\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"62b5af-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\ncontent-range: bytes 0-6469038/6469039\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s7RDkkcPviQ38b1Hfe1Ku3hj%2B%2BzouE5a70BjyFj8ROKD%2FMlkIPyZzwVeDEWUYlvysec4yQThWL7jE9lZvneRt%2BucAz8DOKGDT0T%2FNuc3Bk4ErKbBQ02vsg7tmQ%2B5K40%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1c837dff9bbb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 6469039\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6469039,"size_decoded":6470645,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"507d95df6cac443f5554dd33e29e34e0","sha1":"6e4aa4f58c733dceba8c568670bc587e66c20b13","sha256":"6d05c9546192ed10845102fce05bfba8ae6a7182eab96bfa7d5e29430102374c","sha512":"8fa5df80d55db89c73a37d5ff5deccd564171e6848cda3d9ea0a3ebd2b7ee460025ecde4b438803dc44771d3e638b2128a4367184be81f24a666500f68a592bc","ssdeep":"24576:ei+uuqlrp31uaXxxsWOtP+hpGdxvbkCj14jIhYWwCk7qZ:e9ullrtRX7sdGhp+hbkbIKWt3Z","tlshash":"6b25235ad7d21e86cc1a553184c9077633b2c5a8739b03cf2a8876f9dd8a3bc5d2e1d8","first_seen":"2026-07-16T14:45:27.654809Z","last_seen":"2026-07-17T09:29:35.851697Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1539,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":292,"receive":1247,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/05_1.webp","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.817Z","timestamp":1784280524817,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/05_1.webp HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"6dea2c3024d92d46c4b800ba250f4655\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 06f31656-e02f-4535-ab0a-9aba20f6c67a\r\nexpires: Thu, 23 Jul 2026 08:03:59 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 91485\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dC7RIHCBFTdTmHu5qwqZ6H21t2NXURppeKUN6pEOMmNUEXyZepK0Sg5CehPEEr%2B8FFtsb%2BkYml7GR5nz1yguKRJCMWCS36n5zHzJVU%2F4VZOkq9UlU0O4FW0dIly7pFwxXgU%3D\"}]}\r\ncf-ray: a1c837e019c0b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 64222\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64222,"size_decoded":65539,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6dea2c3024d92d46c4b800ba250f4655","sha1":"d442c5d36be683637d90b20653c17d43c2f5de0c","sha256":"3c01660962b0a2d8d307aeada9c74d7d6dc53ef03af6d01d98190c2db1c5dbff","sha512":"53913360b84bed701edaf1529d4afdfca660799696abd103211cd66b3ae13f9070f81e545a4c2d9697889f0fb2cf1de8221f25a9494e0c9cb412901bf2a82974","ssdeep":"1536:5Nkn7y3Ay/r3dr8+Rw+sibgxc3mwaOBPWL20QQqbCG:Lk7y3j/DOyw+XbdWw/W60ZO","tlshash":"6653025daa82fb17148e7d6e4cc52e127422b2331950a73a8bedd1ed60282dbd0c15ff","first_seen":"2026-07-16T14:45:27.61026Z","last_seen":"2026-07-17T09:29:35.801857Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000048.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.643Z","timestamp":1784280527643,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000048.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"108b6-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MrWKIGlxZxnqoPOjg5jJ0xcWKHlFQgjKZ5b%2BkUwPBQiIVge2TISjW%2BUx3IF6Wd3rfUNNC4nXkDKVcilO2%2Bg9EqVUBb5d%2FR8cGWCSj8Kc1u3Mvu0czzF3RBwLMCLjxgQ%3D\"}]}\r\ncf-ray: a1c837f1ca84b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 67766\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67766,"size_decoded":69345,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4eb83036f5e8b6f75e2adf960f033e72","sha1":"3ffa53090ace094f3afbf95bbc7709e5d5b3a464","sha256":"d0909e00ae93884f6825f3d4c52302be57d948d29d0df618e74568e1d94bcf88","sha512":"4b18edab041bcb49eb6ee6a7b8dd0cf51d15ea4b0c8ddd98741eecdbeb12e2e7ad4de6788c7a2836e8a1ca8626739305573330ab5dca709844dce799d5a93f90","ssdeep":"1536:ipyeSUXLCc5zPP+0okKKFp2jaUf2y7W/Nuv:F9Wec5L+7cUr7eNuv","tlshash":"5563f2e125c68c6df88bad0c3bef3a157b4e2244cd1574f14995278e039ab46e05b639","first_seen":"2026-07-16T14:45:27.619374Z","last_seen":"2026-07-17T09:29:35.910293Z","times_seen":2,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000121.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.895Z","timestamp":1784280529895,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000121.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"509e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g%2FUT8DxTkaoc5M9ohQKDvnz%2FXH0HxSO4UG748cTVwotGckWQnAB%2BskYZxbnfqARMkEZYEW3EnwodD0AsQSn9f033Q6nybJugmUaZbuolVAdJu5i31s8olbw9cL4buAg%3D\"}]}\r\ncf-ray: a1c837ffdb0eb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20638\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20638,"size_decoded":22214,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"213ef67e21d18c4db34fcad837b72d4a","sha1":"7f74c69f6d8225c8f02de777485bc240b45a791b","sha256":"6362bab7d1f0b53d489c63e375843e6a1bddca9caac8e8a21d5355403a1577fd","sha512":"fc9e7e64ff4aff168e192b4ec126e336f157b946d70bc71c9e8a6cf53c8647799ad787423e56947a5ed4f76145d37d596f8891d8deb3d6f2f919b5897809af8f","ssdeep":"384:P/a7tFJAl24KPzml8iDiq/GF/KgiAxlcjoRHLJbwOrT:67tDu24KPzfiDAFigiAxOQT","tlshash":"d192e1bcad6b99482ba16c39843f47263ff4fff9e261e702d6958e8480131c57491627","first_seen":"2026-07-17T09:29:35.911496Z","last_seen":"2026-07-17T09:29:35.911496Z","times_seen":1,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/video/07_1.mp4","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:29:10.437Z","timestamp":1784280550437,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/video/07_1.mp4 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:29:10 GMT\r\ncontent-type: video/mp4\r\nserver-timing: cfExtPri\r\netag: \"6565cfa2c0d3d6e2f936d7eb8c961291\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:23 GMT\r\nx-amz-meta-content-type: video/mp4\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: eab710e7-5d6c-4311-8308-f99f03d462af\r\nexpires: Tue, 21 Jul 2026 09:14:47 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nage: 260063\r\ncontent-range: bytes 0-990681/990682\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fx9JgS9Wt5GALDi3ddKiXQNJXubHz9ouKbB2NIdpRMqW9FQCbdmLjUisFdcuv96R%2BZB7%2Bo3%2FX4IY2DuwXlULhG9j1s8dyhCOcjiQbx4CD4VMr0YPRlB%2FADMbuLvgyiPFMvw%3D\"}]}\r\ncf-ray: a1c838803a53b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 990682\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":990682,"size_decoded":992020,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"6565cfa2c0d3d6e2f936d7eb8c961291","sha1":"e9a614f3a2d52ce39b2fa22f69939ae40adc6cea","sha256":"26e180225ee6608f16ed776946ba9e3d4fceff8d3bd5aa741ca0fbab69411f4c","sha512":"cf98b64bd63836f797e80fdcaf8836d2c5f65f5937e56d02f1e338f68c6e926893fec3f37e2de1544b581b7e00d47f7afbffb8498fcb77b8ae57b8c007f1b975","ssdeep":"24576:oDHSj97J+TostCik63sw8MGThqSWeegTWTbPx0wJ1ycthCk:oDSj9lqBEzssn5hqj8qPGwHVXCk","tlshash":"fd2533203255dfbafe30e67fa6903300b37af1605dad174b11a21864ee9bd67bd08197","first_seen":"2026-07-17T09:29:35.91281Z","last_seen":"2026-07-17T09:29:35.91281Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/03_1.webp?w=320\u0026h=192","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.662Z","timestamp":1784280525662,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/03_1.webp?w=320\u0026h=192 