{"report_id":"2de68b40-8a17-4ad1-bb10-92974cf98a9b","version":6,"status":"done","tags":[],"date":"2025-08-19T07:40:19Z","url":{"schema":"http","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"title":"(1) New Message!"},"submit":{"url":{"schema":"http","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-23T07:40:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":7}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"obtrusiveorganizeresponse.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"offensivefountainrabbit.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"skinnycrawlinglax.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":38609,"first_seen":"2025-07-09T22:28:05.771371Z","last_seen":"2025-08-13T23:56:15.218302Z","alert_count":6,"request_count":6,"received_data":193971,"sent_data":6932,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"18.198.116.222","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-08-15T14:27:45.733953Z","alert_count":0,"request_count":2,"received_data":844,"sent_data":898,"comment":"","tags":null,"fingerprints":null},{"fqdn":"offensivefountainrabbit.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":5970042,"first_seen":"No data","last_seen":"No data","alert_count":7,"request_count":7,"received_data":235312,"sent_data":3192,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-08-15T09:36:32.728712Z","alert_count":0,"request_count":33,"received_data":1160010,"sent_data":15442,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"sentry.developzilla.com","ip":{"addr":"96.46.180.116","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2008-04-23","domain_rank":5544465,"first_seen":"2023-05-09T06:20:16Z","last_seen":"2025-08-19T07:23:24.842465Z","alert_count":0,"request_count":8,"received_data":5604,"sent_data":4564,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"torchfriendlypay.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":191479,"first_seen":"2025-07-30T13:31:49.539518Z","last_seen":"2025-08-13T15:45:12.285093Z","alert_count":33,"request_count":33,"received_data":415773,"sent_data":59444,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-08-12T21:41:35.260887Z","alert_count":0,"request_count":8,"received_data":687704,"sent_data":3288,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-08-13T04:13:28.842908Z","alert_count":0,"request_count":1,"received_data":377,"sent_data":416,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"rashcolonizeexpand.com","ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-09-01","domain_rank":31106,"first_seen":"2025-06-27T17:12:36.133274Z","last_seen":"2025-08-16T10:16:04.881717Z","alert_count":9,"request_count":9,"received_data":204314,"sent_data":15647,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-08-13T18:17:11.894714Z","alert_count":18,"request_count":18,"received_data":408711,"sent_data":32384,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.show-sb.com","ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":187612,"first_seen":"2024-08-31T03:46:04Z","last_seen":"2025-08-16T06:17:17.841362Z","alert_count":0,"request_count":7,"received_data":14891,"sent_data":3494,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-08-12T21:41:35.299966Z","alert_count":0,"request_count":6,"received_data":2976,"sent_data":4584,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-08-13T15:14:14.224423Z","alert_count":0,"request_count":2,"received_data":34862,"sent_data":860,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"obtrusiveorganizeresponse.com","ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2025-07-31","domain_rank":0,"first_seen":"2025-08-18T09:06:51.826449Z","last_seen":"2025-08-18T09:06:51.826449Z","alert_count":7,"request_count":7,"received_data":201398,"sent_data":9139,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-08-15T06:04:37.392161Z","alert_count":0,"request_count":15,"received_data":956101,"sent_data":7053,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-08-13T15:10:36.82984Z","alert_count":0,"request_count":14,"received_data":573362,"sent_data":7672,"comment":"","tags":null,"fingerprints":null},{"fqdn":"packsitas.com","ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":6315462,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":49,"received_data":3289733,"sent_data":25705,"comment":"","tags":null,"fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Age