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"e73dd63ff2a69d3cf2d4dc6c805c2ef4\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: d4b3bb66-ae5c-41e4-9813-62bd37678123\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rxqFCb8KVazosJniVaHgdkJuEJQKWLwGehIEDNeR65R%2BWHxR0IHUSFz1YW48feuwKcHx8qGHNtbTTNt%2BJf5tm6QrTX28CdHV2vU68MYtarmXLpcEDfIWPOVDE3R6EUZrVgU%3D\"}]}\r\ncf-ray: a1c837e56a09b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 81174\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81174,"size_decoded":82489,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e73dd63ff2a69d3cf2d4dc6c805c2ef4","sha1":"9f4cffc880ca4d205e3c55ac454d2551b30229f9","sha256":"d6f0e2d7c033c6d0d308ff3966452996cdbe1ff2a3e8e385aa8660a2ef61c4c8","sha512":"d475292f4b482c985971847d42f79f0bf46a10ca892796db5d212834269136737753cb9890015ada34fd20194975a67d593941f5c24e896cc99e1154d02f0670","ssdeep":"1536:1uZHO1FWaYJadGOCf2JwQ4kpVr02y37r24qfk1lfG6DX3FaQRa:1kua9a4r0wQ4krr02ffIlfTFJa","tlshash":"868302f0f0dcdf3293dd298a95443348ef9942ea444d9e55d94283e5bf02cd7aaa70a8","first_seen":"2026-07-16T14:45:27.618422Z","last_seen":"2026-07-17T09:29:35.779195Z","times_seen":2,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000069.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.361Z","timestamp":1784280528361,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000069.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"bc34-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NfHHgY66SwjJf2kXd3vgI3MJetV9tA5wGWsaKXhCaC4j3vKyCAhtSMVIHd7soAXNBtup%2B1yGNF5GtckPjrOjeCyjOu0y1QHMSsbLufUnArF6cePiVeljmw4lCGh6ALc%3D\"}]}\r\ncf-ray: a1c837f64aa7b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 48180\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":48180,"size_decoded":49752,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e9ebe3efd49a05d6f2c66c86e07739a4","sha1":"52978e5792acd090581b06bf30a87a98c276c9d7","sha256":"d94f251bffb2570ccd63a8a352a307cad90a7d3cba6c28c9ab0692335a467dbf","sha512":"dae396d06e223e6957067dc7f0dce713626410e1bcb1281b35ef688f508dbfbfb0c2e7ffc2448267ce56d64e6e72d1d527b81818f51f9e5072ef81c5fcc6f796","ssdeep":"768:oXeAXryMnYRxYhYPqFxWEDOXjYME5reftR9mG6rb1ewHctIpQpl/Gk/YKuNZYo7u:ouAXry9RCf+i5r6RD6rb1ewHyIpql/Xl","tlshash":"8823f2a68f7ee551c6216672c860e2e4477e8fd90ab0bddd1fb082a59f257c2c4c61c0","first_seen":"2026-07-16T14:45:27.694982Z","last_seen":"2026-07-17T09:29:35.913895Z","times_seen":2,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000101.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.412Z","timestamp":1784280529412,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000101.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4c14-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MOfd%2FZgOqrHYeOJk5mqoGFYwahvn3DetU7F0JfSLRh8DgbEwdUGozTaM9fnDRrA3IPz1vvNCn%2BSzqLZvnyA4eIw3tKOj5GJeCi4KKDocz7QyReWLdr8vNOEIznh%2Ft6o%3D\"}]}\r\ncf-ray: a1c837fcdaeab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 19476\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19476,"size_decoded":21052,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"831514450e08d2519c4bc26ed1ac32f3","sha1":"c32aec4c18825a3c63da650e0b3926851ce3e4c1","sha256":"029c075383e302876b65c62f0179eb1811de45818784ca649a1738c853d38f66","sha512":"d1e7613493ece2359df7c81f749c3cb6dcf116ad0cc0ac05032320e0f7ce40315960b8658f8e1ed64fd58e5cdcba00ee08c704c408ac3707b55ab39b49179430","ssdeep":"384:lRgvdzLkKTA7kH4IZAH1+LFsPHpmpSeluHg8qP7yj2N8ryu2d:LgvhIkYIiVVpmkeluHg8qjyxryu2d","tlshash":"1892cfebbb7a8700ba49d094c97001c5ae7ba8395db36c905987a95cb9e247c3289b41","first_seen":"2026-07-16T14:45:27.701489Z","last_seen":"2026-07-17T09:29:35.915012Z","times_seen":2,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000124.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.900Z","timestamp":1784280529900,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000124.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"509e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KzBBV%2BOhRQadFR4tJ5%2FtR6qPR95jQ2Ujv4PYqOaFrNvsboorxksbuRdBlUplm9%2FXLgeRigWR%2FI95mth510yuajB%2FnCArny3DAOwsdr2AeWDs7bZIo3WzDF0%2F6ylSTwI%3D\"}]}\r\ncf-ray: a1c837ffeb11b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20638\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20638,"size_decoded":22220,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"206b50951a2294fd8203714885cfaab1","sha1":"e3dd6fbc065ffe1e94494f0a08133490274bcba2","sha256":"bc5a4b48b2e277343e0ee81a80fdd80e3ea374eeacf8d5c492c0de7aa8c3a7a6","sha512":"621d646be832a611bd1341274dd7bd30b45c2cbabaf5f421fa54dc7f0681d19f6eeb4ca1bd62668c51c598ab6b2da670337a7ee510ed6f558f4444050b77a964","ssdeep":"384:mMvVAfHlYha+ExCU/OqVrbHVUuOEkE0Z51MQoAoNxtzcB:Il0AxCU/vVnOrE0Z56NOB","tlshash":"f492d127e06fe16134c645121ed345df090bfd66caa2dfb3b89a7195cded1c497041a1","first_seen":"2026-07-17T09:29:35.916123Z","last_seen":"2026-07-17T09:29:35.916123Z","times_seen":1,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/07_1.webp?w=256\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.917Z","timestamp":1784280524917,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/07_1.webp?w=256\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"d321cd1d708dd84823cd9a34783bbf6a\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: d94cb199-e94f-40c5-8344-8c71fd504aec\r\nexpires: Thu, 23 Jul 2026 14:44:37 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A5qFmGdsOymhSWZG9ImUnJz5npGPd5zL01iXYvmkLf7bIzbJ668Te9IO6p9ZGgzMScEQ1EZedM4ck2Fn%2F6Jtnl%2FShOZPsF9tJ4eh1i%2BmYQ48Tu5vka6q1wFCqGB9S5uAilQ%3D\"}]}\r\ncf-ray: a1c837e0b9d6b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 54788\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":54788,"size_decoded":56105,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d321cd1d708dd84823cd9a34783bbf6a","sha1":"d97d0bd410fe3031ff30cc1cf8f7f596141234af","sha256":"3a8b31e00d7c8a9ac6b677ee563945801df523dcb9c1a30073c94c896d6d726c","sha512":"8bb1a9d8e0a112de72e0dd7241bd969e33187e74fa39c913c7aed49a5e79a6f610ab0c99f76b3c55858eb85ed8e1550a01759bb98b248edb590134d0bed0b7e6","ssdeep":"1536:jLGQfyeDiNK2JvBgtqRoHvtFL8cai61/v/4:/OuadjgCcWn/4","tlshash":"2933029fca712f419c42b36e9cefce9e39b75e1e7e65d1c42d56c6804e462c6a2600c3","first_seen":"2026-07-16T14:45:27.63419Z","last_seen":"2026-07-17T09:29:35.843203Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/07_1.webp?w=320\u0026h=192","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.667Z","timestamp":1784280525667,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/07_1.webp?w=320\u0026h=192 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"d321cd1d708dd84823cd9a34783bbf6a\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 92d0b9a9-c0a0-4692-8045-3c0349a4cc79\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C%2FLRRcbIMXaW27w9gqfeKBbPhbcdMLnME8szKK5Wid%2BzF6ZO%2BxgaDIG9qfcHN8u1DX6zxXG8Llv%2Fj0sj%2FYWSq8cFMS7Bp3u2sdm%2FLoleUlIeP%2BbO7YoGG7JPQgZ1s4KRdt4%3D\"}]}\r\ncf-ray: a1c837e56a0db51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 54788\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54788,"size_decoded":56113,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d321cd1d708dd84823cd9a34783bbf6a","sha1":"d97d0bd410fe3031ff30cc1cf8f7f596141234af","sha256":"3a8b31e00d7c8a9ac6b677ee563945801df523dcb9c1a30073c94c896d6d726c","sha512":"8bb1a9d8e0a112de72e0dd7241bd969e33187e74fa39c913c7aed49a5e79a6f610ab0c99f76b3c55858eb85ed8e1550a01759bb98b248edb590134d0bed0b7e6","ssdeep":"1536:jLGQfyeDiNK2JvBgtqRoHvtFL8cai61/v/4:/OuadjgCcWn/4","tlshash":"2933029fca712f419c42b36e9cefce9e39b75e1e7e65d1c42d56c6804e462c6a2600c3","first_seen":"2026-07-16T14:45:27.63419Z","last_seen":"2026-07-17T09:29:35.843203Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000075.