Gate:3.7.1","description":"A plugin to check the age of a visitor for Wordpress.","website":"https://wordpress.org/plugins/age-gate","common_platform_enumeration":"","icon":"Age Gate.png","categories":["WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"WordPress:6.8.2","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]}]},{"fqdn":"wayfarerorthodox.com","ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-08-08T11:06:50.216151Z","last_seen":"2025-08-15T11:14:38.877159Z","alert_count":7,"request_count":7,"received_data":19640,"sent_data":9365,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84380,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T09:34:35.836032Z","times_seen":16148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/navigation.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ee5d178484a55e36788dcb5d14b52d01","sha1":"12dabdf70a87227c544d7aa52e8bbae78d90f90f","sha256":"a32e10b91b2fffdb8ca7dac1c2feb1569b5d43a929218e16b65d3a0b36cad43d","sha512":"e15263c212e2807cf884b3a50218560210e1d1261dbcf2ba6693b6c4269d3d16d307fa7ee8eb5cd8aacd7963f4258bf28a91468902c60f1b42e27a4a56f1b298","ssdeep":"","tlshash":"8d41fec73a8b323b96ca2354a17d64527a38c172d70a7d26b4b8d2852860c0506fdfcc","size":2360,"data":"","first_seen":"2023-03-07T01:38:19Z","last_seen":"2026-04-09T21:28:29.832673Z","times_seen":960,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/1ee95c2f94aeca082917050c7a7cb7a9/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad15b262a2fe943c7d381dc97bf566a1","sha1":"76aeb6ea95508ce2107bcf6898dc819731eabd23","sha256":"7b6ced14c19f4fbeb9e2e4d98b42b584c5ff8d9076a3c5998cb80a8349ead13a","sha512":"a18993cc8481021b5f4df3a3222224e07314be602fb8a581706f9927685254fb005e134fb44734ae326c059f1ec25f7701e512abbc8ebf5b98c0242cb79aaaf4","ssdeep":"384:lznDSbp9Qf1PPXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:BSYfHbULz3KQQmTO5qel+qL0PFcWg","tlshash":"56e208883f60b04d1776303b322f856ef9b5cd555488d89cd287ac952ab9b1ee437e09","size":33053,"data":"","first_seen":"2025-08-19T07:40:33.411756Z","last_seen":"2025-08-19T07:40:33.411756Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"501cd4d14ccddfd364fbee6482265ff8","sha1":"bd18a5ffb6288219ec146bf4b6c94e07308c8e53","sha256":"5485616056ad9a9670eece6970cc31fea29a38f0d15487c7f2e292001ee3c6dc","sha512":"8d0d2e4f48463e1ff43b0caf900c3147961164651ab8c8bf6c242b9e8dc40bbc24af3f95b4a9a7d5ecdbb8f62b02f9eadee65e4654a60763931592ef12afbc00","ssdeep":"","tlshash":"8bc02be18505f3540293cd600c2cd1c0c311cc103c1d113726f0082a0250c01c5ea35c","size":139,"data":"","first_seen":"2025-08-02T11:30:48.604441Z","last_seen":"2025-10-16T23:53:34.856618Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a0c0b999c8fd1cef3314f9632abd08c","sha1":"7eebc564dd1f840c9e9800a1a296c47e61ba010b","sha256":"13ebb661aa60d1b1b0c5f2a0aaecc72cdb008e0fd14a9db1f16e01c9a6a410a1","sha512":"6aa9743412aff277a85485cabfd8e3c6d02dbe7e886ad7eeb242c405857886766a774de05033264a1e1658c9c2c046a69bb65dd83c044d6e77509814640c73d0","ssdeep":"","tlshash":"40c02bfcc401f3e8411acc110c6cf443a30ccc207519003321d810350254540549539c","size":139,"data":"","first_seen":"2025-08-02T11:30:48.615594Z","last_seen":"2025-10-16T23:53:34.885175Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"9d962a7c4c99e5fcbda0692aa95eec47","sha1":"a0a350e761