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.440Z","timestamp":1784280528440,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000075.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a6fc-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5TtU2fjB%2BuJKl8kXksX3H%2FLMyOagEnJ39SLJEDtLPsmKRt5i2ypZnNqfaCSe3OwPok5QCNMUbSE3erhY8FpTJMTO0cix%2F2hVJacZoJl0Yf9i6QLYfF8wIaZsFE4rquU%3D\"}]}\r\ncf-ray: a1c837f6bab0b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 42748\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42748,"size_decoded":44324,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9d9d9dacefc2b773a6c0e69a696bc8ae","sha1":"6b0f11ba1e5643919ad0dc00bbf1d784e471b95c","sha256":"0aa55119c9e82dfa8eff7534ccd941b633e975886ba36e28e9af3216a49aa595","sha512":"59b7d8e6535f735c001bc09d93ff18d5ade56bac36e8c864d1d343982d2167ef330eab9960cb5e97dcd811d71296920ebdca71e9ee546f64f7fc1111fac8a59a","ssdeep":"768:eVXxR9z1n+3j0MZ+8dxwnpSaZZZqRStw7NrBU41zXzqdD:eVBRvnUZ+8dsSoZ8gtMrVhXzu","tlshash":"4513f24f01ae2181fd8828fb85c3644649b42db662e7af5fd4395c4ffef71112c2a662","first_seen":"2026-07-16T14:45:27.753359Z","last_seen":"2026-07-17T09:29:35.917273Z","times_seen":2,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":181,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000079.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.562Z","timestamp":1784280528562,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000079.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"9e90-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1bWpnYPcJfs5no7L84H%2FKAu476HL5VOjBEsrxcUZbbbtI7Tilrh4rqmJIihBMwgnNelr86mj3FabGTvfX37sAw7VKVeGoL7qh%2B9DGDRjetdwn7IYq6I%2BOUcUgClyJdw%3D\"}]}\r\ncf-ray: a1c837f78ab6b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 40592\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40592,"size_decoded":42168,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d4db1e6e90bed28667b94d495b43561a","sha1":"ff7ba82881662c1f35ea8b2d82e49646ee971ae1","sha256":"06611b946f02f881c5b2106f57c3b03aa61f8d417611667a25931630157a16b5","sha512":"552d326407190ae4a3c300b5ae17a1c016d86208f2b4d7f7a4c8a3a09170d367fcc6e1af6b4d92857b93c094792885dfcb5743182ec2abf51d63f67dd3af0c85","ssdeep":"768:YyYlGgiLri2DuvHKIORoI0CTuU8VZ2GstFXQS2gAQxgRfyEFvl:2iPgHxYRq2GstFg+KR6EBl","tlshash":"1c03f13f25a1ab06e053b01d03b9e51cfb7edcb51489cbd7899191604aa3c6b8c7fe09","first_seen":"2026-07-16T14:45:27.722276Z","last_seen":"2026-07-17T09:29:35.918353Z","times_seen":2,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000134.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:50.257Z","timestamp":1784280530257,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /sequence/frame_000134.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-19T00:20:37.747196Z","times_seen":17351892,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/01_1.webp?w=320\u0026h=192","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.657Z","timestamp":1784280525657,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/01_1.webp?w=320\u0026h=192 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"0cb00374a367475a65d6970587c08836\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 83e0c7f0-e1ac-4c2a-a26b-7a0057e6fff2\r\nexpires: Thu, 23 Jul 2026 14:44:38 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NF4QLueEka6KVxt%2B3FsBYPDIFTjDhV7OiI8HyXouaRPzdN8kUmHw%2FhlEuOkgkcalgxJypAsNHQEFE0%2BJdgcdQIU9%2FgcU5aTcxjmCdu%2BrMJId0owmuHIV0s3n9VgkgHhekrY%3D\"}]}\r\ncf-ray: a1c837e55a06b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 48396\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48396,"size_decoded":49717,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0cb00374a367475a65d6970587c08836","sha1":"07ce244d22fb50dd7f496eca81e74cb2b10a280b","sha256":"a31f1f83cc7e4c39e8a44e4775c06c5c8b7176c8ada8c13c47b0f61bcc473f8f","sha512":"05ab1d7ef139a42555baa7e3663b06d5d27cfa5b5f4f995aac8d2c5abca03cfa83ec05e2da2b5446e3e51dfee474e0d645d9d3f05d7c41085f5cd37ccbed2ef4","ssdeep":"768:VpmcqCXpj3PeLNU8a4lJNSvIT2Ir6nRyMuK861GFTAh1rB6zsrMH9Fr:Hm1A3PeL4sJB2u6nRyCZAy0zfr","tlshash":"f123f18c3cfbb7aa3db40ce5c095e5cd48767a23138959158c7a9c1c57920e1ee84eb5","first_seen":"2026-07-16T14:45:27.681236Z","last_seen":"2026-07-17T09:29:35.707834Z","times_seen":2,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000062.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.005Z","timestamp":1784280528005,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000062.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"b648-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GpQ135ah0w1RTs6infwAewbI%2Bm0CYAUM6mH3X%2BrcSTp8hZqt5hAgMS1vCHAjEhJ9qdMAhqBtjT0kL%2Be4BV2RiApIi%2Bg4tX9YYTK%2Beeq7HsPJa2AcxoDEW73%2F4ArMZP0%3D\"}]}\r\ncf-ray: a1c837f40a99b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 46664\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46664,"size_decoded":48246,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f2897efe9464659c8571460c7e6695fc","sha1":"3abe679b012f9f7f5a244b6d2a90b75ba52dbe51","sha256":"fdaea75f973b484ee0f687c3dab55f6a3a6dcb47439dcf228ed452803c1a4ad0","sha512":"038b9312bfdafc9d4dc03e01a747c901279ca8ffaff08167aade916288e49e8ca9ed22966b07f521bb9015fadf12afb6ee8608ac4fd0965d4ae898a3b9d86847","ssdeep":"768:QhbZCMXvCHnAhMhvCK41jn5is/KLzB2SnshKPxPDuMq+xIiMpXyVyfelNZ/Dqlgm:abDXvCH3vC3bAsCESnFxPipSRKyVyfOs","tlshash":"7323027de39ce0214cef1e268a1ef316c64e06a4f6a3789e25c72a4db45545808dfa3c","first_seen":"2026-07-16T14:45:27.685406Z","last_seen":"2026-07-17T09:29:35.919426Z","times_seen":2,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":238,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000071.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.364Z","timestamp":1784280528364,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000071.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"aa42-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hloEwzI%2FyjMjAPxQyD%2B52HdpYHAkNVuj1BFMAR6bE%2BdDECIRKWlbwDjEY4wDEIaBe4sqXKgqovqT0%2FyoHA2PUFcdRakaY75QRbHWiw%2BFAq4TL4p7qT61oXHs2Ufnsms%3D\"}]}\r\ncf-ray: a1c837f64aa9b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 43586\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43586,"size_decoded":45166,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"94f75ab7d334f7a48180cf9215120b52","sha1":"cd3c5f35df2f0e5633748df847f25aa7c3907eaa","sha256":"1284a05384e87a0cf1cbcdc3b248e866b50cd793ea93c8e66c3dee07f7aa40ba","sha512":"9f2597f98217bf0662a5139dd915215836f553cc2daf50c68210508aa329db29bb5c22e2a4e8a70e5e806cfaa7087cb17bd68561ad8d4f732121933ae3c79157","ssdeep":"768:DObxDSasp98VMvgT2IPSJMW/RPaCAbmOCl8mZz7qcIhPsuXnRmotvjbZpyyn:DLb8WwMMKxKvmZz8hPsEHvjdpZn","tlshash":"4f1302a601cddec6d72ff87987c015979cec1d2718f90c6929398772afa4e4d80ab472","first_seen":"2026-07-16T14:45:27.719189Z","last_seen":"2026-07-17T09:29:35.920476Z","times_seen":2,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":238,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/04_1.webp?w=320\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:29:05.316Z","timestamp":1784280545316,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/04_1.webp?w=320\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:29:05 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"ea21f58fc40f227fb2d2f00793c1370d\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 37c63a10-3eec-4349-8c04-d5c88e796a4d\r\nexpires: Thu, 23 Jul 2026 14:44:59 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67445\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ggdjK84c%2Bbil882y0g43bTwM%2BXyHUe%2BVu9x3MfI87C3adBiQD7srYe3%2BlK2ZKCtBqsMZLXbm2R9N27LsrLtkhW5OfvOnZJePtuUrHyoNQxcy%2FsoZJRaal%2FN%2FTPuWTzRJvAg%3D\"}]}\r\ncf-ray: a1c83860383bb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 57402\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57402,"size_decoded":58727,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ea21f58fc40f227fb2d2f00793c1370d","sha1":"ef24185de1f8197aea03d359526787a93a7b579c","sha256":"c2c2bec10d66df7fa43ee930791ee31d1e48191a74b1b94970e23e585ff02f68","sha512":"90c5fa9d6025c691cd424cd83bd898304539255624d620df4232e583db41be6c8924e746e3b72efcebff825f5b551163434387480bcef5a604cfb86bcbd12a2e","ssdeep":"1536:2vJFp9oBwqpC3687UbAhcB+Vf1urGGzJry+dUFTDdChmD:SJFMCaC368a+9UrGuxGTDdCwD","tlshash":"ce43025173cfa017bc758a0a0379c1cc8e85e5054d817e626c3dad90b1a85f69bb7b78","first_seen":"2026-07-16T14:45:27.61126Z","last_seen":"2026-07-17T09:29:35.783018Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/video/02_1.mp4","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.927Z","timestamp":1784280524927,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/video/02_1.mp4 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: video/mp4\r\nserver-timing: cfExtPri\r\netag: \"2cdd650c3e878cbcf55e9213ede7e384\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:24 GMT\r\nx-amz-meta-content-type: video/mp4\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: d65058e5-d4c9-40f2-b9f4-5702cd33dde5\r\nexpires: Thu, 23 Jul 2026 14:28:01 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nage: 68443\r\ncontent-range: bytes 0-1006867/1006868\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TJw1fi2FLsOtrb%2Bxioqal0vVnZuZJeDKX4NagAGYNAiIQRQKB4HGihRxaRjsR9eEc5KVxruaEn9Qnqj%2BXtjZrnk22VcEhPwehNSQ46UpNJYpjUvR1tg9baLG7EKFnp%2FJpvo%3D\"}]}\r\ncf-ray: a1c837e0c9dbb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 1006868\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1006868,"size_decoded":1008206,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"2cdd650c3e878cbcf55e9213ede7e384","sha1":"1d5516be0fe8a608668324abf8fe1b4565b90f9f","sha256":"e6f1f65a16dc5bb51f0321b0a6373d35e9ff1e43a102e1fff9a6f948c419cbcb","sha512":"f6982b9a3e49ee77415a76e55e2f062a6c06b4ad991665daedfb112f5fb2beaa538b97235eb2fa0ec23bc87232c71762d713479999257233543cb90750aaf72d","ssdeep":"12288:CEN2bnfBbGMn0IJEkx1G63sBNAMEhF1lpLi+n5PThTDNT6D49w4p6NTPpbeJHcYB:CEclGU0y1Z30Ap+4TDNTaOeTP6nz0V16","tlshash":"1e252327d6938f0ce2070375852fab5077a6d56af16c07866a7998d0fd6efa00d133b8","first_seen":"2026-07-16T14:45:27.750396Z","last_seen":"2026-07-17T09:29:35.921617Z","times_seen":2,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/02_1.webp?w=256\u0026h=256","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.914Z","timestamp":1784280524914,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/02_1.webp?w=256\u0026h=256 HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"bf0e133e890a1a5f10289261faca3194\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: c1567582-642b-4f93-9ed1-5ba51963614e\r\nexpires: Thu, 23 Jul 2026 14:44:37 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 67447\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7NExwOPAQW4lJ0zlsk2BxkYl%2BZ6OQciSu3h7JQOJrJfEq4kwKoxC44HuBH7jRyxd6Ex5tVxKftM2U5B8PdqflwmvXmWCfn6ji5I4684z8sx4iqQXqwRb9hJOynNJFg6206g%3D\"}]}\r\ncf-ray: a1c837e0b9d2b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 62014\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":62014,"size_decoded":63327,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bf0e133e890a1a5f10289261faca3194","sha1":"a1b53704bdcc5c210af9cfcd42840be512d79147","sha256":"72b396e53ac3deae87702a15cbbb8f0ecb3753f9368edcbc9c9c7fa7ab9724f6","sha512":"c18c36e4361a5d1a7e8083a4695cf51e670d3217159e7743f8f7135471251d913487a1a3735b501207ab5b5088484a6e0463c6894815ad8848d340857c676693","ssdeep":"1536:xAhYDsb0V2v41sgfQEj66A/PGI6cr2Awozvm4s:wYxQwCsDj66AHGnm/D1","tlshash":"69531288eb85ffd1e9d77686f430833bebb05ec713ec0b6859614901623d9ac627a5c4","first_seen":"2026-07-16T14:45:27.656832Z","last_seen":"2026-07-17T09:29:35.724572Z","times_seen":2,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000081.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.565Z","timestamp":1784280528565,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000081.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a350-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sUIZg7UQZiGztT7WIW%2F8GrMoLWsbInAVY1Yoln%2BgKhKiCO0%2BLz2V7Wrfax4TXEi9wdp6OH3m%2FdrwWw1d7RvGKd5sfVtlAuBS%2BFIDcTF5T5uhOlqBSVRqufmspQGBUbg%3D\"}]}\r\ncf-ray: a1c837f78ab8b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 41808\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41808,"size_decoded":43388,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e3f0d012842a9d9bdf2e9c94a3543578","sha1":"473a93f4c82e8e41f0952b3557c79fb116886610","sha256":"97436e405f0e0d7d9929e1d91632217796c1a7d31a12e78362dfa74d4bf69842","sha512":"c060a7fbe55ef81efec0cfed62ebfb67935d882ddcfcd5a1af23dd910a50ba7afee175091eef22c0786d05562f365635852a10e7f46658ee530ab6ffbe2908b2","ssdeep":"768:HAmW2rorM2otWQUe83Xy4bNmpHxb+fE+IbkGn33MzdjXz/SF7ahslj8lhPpis8sC:ghxoMhrWxbmJIb138zdz/9slj8lhIhsC","tlshash":"2513f19ca160755cea6cafbb4b1586211797acfd04d37440dcc5feaa7dc08a0be1e350","first_seen":"2026-07-16T14:45:27.635177Z","last_seen":"2026-07-17T09:29:35.922682Z","times_seen":2,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000063.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.007Z","timestamp":1784280528007,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000063.