449191e3541bd0edb2b8b2aa81eddd","sha256":"4a08dd2bcabc02bd922353744f7e40f95eda5db876e0f4a72e653cd8654e3ec7","sha512":"bbbbe9fd793a2e5cc3a390ca29634cefa0bd442a02896a51c96ce00fb37a570b35c2de9167c2397f56834b45013da8f03b416839ed25d4abbfd43df9bd4940b1","ssdeep":"","tlshash":"6e41d779348938f616e7a47b21c63f786df9c32038045654ba6c2a8223754643377eda","size":2044,"data":"","first_seen":"2025-08-19T07:40:33.419457Z","last_seen":"2025-08-19T07:40:33.419457Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/e04e9b072ee6a34b832778e9f9226f9b/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"58839e6b34c63ec70b4c9a32bdf96ea2","sha1":"e161bcf463690dfcc968a8fb2bac18cdf39f0241","sha256":"67ee2da9d4cc71358c715b09a09f22685f1be478d49861f6a90e5bc45c8d2ecd","sha512":"a3bc86d7d06134fadb6e2585b6727c3fa9a333c89afaa64add498ac5f01af907f608318dfa70978d7767d18a81e27cffaa20fc5ae18ffe494c45f846c2c5c2fc","ssdeep":"384:lTnDw7p9Af1TPXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:5wIfTbULz3KQQmTO5qel+qL0PFcWg","tlshash":"abe2f8883f70b44d1776303b322f856ef9b5cd555488d88cd287ac952ab9b1ee437e0a","size":33026,"data":"","first_seen":"2025-08-19T07:40:33.330132Z","last_seen":"2025-08-19T07:40:33.330132Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/ac/74/45/ac744539d885732140d6b141d5a36226.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b59c15588995ae7577a431858386aa48","sha1":"962c8ba8c2fc0f19f756bb590276d88c6536b027","sha256":"082dd36781af26835e924e3a1014e6e9826d5594577559acb237633462041486","sha512":"43a74e9cd4664bd5ff39508381f23ebcecf200e4d1a7d9922490d39d379453509ce31b544f92c04e990f7d361dd0ed9b6a7e2ecd9b86fb844df576dc0b4be6c9","ssdeep":"1536:gFMvR03G4SjfXSKWyJR8QxUmDhe9caAJwabHDXvI/:I3crW+yQO9caAiz","tlshash":"ee73eb887f71b06f23a524b3223f5547f19a5c06545cf4b8f117f8596bac31af0baa28","size":73413,"data":"","first_seen":"2025-08-19T07:40:33.407641Z","last_seen":"2025-08-19T07:40:33.407641Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/8b/59/4f/8b594fd93843afec253d5e5f7141da24.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"34d1c69133b88b45db2ce1d6669be43d","sha1":"dbe0e8ad593ec79600fb9242ec2efb64f00c7eda","sha256":"8bf4ffb0d3b5d23947baa444ff689a41858019dda623aa635fc2918186dfe1cd","sha512":"1c9ffd8f0c0dff7a3f278db0af1ede1d79064a37109c58a31c6ba7c238acc8f33607cdafce51ed0c5ba473c56912e80010c91d83849b25a52308c20b3798c281","ssdeep":"1536:SO/ysWbSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXz+IPC+:+JhKfEMRbhJIMuV0DSIPT","tlshash":"b7a3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0bf63e558","size":104629,"data":"","first_seen":"2025-08-19T07:40:33.413663Z","last_seen":"2025-08-19T07:40:33.413663Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"d736fb9386e2bb6daf883cce6b38741e","sha1":"8ec036b75c13672b52b0fa8965b835224b71d769","sha256":"f7d4ad6ecd68b4a906e8a2f3aba035d3fa80e3e836c118245ab3f29cc85c23f9","sha512":"e6f5490e02dd289b7b807f8095d60f794a6486995f4cece5863700f3a1503e913452d15a9010bf14edb29be210ffd520495cc2d8573f2fc05868afa38b9145d1","ssdeep":"","tlshash":"0c21a23e612443f67303f0b2b009a2e7ad35205596091e2731ac058c0dd0ba7beee1b9","size":1276,"data":"","first_seen":"2025-08-19T07:40:33.420743Z","last_seen":"2025-08-19T07:40:33.420743Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"25fe8b3710674a7cd99a3e21ac15acc1","sha1":"15779c2e2c07abb12c17c8fb72ab3f505ca98ef1","sha256":"5b3be7b59dadbf134963768223f5d9386960fb3ea76bb71f9cc0f0a6cc4a550f","sha512":"d5f56d89288fac0b5d74613722e2c5c870e5f4f00f4737e1ffe27fc9326d8c0ca903cc05343ab3f18377eed72be910d1eba749b1a5f8cce08b113bad0e4c962c","ssdeep":"","tlshash":"7e41f7b3110327b62c83f5b70593a79ceddd82a61a08fed5381c9291b3e55e95730e4a","size":2035,"data":"","first_seen":"2025-08-19T07:40:33.422959Z","last_seen":"2025-08-19T07:40:33.422959Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad1e17ce6b6348a0c82fd7c708a684f9","sha1":"d59547e306d903dd5182adc168e1f93272346f8d","sha256":"d02915ea918e752c0e08706536a5f09f875b31923f226d71961eee98a9b6faed","sha512":"fd85e8ec48406d9bda3f8e9933e0e235f683d9f7d17d6c656dde308efa9e8a25c645faafd2ec9e94487d7d41cdfaa8e34c4e3daa288c65c142e48470b70d42ad","ssdeep":"96:hozvMMV/v8t5POcmh6eHK94HgSEs6NjK3jWtSW1G1/DMCfMEDaH:+zvMJ52fHKO9Es6NjQjO16bMCkCaH","tlshash":"a8a1f8b76d9312793d56a07f053b53acb9a582073904ff81795cf1656bb0aa00f78d88","size":4779,"data":"","first_seen":"2025-08-19T07:40:33.423872Z","last_seen":"2025-08-19T07:40:33.423872Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-10T09:55:48.818925Z","times_seen":652098,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"501cd4d14ccddfd364fbee6482265ff8","sha1":"bd18a5ffb6288219ec146bf4b6c94e07308c8e53","sha256":"5485616056ad9a9670eece6970cc31fea29a38f0d15487c7f2e292001ee3c6dc","sha512":"8d0d2e4f48463e1ff43b0caf900c3147961164651ab8c8bf6c242b9e8dc40bbc24af3f95b4a9a7d5ecdbb8f62b02f9eadee65e4654a60763931592ef12afbc00","ssdeep":"","tlshash":"8bc02be18505f3540293cd600c2cd1c0c311cc103c1d113726f0082a0250c01c5ea35c","size":139,"data":"","first_seen":"2025-08-02T11:30:48.604441Z","last_seen":"2025-10-16T23:53:34.856618Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/43fb6dba152dc7d216fc2c00b1313dbb/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0efa6f4184e2d6e72f8eb6efba0522f9","sha1":"e8cdaf86f78ff273b5458d542784c9eef33e6544","sha256":"c9fb4870ede1a9178ecec5ea304b02c1f6d32c434fafa6716094f1685f2540d6","sha512":"c1edf214c9e3c3bf1c5b81ef7d80837695af79036e05fbd4fc31fc38eef5c50ed7688d5d4d30316ca2f6d6df2ecd0381b1d649a0052cece02e1611d7fdc49007","ssdeep":"384:lrnDKyAp9nf1+PXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:BKygfUbULz3KQQmTO5qel+qL0PFcWg","tlshash":"70e208883f70b44d1776303b322f856efab5cd555488d88cd287ac952ab9b1ee437e09","size":33029,"data":"","first_seen":"2025-08-19T07:40:33.384963Z","last_seen":"2025-08-19T07:40:33.384963Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a56294773f9fd211240dea9a3e7e5297","sha1":"e8e5df53d932b7af061c2b7859cc7bd901ac8e19","sha256":"a15bc919b645cec2739a020baa9efc73b98c18d84d7ef99a719bb1d23668c176","sha512":"0ec850a44bbc244372ca502e26faffc4102e5fbf21338413166f50d0405ccf6ed0350df6f3304272ca639119025f9a94d96c450aa0124545144fa9d66f62c803","ssdeep":"","tlshash":"84e0723f1e130a31c92260df3a6bda40245020230a02c825308cc52aaf18e44ad799e0","size":352,"data":"","first_seen":"2024-10-27T02:59:17.402217Z","last_seen":"2026-04-09T13:09:38.726702Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/43fb6dba152dc7d216fc2c00b1313dbb/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"775f18b0af8528210e0073cfb6ee8268","sha1":"e96883408650feaea0fc993471a1b849811a3d73","sha256":"23fbb9f099c60c295ea897589c2fd0606f887c6db2c437974f256fb29df494d3","sha512":"496fdc8118ae57926d4add040501b27bd652571b9ac38827089f965db95d10c5bb37eeb190464760fe8e44b1e402ebc6321602d18ff0a1032130d697969293f8","ssdeep":"384:lznDKyAp9nf1GPXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:5KygfcbULz3KQQmTO5qel+qL0PFcWg","tlshash":"89e208883f70b44d1776303b322f856efab5cd555488d88cd287ac952ab9b1ee437e09","size":33023,"data":"","first_seen":"2025-08-19T07:40:33.360905Z","last_seen":"2025-08-19T07:40:33.360905Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"43e27612c32f726ced7bcb2d1904ee55","sha1":"729ae6b777aa67e596aa535861cf00a2630679d6","sha256":"f12c2d8be855cfd56853b8013538e215fe824b4ea487281ecf9d5988476302c4","sha512":"33f544d2073fb06706c4c7800dfe505c229f02835cb74310e27c2de772a66c93d436d05a50a56c926cb4266ac9d41789ed17d2d1d3fb3cd2217b974cc44a5472","ssdeep":"","tlshash":"81c08cbe20b7658190912cbf466c2648133080276e4628b23a8ce9000fc981998f6b38","size":163,"data":"","first_seen":"2025-08-19T07:40:33.426335Z","last_seen":"2025-09-22T18:56:30.469051Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"36feec08010e2f58008ca