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"b948-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dm8ShxvqRpV6Q7gEvh9bZIAc8JpY4J1gK%2FWgrO%2FgDA6zHBplT1D2Bk71UGII78WFbE4b7lDcSMVBZlNY%2F1sxJ90Nv8phmVw3D03Z4HaBP0CGJnwNArScTv3zh50qDzE%3D\"}]}\r\ncf-ray: a1c837f40a9ab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 47432\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":47432,"size_decoded":49008,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"50e6df39549c0d684d6e00a11b2f6ac9","sha1":"2f1daa96545c2f81ecb6dd986dbc2d7b3b899742","sha256":"18e7cce8645442af3658c2122f6f861c129a864323402201696a16007c59d8cf","sha512":"0e3342ef65f91d6da6b83f16ef4a3260383d82f0ee975b6cc284eaedec3989374f26fbc20b9c0b725f4a659330652113791ce1c6b8346851517c34a061526628","ssdeep":"768:nF+W+P4uQjv3BkBLGR3zE4fzAyRN2JOr2nbNETVHhRA8qCiGYBKzaIrAklXh+TqV:nFIPXQzesRb1kJ1bNchR3iGHjrAkl0qV","tlshash":"bd23f126ce5b0792486f39b5cbf047b4f4154a283d00d3de63ad55ecfa2462a8e3e641","first_seen":"2026-07-16T14:45:27.709481Z","last_seen":"2026-07-17T09:29:35.923677Z","times_seen":2,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":229,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000076.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.555Z","timestamp":1784280528555,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000076.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a594-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P4UrtdXSETKzLwv9xl03I5mMwezx%2BPa1oUr5A4HzsHBTQkU4E9vCd4caR4tx0VD6u45p2DwCMEGeQe2XJ8gAKuv9K%2FROjqIC%2FWqxuyMew6YykMafQL9D8%2BMr%2Fot5fTc%3D\"}]}\r\ncf-ray: a1c837f77ab3b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 42388\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42388,"size_decoded":43968,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e11d2863c874670ee7366ce7085251bf","sha1":"808b8d5b1c362ab15d66e3ba164fbcacd5ad8ef3","sha256":"8a0d7153a7f380ae7680aa8edf0c8f75803801a35e56a6d64ce82096a14e5315","sha512":"c6dcfd4e6273354c51e735cfdf0619dc7ddf3730afb21ee92d90cde1bb9b11b4805ab14b5f484557ef8a35c950bb72fc2c1572fe59816fda7f90383497ecc1fc","ssdeep":"768:xPnSf8/03CMgMIzB5ga1l5jweAnUUzPCjFo5Jb6GDQiHKVqGH1Se0dK1FH7DJl4D:xKftCJMcbgWweXUzAcJHKV71l0de8","tlshash":"0913f1d92982f8d8e63fc71e130d329886dbe28544d40e76b4c8d8635b8ea7d46b00df","first_seen":"2026-07-16T14:45:27.620392Z","last_seen":"2026-07-17T09:29:35.924692Z","times_seen":2,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":143,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000105.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.419Z","timestamp":1784280529419,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000105.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"48a6-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L%2FiDyl8Y%2BFdC1ENUHoShCHRKHD0s9tUGBEOsXQolfLJ8tu22a5j%2BP5RQlwcBqYdAzTxP4EdIPrhNsw2xCg38FoaDVQnjvo%2BwbnqLtnA%2BE9iw%2Bbc%2Badsla3FVNqy%2FM3k%3D\"}]}\r\ncf-ray: a1c837fcdaeeb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 18598\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18598,"size_decoded":20184,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9b57092ef3dbf28004c168f6ca9a9ca5","sha1":"99b519a3c294f65d30feca6e1d9752f7992f48ee","sha256":"78e2a5930a8a9af0c03ff15d099d812baffcf782d93de15fb0868a9d28d3a6d4","sha512":"00dae75d46245f86183cb3d3500850b035281e3790906d01ea7f8805b4669ae1266cf5ffbe0f136020a8287325938453cd7ded221657c5f313697e2143092950","ssdeep":"384:uBn41T8n5jKu2nIChatvq/NGRNVYmZphrdJ/T38dmg3wie4iFcSfR/R1ViGoh+4S:As8ntKrI7sARbYSh3Tsdmggn4iXrViGF","tlshash":"4982cfcb6b4816c8787c464f875296d383e7796c6c278f8ce091925c71f20e9de54e9c","first_seen":"2026-07-16T14:45:27.621442Z","last_seen":"2026-07-17T09:29:35.925771Z","times_seen":2,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/15dros-e3i4vz.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.489Z","timestamp":1784280524489,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/15dros-e3i4vz.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"a650-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67447\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Otx1TmV2uFVdbM5cetUi16GIg2nD9K6hNQH8QZZPjJRCmgwzgs3iw13VFZmXU9dMGR4P7H%2B%2BZGvbSg1ViUWo2EXlDsTgIQWZHh%2BaQK7%2FWQut0kTVQ79SUl8Ux7AZpOk%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837de19afb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":42576,"size_decoded":17201,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (42576), with no line terminators","md5":"178aa8acdd99b2fae9cc71e611b65665","sha1":"6bcb1431a528ae4357a5ae2deb4d3093bfeb730e","sha256":"3d79844e06d453973ad0d5709a423501fe9a09d555436eb3984b7c797534eebd","sha512":"4a7ed7f977d3e64382a6fc1760bb37f3b69666ef4516b2be98240d785efd97753e8134b5fda4bcd719f20b4f109101b0a00fbb9e7cf62d21fec5de50c8f9e971","ssdeep":"768:HPStC3yhXlxnndhYQCEpH5zLh+1DRm0BomnaFZy8:HPSEiXHndhY6Zp+1jUk8","tlshash":"9f131aed7181b565b36f0199806fc00cf37f2e85e81e4410f2b998ea3d649a942b7f6c","first_seen":"2026-07-16T14:45:27.720273Z","last_seen":"2026-07-17T09:29:35.926677Z","times_seen":2,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000008.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.613Z","timestamp":1784280525613,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000008.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"101ca-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w4Dh1GbUWixMe2TJDiGIbwrzwGTII%2FSlU9lwGst5t9%2FboZr3zoKMRnuF47Mm5Rmal4Lhn3USDNlnsimAKJjRr5pN%2FvlTmg1nojyjxq5Dy5HECHCdUwhjXuTXJLe69Uk%3D\"}]}\r\ncf-ray: a1c837e51a00b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65994\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65994,"size_decoded":67571,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"79ef5e371a37a26943b6c7d9a59a6f9f","sha1":"374f1e3a5aefefa0b5c159af65e3dd2443052702","sha256":"c01d7bd3dbb41c71ee84435fe0b11f45222d2d3061280167e87344d1f9d7fb7c","sha512":"447ff2501017630ad7bbd242eac592569d982f8b6b9b620aa26713d808fd3ee062343832e490095b1a3fccd25e6f3dab8d5664ff7e932074f664852b8bcd9a20","ssdeep":"1536:iII3YQ6hQZrZtTahGwoopmuV7T1xTeoDhChEsUxZdq1qHxqHfTAwALf3m/hca:SoQ6+woWZpxyo0EsUYsxq/TxHca","tlshash":"7f53025f8c1e5c03988d9ae559523ca8a33303593f67b4a4f246e84767c8be1089bf5d","first_seen":"2026-07-16T14:45:27.688761Z","last_seen":"2026-07-17T09:29:35.927576Z","times_seen":2,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":312,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000010.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:45.616Z","timestamp":1784280525616,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000010.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"ff54-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8neYgfY%2FUBfE0lVw3%2BcJpo%2B1A7EO9rTy8UhsZvUntT3yvm4FKHFL8Yb36AN7tBgoPEgT4E7wh18YUHRF967aWMfcSXPIq99KZFM7onQhkeUt0OUVXEq2S2b5LnD6nQw%3D\"}]}\r\ncf-ray: a1c837e51a02b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65364\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65364,"size_decoded":66940,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d46f2976bf9406cd8aad2e04b17d49f8","sha1":"5e0a84999c89786804ddbb503a0c3dbdf379ed40","sha256":"d248b9da1a1e34353147171d2216546e09bea27ec73a2ef38306eacdaa025416","sha512":"d15a63b6312ee6b267d4aa63cfcb8f7ab180bd677553126d1df7207d24994c3ecd5040c5e1315a0dd6e9d5c19a91d0b3007fe2876e858604c4b538477ac9307a","ssdeep":"1536:g/57nARw6I6ZFGUcshrnQWPM3yDPCnu12y35m0/IrikN3uO:45TA33CUc0rn5MCDPCnuxJm0PkNeO","tlshash":"335302132a67fed57ad628f10e401fc76902c65d65a84584e4ce3ff22b983a0dc7d4ea","first_seen":"2026-07-16T14:45:27.730023Z","last_seen":"2026-07-17T09:29:35.928607Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1429,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1375,"receive":54,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000118.