039e3d74159","sha1":"7548a569360011e95045cb2addc467d780ae1610","sha256":"36ebd4a0b47d48bd4672abfe84c0d0e7e99cb335f74f535b2ae715b45c80bda9","sha512":"7f6c7255c9b86153fa78a4be7a9f37b06ad4a267fe7445327b70e7f31896b4f91fbaec69b86360540d22fb7437306232c0bcdeead8b301d109528ce0d0ea1d73","ssdeep":"","tlshash":"d6f0f91d544b066487ffb4e2a04f228d26718c4da90e510eb92c425a19639d237d7ebb","size":601,"data":"","first_seen":"2025-08-19T07:40:33.427286Z","last_seen":"2025-09-20T03:56:14.521938Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/8b/59/4f/8b594fd93843afec253d5e5f7141da24.js","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"4ed5ed1e1568a1f38a5679910a4db267","sha1":"5ed83390038d34495f2ef3b472f5cd534c8bbd07","sha256":"9e89fb3d0404fed9ee8fe311d6140483031919e089672f1494ba9047779747fb","sha512":"f325a3e52f55345c2567e06daa9b46b2b0afab5af34928e4857fd4a2ebe90476f62845678081da3e570e242231ef25e06bf6cecad4400f7b7e391328fb918169","ssdeep":"1536:SO/CsWkSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXz+IPC+:xJhKfEMRbhJIMuV0DSIPT","tlshash":"dba3c6487f50f15c83aaa07b233f910ae02b4d42618d915ce513e5e8bf6eb0bf63e558","size":104633,"data":"","first_seen":"2025-08-19T07:40:33.416121Z","last_seen":"2025-08-19T07:40:33.416121Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obtrusiveorganizeresponse.com/6e/64/26/6e642680db3ecb105b002b772d76b2a8.js","fqdn":"obtrusiveorganizeresponse.com","domain":"obtrusiveorganizeresponse.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"fbc158f872d5faa8017e999d7925aac2","sha1":"630357f16de34769e6f265b6a14f91a6cf3e201d","sha256":"10b17b83080fac5ab4e7be3b401d8b3edca8a02dbf760ecacf7f64a8a7be2d7a","sha512":"dace76436b6413cef3f5e02d00d4b086126444125d0f375b955eca5740085344d5f38ef0e09a132dc53849ff7b9a3883e305246df5a7e30eab92bb098ef77490","ssdeep":"1536:gFMvR03G4SjfXSBWyJR8QxUmDhe9caAJwabHDT7I/:I3c0W+yQO9caAiN","tlshash":"3373eb887f71b06f23a524b3223f5547f19a5c06545cf4b8f117f8596bac31af0baa28","size":73422,"data":"","first_seen":"2025-08-19T07:40:33.337077Z","last_seen":"2025-08-19T07:40:33.337077Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-10T09:55:51.35953Z","times_seen":700364,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/swiper-bundle.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"27fbae62289b17ce94845884c7347e1f","sha1":"5b4faedfe7a99ab51b36c36882f668960dfc4c34","sha256":"491451b0d104a756b3c7ae4f324c3637ca3419e1feb61175efa388e9afbeec08","sha512":"2a3efd587dbed82d3e26046442cc4d7d2d670425e0123258fcb07f74353859e5de7a9fdb6836238adbce2bb8f3d222e3f859d08be18355c207a77b74a900daa3","ssdeep":"6144:BRm9b44OeRpEA5A2Mqqn6GvyIqcgMMQFj65G4IrV+vISpYggSCmyS:yOy","tlshash":"5c64204d9551229558b37b2edfae8108f7ba0223a147865179ac8d54efb483803bdffc","size":320846,"data":"","first_seen":"2023-03-13T22:18:49Z","last_seen":"2026-04-09T21:28:29.896159Z","times_seen":826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a6d42b933b23796943624f3c01ea3608","sha1":"ae8178fd7e33097c4004308ecfcb7f6470463901","sha256":"33c3bbdc6d74af86dfdb4420787a465ec4f25ce5bb49125c67cf0da1fffca046","sha512":"3f1cb8f076645b4e259a99119199df702b9c9a8a0a995ff3eb0fdc3957f7331903cb74bad4dcaf6fa612cfbcdb2c25a5d0f468525ad9fbe75dc4638fe8698906","ssdeep":"","tlshash":"15c08cba20c76080e0e10c7f06dc6408223180236e8528bb3a9c68040fd944c08f2b78","size":163,"data":"","first_seen":"2025-08-19T07:40:33.42822Z","last_seen":"2025-09-22T18:56:30.475322Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"501cd4d14ccddfd364fbee6482265ff8","sha1":"bd18a5ffb6288219ec146bf4b6c94e07308c8e53","sha256":"5485616056ad9a9670eece6970cc31fea29a38f0d15487c7f2e292001ee3c6dc","sha512":"8d0d2e4f48463e1ff43b0caf900c3147961164651ab8c8bf6c242b9e8dc40bbc24af3f95b4a9a7d5ecdbb8f62b02f9eadee65e4654a60763931592ef12afbc00","ssdeep":"","tlshash":"8bc02be18505f3540293cd600c2cd1c0c311cc103c1d113726f0082a0250c01c5ea35c","size":139,"data":"","first_seen":"2025-08-02T11:30:48.604441Z","last_seen":"2025-10-16T23:53:34.856618Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/78/99/17/7899179f180892f5e24f28902243b3a5.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fd3617319bc3abe41bfdee871debad5b","sha1":"979c86dfa1ed413f61caebc4984f54b70b58069b","sha256":"18b7e3baa55bb76cece906b5a9b9ed97ef93de09b74425df11c1c7f4b692789d","sha512":"cd17639184a5cdb2f6a20b87a75beba5015d6c11de44cca5ce0b871b8b511c5ec6e907b970170ebd86b6475c5801f66910a6cf8690af17485f7cd3a3f7e777f2","ssdeep":"1536:SOOjqWBSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXT+IPC+:AJhKfEMRbhJIMuV0DyIPT","tlshash":"26a3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0ef63e558","size":104640,"data":"","first_seen":"2025-08-19T07:40:33.392808Z","last_seen":"2025-08-19T07:40:33.392808Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"c6a5a7b3eb848f36cfae9b0e79a82b33","sha1":"d63d2bfed942672d3ae5c10b321cd0f88a780995","sha256":"f507e957974dbeba791c972384080d1cdecd4727a5e23a91d1e4b52e674842c3","sha512":"0412e912bf3a73016e0c7b31e52d48aedf845d744b778fb25c63a9b6b1f5a12e477fba681792720239877a829648b55f74e4b7aa67f6b75fec49dc81803743b3","ssdeep":"","tlshash":"5c31eae05c815ffa6352a76750b9673f3b84c774da9208c404fc118498aa7218959734","size":1561,"data":"","first_seen":"2025-08-19T07:40:33.429235Z","last_seen":"2025-08-19T07:40:33.429235Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b353b3358a2e3830662bb8c82ca35866","sha1":"2cfadf7704c64d8c512f6b94193e9f18120cb094","sha256":"261809b1414312e8dca21501cf052f3ea8c2ab9eff8ce28f3343eb0e2a656bb8","sha512":"3f09c0168370971bd55dfe0f9837a4ba703fa26b34f8ad30266a8ed4c853a98646f0577e72ed00b9dcd9b5aa7b5075cc879e31bc2e0f3ec4ec987c6f9bdf3b93","ssdeep":"","tlshash":"6821c13224a543b1724ef112961b19d89f3b40cdf405070bf90f26cd2deaba442f529a","size":1276,"data":"","first_seen":"2025-08-19T07:40:33.430222Z","last_seen":"2025-09-22T18:56:30.502708Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/related-posts-thumbnails/assets/js/front.min.js?ver=4.3.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c0d0dd023bfd1f908cb121964b91117","sha1":"5f8efe0a874c8fb4a24c2219eb1a1ec2a4794ee5","sha256":"59746bf91e6cfeedda9941de6a4aca642401c762bd2f44fa95eb9b76cebb486c","sha512":"6f18c4fce088cff5cdd79f12c574cf6b962b75a96bfc71bc626712a1f8f9c169e1fb65b04eae3ecd2664d21083b26a209bf165668f219877c992014ac0b57ca0","ssdeep":"192:n/n+Uex+jPIas+/x+wK/UiarCpD3ijftpgX8/HQym8l0fx2zFow:n/+Uex+TIan/sB8iMCpDKbg00p2Jow","tlshash":"be12cb2a3e2208b819124fd1e7ff0328661a3113553480e0bb4df67717adada95a3b3d","size":9397,"data":"","first_seen":"2025-08-16T23:50:24.361063Z","last_seen":"2026-04-10T05:24:59.988328Z","times_seen":245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/wp-statistics/assets/js/tracker.js?ver=14.15.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca2be7699b36cdb54806c8f512492520","sha1":"f054bad5a98ce4d60e9f560c2f93a364efedab93","sha256":"c01fa4f79ce47a5a684b37c31f49b9304499fb1eba255aeb9d03cffb3d7e83ee","sha512":"8a510ae4a71f25b9dc99026fd4b0f883a41821e2774476e8d765eb2cb151d5fcea73168f25cd5ec4170680b3831dd67f21fa0d2245bd2830b8b6872cf3db333c","ssdeep":"192:5nQ998xYO9SkmsKlsLqWOGAOZPSeIWCE+D:5nQ9WxqCLw/WCEq","tlshash":"0c0284467bd25af1ccf23468152a2a3975ab0ed33202e170f828ddd3445c6d6e743b7a","size":8951,"data":"","first_seen":"2025-08-11T14:39:25.499896Z","last_seen":"2026-04-10T08:27:32.51968Z","times_seen":1625,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/dark.