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.884Z","timestamp":1784280529884,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000118.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"5056-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z%2BN0S3KvJHx18qpc2sVbYGpFR8ePD%2B1Kr2bHKE02BRxY080eqlmGyZZH%2BPiKyllTiUE0PyQjMD0giggsvfbQ3v%2B%2FLY4wTXDMRv9g%2FIjOauEZnWlvBLE2Gqc7sY9tu7E%3D\"}]}\r\ncf-ray: a1c837ffcb09b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20566\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20566,"size_decoded":22148,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"77cb21f1b80375232dbc643e5f4edeaa","sha1":"ce87b2b06a5dfb802d26b77c4a60e5c0f58920e6","sha256":"17558e42ddf8fbd08b23c811d9519b005ec42fdd727171a48dde1f899e20c962","sha512":"cc6a8eb3f805aa6288fb81994c07b7f65c1c0fafd0ed5544e19bbc3c5dd9505f5dd7fae2a304143a4c7a5cdc2557e257dfdcef30e6bcc7e6ca5190dee4be23ff","ssdeep":"384:zgetK29H7XL1zfBRlvMCmDLhGUpClnYvbKAqx6h6RacGd5CHLv28YUy6z:kRoL1LBRK5fwnYvbKxxZPGd5sqUy6z","tlshash":"c292e0da019a4c2c5ce049e36254792a084dffc4125993bcef01b659b4facaeddd2de8","first_seen":"2026-07-17T09:29:35.929649Z","last_seen":"2026-07-17T09:29:35.929649Z","times_seen":1,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000128.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:50.157Z","timestamp":1784280530157,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /sequence/frame_000128.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-19T00:20:37.747196Z","times_seen":17351892,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/logo/earth.mov","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.791Z","timestamp":1784280524791,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /logo/earth.mov HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://rwanftfi.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: video/quicktime\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"570c3-19f5e9336f0\"\r\ncontent-range: bytes 0-356546/356547\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XElO5sE2B9mAW%2B6ucLTNlGGZNiUpeq0Ny6Jvey3pPf5iz29c0mJ%2BDgfACjDrWzAOGny8gvLFYesJ5VCPW9bl4fztpcF5iH94yQ4NOo7RVvbmWu1TQtAltQQ1%2BimoMMo%3D\"}]}\r\ncf-ray: a1c837dff9b8b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 356547\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":356547,"size_decoded":358171,"mime_type":"video/quicktime","magic":"ISO Media, Apple QuickTime movie, Apple QuickTime (.MOV/QT)","md5":"503ce345198466b2657254462b873469","sha1":"08c796d941c8727c95482f1952b20a48452c6746","sha256":"5162598c99434a580fbf3d1b6a9ffc7bc9713dc45bf9bbab15b819b1a83e25e1","sha512":"e640f9d62be396b39ebef04909cc19fac2b08144f69898212ce02ca5dde9f09ae570c1b698b4e8cb53975de36d4f7a594bed8b9c85a120c962ad95489df9645f","ssdeep":"6144:HtfMGWEshcjqalTPBJ6Pb/3OGuM5MYxsQ6EuJtFZi7u0cBwlf:H5WEshSPBAP7OGuM5MQ6Ec1Ku7wlf","tlshash":"a574010433931ce6f01c93b3c4ce57066b175aa3a5d85a81b9cf96e87f902719d439bb","first_seen":"2026-07-16T14:45:27.668664Z","last_seen":"2026-07-17T09:29:35.803441Z","times_seen":2,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":97,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000023.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.823Z","timestamp":1784280526823,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000023.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"122e8-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IfNLs70XBM4QHcs07jEF5uyNEZvNDYne9VNHG5F55qXcST221lkNIw3WyNE1BVdWDMtkHDdO9fcJ3VhNJwvPh1QVzsF56qlGUTpLV1cQ5m4%2BDVLJ%2BqOiAbvfxoo87q0%3D\"}]}\r\ncf-ray: a1c837ecaa48b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 74472\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":74472,"size_decoded":76047,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8a1560ea24c94821dfb7732c1fa3f9bb","sha1":"0ba05340895a9c58dcd548a46bb1eb39e3ce5a1c","sha256":"5e25f9532ca19556af297097771190f909a89c1be09b01a882d03feaf27c0358","sha512":"78603fe9a2232a3b7d404dabdb15e37059dfce981b383fbb898918d17a0c7ae343c403409138f8997a3dbfeff55bdd708e1f037b1f745625c825416d3097585a","ssdeep":"1536:MALOJmaqhm1u7lRqwdygc7mdMyXJiVAelijvHkCqAZdSXmzXT:MA6Jm3hm1WqwdTnazNcLHkOzT","tlshash":"127312e11b5c29f6c3ebf600b7a1a02b6c8f5bd3a4b1d541ed20937df30a752c52019a","first_seen":"2026-07-16T14:45:27.673787Z","last_seen":"2026-07-17T09:29:35.930732Z","times_seen":2,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000051.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.751Z","timestamp":1784280527751,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000051.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"10046-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hgPDZNy%2FJVH7yV7%2BVvg1ROHQH1DDxmIIRP7TiD%2FFAWWQTsdmTIOx8bWW7RgJ2gs%2FB15TTF31Lw6EznsWITlTEUUyyi%2BDYSCrJgdOW1gYi9ELSCO6Oj8%2ByC0kVlcJEN8%3D\"}]}\r\ncf-ray: a1c837f27a8cb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65606\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65606,"size_decoded":67189,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"55dbcebe4992f2ea03a7663bc24134d8","sha1":"d7de6a1278aab4e237f0f2384bdf902a4cc1e33f","sha256":"51e0bdbcccd51258e01179ce1803b967c15c50f60e86d67019348d0ff258ba31","sha512":"8f2c345ec4ac6932ab16cdbf2817ce98abf3eb1f01ba2b3fd1f45ed9bd7528ed87b90878bb0f9538fd0ca5374bfcd7b149873f81e0a45649ead8d31851e3447b","ssdeep":"1536:nKcgde8JHwcLd9VArYlkuTjzZfNnCn8uT0AMrm4vyS17Uz/:K5icLhArYlkmfOYAwmuy44z/","tlshash":"095302594a006e1a33184921bcb9295e9232bda4b103b3d709edc7315d3dab97ee1fdc","first_seen":"2026-07-16T14:45:27.732086Z","last_seen":"2026-07-17T09:29:35.931866Z","times_seen":2,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":88,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000114.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:49.645Z","timestamp":1784280529645,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000114.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:49 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"4e9a-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kb84OsZCDEheNbD4YUrU1Cbbs1UOn%2FAOUDHfi2Y8Buv4LnfLaAd37iw8dx1azktyaSCjUwoxHaFgrgjbUXqAqqsanosdQHPY1aWg9mLpIt7I9VZ6%2B9LIlWpp1EOxWP8%3D\"}]}\r\ncf-ray: a1c837fe4afab51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20122\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20122,"size_decoded":21696,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fd879593a20a59e37a606e48cfdc52f9","sha1":"a287d3f7989f9be23b50221dae41d7b4caa3c2dc","sha256":"5c6e3cadb52bba24f082a3e9619284242c1540a61cc279b3ae5b540b4e1d54cf","sha512":"389323de7a56a536ca538ab14be2df761dbaa69066e044e29b6f9d4cb58bc89c03644494bceff847094a62f8aae2c8bd52ea6a7a5ddfd719cf0510a729e5e4c8","ssdeep":"384:A3IZYMFA/mVV+DAfiDrFIRle5lmICnPB17KI3US1D+TKtsW5:AIO/uFiDrFI7emdnPBg6vltd5","tlshash":"ab92d0ca4d11142d3ce6e7347498496ec9a5c9c3c15bddeb6fe24480c6b9b171b8d82d","first_seen":"2026-07-17T09:29:35.933238Z","last_seen":"2026-07-17T09:29:35.933238Z","times_seen":1,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000132.