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f3212f8f45e9eec6cc50cbd8cf857286","sha1":"2b5d518ac01b60e9406cdaab570cdce1d00c40b3","sha256":"fc0de871dbc236f314f4c2ac02021a01ec1e68bf56bd736ca7430e03cc144ac6","sha512":"2d9b58cd4c0ecf9f73068d332cb45d5930670d3a44d4805a105d6c9dc9cadbc9d5519bf2964c706dcd4e30a66d4b5eb6f7e187221d9d220e231a987f703de3ae","ssdeep":"","tlshash":"f221ba8eb42ba1d899b7623d4fbe4410eea408bbd1045e007c5d68a01f780a0496cefa","size":1124,"data":"","first_seen":"2024-05-29T13:54:00Z","last_seen":"2026-04-09T19:51:58.085132Z","times_seen":320,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1902172a8a9cae0ca54e6fad7d2e60d8","sha1":"8f0a2d847f4217fd8ba267d708280633863079e0","sha256":"a2f10c082768fd5b9970a783e6d29ae34a22a2076042ab6c1b26173a1054af2a","sha512":"74e00ef24bb8cd1d97ba950127f0adaf91fe9bb6d6e64416072b738b5a0b3b91f2aeb117475683fefe88722c1e1a7697b92e0fdec65b3cad1215b8e1b330106e","ssdeep":"","tlshash":"0bc08c8aaf070a31bf5037bf1e0827c0c8c24a02bc263b925290c1c460aa8338a68008","size":145,"data":"","first_seen":"2025-08-02T11:30:48.705501Z","last_seen":"2025-10-16T23:53:34.901984Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obtrusiveorganizeresponse.com/4a/0c/a2/4a0ca258a97dd1a8855ea1430daff7d5.js","fqdn":"obtrusiveorganizeresponse.com","domain":"obtrusiveorganizeresponse.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"5294c2a9bbebbec3d60cd77eb874ff69","sha1":"e144657974ec7ec6c00a80b99699c1a181bd06ca","sha256":"ecf9767a93616b6a7ee0b0dabb8ec93748d299c595a7647d576283414c15258a","sha512":"05c9ea92bd35197d46653f10dee03451e0ed147fcdd5ebd9e7e00f0777cf60c8722f87475cc135c8df6a4f5b3f32bce6a81d5c0413149a0703dc31a4d0cd4243","ssdeep":"1536:SOy89WBSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTX8+IPC+:4JhKfEMRbhJIMuV0DvIPT","tlshash":"3aa3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0bf63e558","size":104639,"data":"","first_seen":"2025-08-19T07:40:33.341024Z","last_seen":"2025-08-19T07:40:33.341024Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/2a7e536f7cb7956aa0a8fcb944318de8/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c0dd36a2a10aa409cd29b9920c79382","sha1":"02c0d7bc161ad5340a4353398bb99199e96a8bd2","sha256":"026011082e52b4b68db75a53942b2572b3a8ecbd505f89898bcb2504d685b09d","sha512":"5ec88dc9e09dd40c67f7bd8d9e96ebed387850777d358f33c8c86f1d39b823f723c75670af65e2f532a167ff25065abfd152764f8312ae8173570cdceb9c1727","ssdeep":"768:5dqJfLHR9oVJde/57cznGq3/LrnJEOlhPmOdA:kLHRZabDHK","tlshash":"a6e2d7eb7f10b37d129b9473263f440ae3391c02f5c8c75dd976d6952e8c30a896a6e8","size":31134,"data":"","first_seen":"2025-08-19T07:40:33.367146Z","last_seen":"2025-08-19T07:40:33.367146Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"0a5f10c21d1f249daeb32f8fd1dad654","sha1":"f25083404cf817fa62afb1068b646bea6b2b5f05","sha256":"0d337f87b5d8685999b096a4e057576e5cd25f2067254c861a0ce3a6c6bac890","sha512":"bfd4b87f400e50cb4d14f591be4bbca5a681a66020a46acdcf69d8c620f37e5f1871ca216aa76b44e202bbc6fd9bf6bb11977386530d02aa62a63f8651819359","ssdeep":"","tlshash":"ed310ab69ecb01eeead0d0bb074a452cddb3221a7465e9e1c46c7c10b3248916d4f2e6","size":1558,"data":"","first_seen":"2025-08-19T07:40:33.432151Z","last_seen":"2025-08-19T07:40:33.432151Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"8dcec9487b0b3a2844e7b2685452645d","sha1":"3e7c05d9986a4875e41c40d029b04f9ed6bcd574","sha256":"d75e646aefb1db5870992319335f5da2f85da50ceeeab48c6b88ad80b4959d22","sha512":"39a7e269a2ac4936922fea29db2c6fb799994d6ba29d69229556f07ba1243c34bac5febd89989cf5ab0099112a9fc6d99e0bff39e9618725f9aaf5807ca3f100","ssdeep":"","tlshash":"9041fbb17c523a725553b77742dcb3363d5cc7640a8459c57cac17801fa963642aaf14","size":2040,"data":"","first_seen":"2025-08-19T07:40:33.43305Z","last_seen":"2025-08-19T07:40:33.43305Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"6287a127c5ca3049ec1ad45368064c71","sha1":"4cece544376f861b348b9e88b804cc830c86f8c8","sha256":"4d9760f72561aad77bbc662be1f185bb7650ad19bce3c4e4ef6cd6d2c5df4643","sha512":"4cc8b04d1aa404709dab46ceb606efed4ac46350aad356775e5a6b9987315ce2de3d4ab87ebb485efc98baf2f1a09c8d0b183ab8361ef1db2375c0dfd8da54b8","ssdeep":"","tlshash":"d431eae2dea9c6f9fbd3a583b9bc347c1c60a24a450bf851c525e01a92489766e40