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:50.166Z","timestamp":1784280530166,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000132.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:50 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"50a2-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hDUAZefXqj32lWHcRFvLyQKoH2bR7jrX%2FLJLNv1ZhJs1s1hpm3PGFI%2FHxaPJ5ug1jyhreXZtD2GWQFjyWMfC6KZdFiS0ACmagX8%2B5pNeZWiboBpzYCXzw%2BGV1ec4gHM%3D\"}]}\r\ncf-ray: a1c838018b28b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20642\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20642,"size_decoded":22220,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b5ff352e73540f9d2f2797513cdb9818","sha1":"8f97260d0c9dce06b1a388b0ea8809f01311b140","sha256":"e0f874a85f9774e70ca68cd11e3c91549d77333cf65ee0100aefa0b190bd67c2","sha512":"fdf64924656d2c91866a36fb209d869049a0ef39ab9b8ee32c39b82eadf0502bbb98125bd17bde7e5ae415d9dc41e5941c1e5b017f5b692381777504278c8f54","ssdeep":"384:VFrTx7924VNgsF2VMOmsbStZUBUKxHKF8LA74PDtHFHISecXMMT+NSr+OKyo0hQb:VFPx744IshIyd6RFotMTKaZKyo0h4","tlshash":"f492d167382e2c80e16bac4c737cc6459c24c8a0163b5cd706bde4dda34bebbc65e160","first_seen":"2026-07-17T09:29:35.934441Z","last_seen":"2026-07-17T09:29:35.934441Z","times_seen":1,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/_next/static/chunks/0sonk0j_mx1ci.js","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.478Z","timestamp":1784280524478,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /_next/static/chunks/0sonk0j_mx1ci.js HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Tue, 14 Jul 2026 03:03:20 GMT\r\netag: W/\"3742e-19f5e9438c0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\nage: 67448\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t4nrkaKOUHsbaSOZNqaClPZH00q0GmW1oI7Vdp5nfKZZ7X%2FrcAdU5e9gKg2nuJTIqeU9EKt3khq%2BOGCZWmxerCyBMiSOAEFcWzPjwon%2FoQhclvHIRwFwR0MhBuegKm4%3D\"}]}\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1c837ddf9a7b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":226350,"size_decoded":73158,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e23773e6388f58ad656274994e93941f","sha1":"6e2ea50ac499b15ba36e61d07514acdcbd145781","sha256":"80bbca84b375c699ea654c99c388740a69f6f83d0d32019c83c192cc8e1447fe","sha512":"3d2c86ece2ab14f2f2d42c8dc10acaa890fd6d803f492d83ab4fcacada49364c94642c1835be797735a77213f671a5d8628799f3f0195d030ddad8fe74b98a46","ssdeep":"3072:dtJtosM4BFfOg/4NqwuQtPHllL2bgmaIQHnXxRMujgDngfXQ84:dtJtNxBFfOgAoQiQnBZ0DngfXQ84","tlshash":"c724fbe83955f6626ab302b710af1803b33c252b280d4d60a251fd9db57845fb17bf9e","first_seen":"2026-07-16T14:45:27.627907Z","last_seen":"2026-07-17T09:29:35.935585Z","times_seen":2,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000001.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.524Z","timestamp":1784280524524,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000001.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"ff1e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6jRtakYrcZ8DHvWH0YzMFRXH4Z1m3oU8Avev84TPgevQpXfOpCaCv6IPQ3kyGL01VaioUUYVapp1hJZy29DmtiqFk7rQNrlbB3KIUGssZ8TDlKn%2FlJR6opYkuSggJyk%3D\"}]}\r\ncf-ray: a1c837de49b4b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 65310\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65310,"size_decoded":66882,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bbdac09458c448b49a7db114c211f693","sha1":"4eef23151cadc82eb2566179e73c279567bcc7d8","sha256":"172b0d9e91059dc2003de49109a0518d8daaa9ea6a13e5c8cdd549abf69edc39","sha512":"aa0ebc6bd9ba5413b06c184607697e94ea8151ebdb8e50f98e97e5b3e01f6f7d3d78710ea530bc37ede76d6a658368734782c33d497ea10481730502718b1d1a","ssdeep":"1536:WCmFdDURjtOz+LurM68Xp+39VRmFTh0JP1:WCeUptOz+LXHEhmFTOJP1","tlshash":"3553027c76cec2291bae91c3e8a45b7e3574940624d208736d594696a0cccbb733ccae","first_seen":"2026-07-16T14:45:27.725014Z","last_seen":"2026-07-17T09:29:35.93676Z","times_seen":2,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000030.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.841Z","timestamp":1784280526841,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000030.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"1246e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qPh7OgDTFik7EEXa53LRQM7gZiogxw3XzduoHhVEwWJKCEyIt5kfIroDVHSdmyl859%2BucfvvHBXNDfV53%2FFBe9ldqOBMYRfcTilzIcE80MHM6yZeBSreHdapb7FnNBc%3D\"}]}\r\ncf-ray: a1c837ecca4fb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 74862\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":74862,"size_decoded":76437,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d69a17f75d8c666f03da0f7740883f08","sha1":"a77413ef7efff8e19fd8ee4aab9d828a2d858088","sha256":"761896fd7d23492a86a5333539bd65e8a222058ec690e4538667618880509cd1","sha512":"408ccf3e53de1d37c943e26fc213f02dd32759da1a0993b1c54505de5287998f9dffa705730d5cfb5219b5dd0690cd0a8a8b742230935da87b158dd10afb7701","ssdeep":"1536:GGDWqw2ODHvwaCCIxC8tDA2RduWmoZkrwFN9R9gSf8Y2F/gNcK:VLwwaPbEA2Rd1ZkE3DP0Ypz","tlshash":"a77312d786f091b27f3048312001b3e68c49178d5ac597a8aaf5a306e7d7df35e9213b","first_seen":"2026-07-16T14:45:27.700562Z","last_seen":"2026-07-17T09:29:35.938391Z","times_seen":2,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":196,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000032.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:47.116Z","timestamp":1784280527116,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000032.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:47 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"124b0-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zGAOQKk1d697QRLNx0R6S4hyDtnyx1hrwbRIc7FUWpvA6bcginDo%2FGIDK7ywIu4Z3PUEt9YrbnqLkW6ij2mWeT84A453LQBpjpURO5mEq8wpSK3oEutdoCXf4AEibbo%3D\"}]}\r\ncf-ray: a1c837ee7a55b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 74928\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74928,"size_decoded":76501,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c213bd5825e67ea723a43956580fad11","sha1":"0980a5ec502e038ff62b069e97629d840a86b239","sha256":"0b39ceaedd7398836c3851680d4de2270df205bcd44a4fa67d2a4540f17da0bd","sha512":"024e1b8654618318a6b7c1a80c028f25ac3ab43c608aee3455d735bca3b4aa30f57de1fcab91bdfddecbf2122827ca9046ad1b4f5295d66b6fa7850027e02e27","ssdeep":"1536:N0HBNTw9ZbEaZRpuxxi24bdOCH9w6Dsuva9W4iR/nuMOkEENX1qAvdl/o:qWZbvrpEOb5N4i5FOicsg","tlshash":"b3731236fcedbd7b8847f1c15b22e14ae35811b1d2436ec294da2b7a6395dd9d100f21","first_seen":"2026-07-16T14:45:27.613284Z","last_seen":"2026-07-17T09:29:35.939699Z","times_seen":2,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":238,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000083.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.679Z","timestamp":1784280528679,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000083.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"a0ba-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jmkQEcSVQdAdjxnS43%2FOGwY%2F0aswvmRPuBs1mwXoHZMl%2F6bfsdZ0cg4l6k0LNvUbtGl8Kpuqou8TXjcUZWlPRCa3qq7AYEwpf4SdXswlOu6tGm7jwrhXhx0%2FGwFKbPk%3D\"}]}\r\ncf-ray: a1c837f83abcb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 41146\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41146,"size_decoded":42724,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7f303a0a16ca8d128623ae273c612f16","sha1":"6b263be9de2a62be1a740ed60d800fa299db66d2","sha256":"2a5fcc7d15721d044119cb660bb29c289bddf0517407d8b9ca5d44d10a7de5d5","sha512":"211c1a38bf9e3d26983cb3d34ffc18bdc7587ce27e195d18049d89601cfcbc0e51834ddd654fddce83f09a4c1da974027007bdb6632539aab9a4fcd91d527e5f","ssdeep":"768:WLMYvhSLmPP5Fhv+EcMiNog5FADNaiB/yYGJrfVGYT9q222EFA9DiU+qRRTo:W1aS7hv+MOFADUO/z+d99q5/oDcqg","tlshash":"6f030214ef66e17ac368ba7588c37eb4420816faa71185cde030832e6db7ed950dc726","first_seen":"2026-07-16T14:45:27.603274Z","last_seen":"2026-07-17T09:29:35.940673Z","times_seen":2,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":166,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000131.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:50.164Z","timestamp":1784280530164,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /sequence/frame_000131.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-19T00:20:37.747196Z","times_seen":17351892,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s3.rwanftfi.com/biz/nft/image/09_1.webp","fqdn":"s3.rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:44.822Z","timestamp":1784280524822,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /biz/nft/image/09_1.webp HTTP/1.1\r\nHost: s3.rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:44 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\netag: \"6f958cad40e3dca4b05a40581baa3404\"\r\nlast-modified: Tue, 28 Apr 2026 14:56:21 GMT\r\nx-amz-meta-content-type: image/webp\r\nvary: origin, access-control-request-method, access-control-request-headers\r\nx-request-id: 852fc3da-168a-4eb6-85dc-fedb33ecdc65\r\nexpires: Fri, 17 Jul 2026 14:09:28 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: ETag, Content-Range, Accept-Ranges, Content-Length\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 587956\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8VjZXftj1MnpPaIo4kuPgHqtsVFjQ9j9y0nm900y1JUJz8Mci%2F%2BXRbjUz6iSFYFOuhkF2gGE5sZt4VgOMLSkmN7axTsDBsdjXYSI9hL7Suo4J1e1tvODHH05YShQRVUGOoI%3D\"}]}\r\ncf-ray: a1c837e029c4b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 60270\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60270,"size_decoded":61586,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x960, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6f958cad40e3dca4b05a40581baa3404","sha1":"efbb027f29ff5d8c9dc8d9b05d58f28dcfb2aa77","sha256":"bcbc9ab8100fb2b63a306030d5e4a237635a9d676a8657c1fb62f8d2c51634fc","sha512":"9eb587145385ea0f25adaabb027586b2da2b9a12f2dafbb78c64ed6a7e070eaff2b4ec4b7cde943fcb872dd46e5cd870edd122b571520679ff2fb4770e6a8e9b","ssdeep":"1536:lEoWgsZBwkvIhBxx+Bf5eWZ1za5m73D46aJ3nKC0IJHE:lTWOkvszx+95eQza5e4TJ3nKC06E","tlshash":"a843f15fc545adb952353fb0f0640f85a9681022c7ff47bb4a92951b2a7419a34f348e","first_seen":"2026-07-16T14:45:27.667108Z","last_seen":"2026-07-17T09:29:35.733499Z","times_seen":2,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"s3.rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000020.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:46.475Z","timestamp":1784280526475,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000020.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:46 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"11e84-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mRWUXsngSqhnQ83JhKVEluU8Z74%2FMlznRg%2F49Cxb8cuoXSBswVv6%2FKudwGL%2BIjtqAiWEgDL2uAyCppX68vuqXKAk1EKY1ueA6yuIcOH7GonSjrR6jLZZbk07NoaK4yg%3D\"}]}\r\ncf-ray: a1c837ea7a40b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 73348\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73348,"size_decoded":74927,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e1be7a8dd5545d096a07c892a9919c9a","sha1":"fe3ae11bf2a5f150fefbb9f093274d3b78ae24b8","sha256":"9c1f0e4406282e8678f7b60882ec56db6cd8a2cab866667dee7138e27e4923c9","sha512":"5470f43a9bdacd28f2990ceb7ed12f15e588bff3d7081edef4a560737bbf3da883569faa33a13cfbfeb09013950dc143dba263200fce325ee59905061a6fd693","ssdeep":"1536:oNSxkbL7cS0UI6XQypH6ltHBFq4POsEdYzPMLtpVTyYkKgVhWE:oNSk4SVI6AJltHBFNO3EkxfB+x","tlshash":"6f630288996fe9d020571fd6120f2a5a0feaaaa0790473db775c059b1c3ce884af5c2d","first_seen":"2026-07-16T14:45:27.730971Z","last_seen":"2026-07-17T09:29:35.94227Z","times_seen":2,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rwanftfi.com/sequence/frame_000067.webp","fqdn":"rwanftfi.com","domain":"rwanftfi.com","tld":"com"},"ip":{"addr":"104.20.41.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rwanftfi.com/","date":"2026-07-17T09:28:48.356Z","timestamp":1784280528356,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rwanftfi.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Jul 2026 19:09:51 GMT","end":"Mon, 12 Oct 2026 20:09:48 GMT"},"fingerprint":{"sha1":"6B:76:AE:CD:48:CE:90:3B:E4:B8:C7:39:A8:C0:98:BE:82:CE:BD:CD","sha256":"69:24:B5:42:EF:76:F4:76:E1:21:2A:37:E1:2A:C5:95:A0:9D:E6:C7:61:C2:22:3F:79:3B:6A:94:3E:28:AD:56"}}},"request":{"raw":"GET /sequence/frame_000067.webp HTTP/1.1\r\nHost: rwanftfi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://rwanftfi.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 17 Jul 2026 09:28:48 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-dns-prefetch-control: on\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; media-src 'self' data: blob: https:; worker-src 'self' blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 14 Jul 2026 03:02:14 GMT\r\netag: W/\"c64e-19f5e9336f0\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=()\r\norigin-agent-cluster: ?1\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qgiAjDIjMrvw0jt5uCZYJjmFZOYYD9fzr7BC5qfjZw2bIjrESg0c7%2FdqHS0EwcQnfSbPad%2BseglLPl3sm7mak4J0VJc1B5PlCiTLEaICpwtMo%2ByWeilfJPCeEShNmkc%3D\"}]}\r\ncf-ray: a1c837f63aa5b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 50766\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50766,"size_decoded":52342,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1000, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ad64bc3a73124de0fcf82b285312eaa9","sha1":"01f8e46b0384410e8eb74243d5ed9c8e8dc72a94","sha256":"03071a9f0a4399f53532335c73e8f51ef7c0aec775b54de05316490e2a6675e1","sha512":"489e6d21b367c3f0a58d685a9f19fe96a60b289bcd5bb71269bc61b4b747cdeea2c838565904d57e7861b3d998b93b69e81c672f0b207958ed071ca69e897d4f","ssdeep":"1536:0kjxzWek450rznXkLZckOkA/HZRYEBVanFnw8/:1jxaeF50XUukTwZ+EBmCW","tlshash":"b933f255a47028ab3ec9ec73f88d4eb9058cecc98b1c571d4c2513f9cab24c860dee65","first_seen":"2026-07-16T14:45:27.697689Z","last_seen":"2026-07-17T09:29:35.943233Z","times_seen":2,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-17","alert":"Sinkholed","trigger":"rwanftfi.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}