a32","size":1570,"data":"","first_seen":"2025-08-19T07:40:33.433931Z","last_seen":"2025-08-19T07:40:33.433931Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"46fe0d5fe7884f45be5e100a8affbaac","sha1":"8f6dcb9a9ac9e1496931c63b1c3b5890f1e34b4d","sha256":"13ba425998e141672bafa724d8947f833081bd60fbaa7a5a6e5051b002c30a5d","sha512":"0bca1aac0e630ee93a0890f405a1eb6c770ced0bbf58844c7d8dc760948c7306d9bbee09c69bbe7202c29b6c1be7180a69aa54a482b4c4ca1fac03e1d1cb829a","ssdeep":"","tlshash":"fcc04c589f036776bb54b86eaa0617d3b9cd8626f5311735124e9045f0a70a62194484","size":145,"data":"","first_seen":"2025-08-02T11:30:48.658787Z","last_seen":"2025-10-16T23:53:34.864782Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c36ecf97e793833dc33160adeda894c9","sha1":"30263cd00c393e30682014e6c711c1f40bcaa2dd","sha256":"8ae82dc529c56ffefdbfef28895926bbe6d7703d7a77ca0faaeab96858013340","sha512":"74b71ac80b557546bd0ddbc7cd35746cac4eb2806fb62fb571df398b71138cb7274d7ed7d94653feead2c5e65078a960afc6c194c992453a27f80dfe5a5388c2","ssdeep":"","tlshash":"b421adab43bcb3b21587f013c2415ed89732006da46e2e8e312ac18d1ef83ad43e6195","size":1276,"data":"","first_seen":"2025-08-19T07:40:33.436095Z","last_seen":"2025-09-22T18:56:30.465544Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"15cc5f7fffda94021329b65dbcd163a5","sha1":"266f74aebebd0b83a337e380e96ebedc2d7f8be4","sha256":"9083b6861a1e1d19b04f74ad58377a2e7ac730f411e2d8821cdaf6c4d4965b1f","sha512":"7d3468bce3a69d1026872792de54f1bab8112967f65a0270d094c92c9b307aceb0be255529cbd6d0a57d593d6a4c28ebff9011d53908b0aaa941e39ab4df7c33","ssdeep":"","tlshash":"88217723c4f742a59366f117405a208cea3153d9940b978bb228078e1fd5bb626b5ab7","size":1276,"data":"","first_seen":"2025-08-19T07:40:33.436907Z","last_seen":"2025-09-22T18:56:30.501147Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/jquery.cookie.min.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"23d834419c7ccced820e192be7081228","sha1":"ec662cb3d06ee33848a3fa19585f1f31d4475ec5","sha256":"239011ddd00345611806d77467c81dc5a4c90d15fec6f66357671b73920287dc","sha512":"e8f79309ed49af97ea34f684e1fc512a8717edc0a017f79e7c5bf2e24c9dd3f0aa889f6ca5349b367a95f10bee50869ea075b3b7c543e5d66558bf0e44ec16e1","ssdeep":"","tlshash":"b32120987089b815521b9a35677f109bb078ab55d09c40e9c3d1e4e03f708820d72ef9","size":1301,"data":"","first_seen":"2023-03-07T01:19:12Z","last_seen":"2026-04-10T06:57:56.54591Z","times_seen":1243,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b87f4eac8c977f4a80dfa1000727a5e2","sha1":"a6478e9980578acc191bf97f4b4acfca8b85a3c4","sha256":"5c1652759a15aaada5a7c284c909e2c168aa89a9e8cd98c46d181cb1efde477a","sha512":"1c4de15ed5a14e5eda2c83d8e186d5d24464b19ff08767f70955f6209f3a4184fc0ab36258d2345f18a6fc5e2238461f0e5146838202960444171fc070b4090c","ssdeep":"","tlshash":"94313129a36f1890049960999787f730a219305b744fd668bb2e03807fc8a0ff1a21da","size":1581,"data":"","first_seen":"2025-08-19T07:40:33.437856Z","last_seen":"2025-08-19T07:40:33.437856Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0b4da910957a74f12429439c54bab7fa","sha1":"47cec547821c0ea436040e1f05906c443df8d5ec","sha256":"23918cfeaf9a311dddd814b8a5340c74ed281191c1069fc89c4d5452b767e07e","sha512":"787839b50c69d999ce8260084d558a7cda1a4876185bae37d9f8bcb77a3c301a827e6c73dbeb9d3de9ecb3f1b1e904d06ae5e8341fd204ab48a28d673923a439","ssdeep":"","tlshash":"c7f0ec3917b7643a98a77175ce4b61992cb95013594788023a0ca2524fddd7ccff0a40","size":516,"data":"","first_seen":"2025-08-02T11:30:48.673779Z","last_seen":"2026-03-09T01:54:48.322917Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/13/e0/f7/13e0f72a807bb8091b31314f6e78c2a7.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"274b28e7200c4329883dfa44e375e5ad","sha1":"a7d718235c91f36f08f26587b8a141204165ad7b","sha256":"b05dea690ee973dfa4d72d332cc44ad612b53a1184491fb7b87adc33b2cee6ba","sha512":"15e34ac71eda0d9d5fdddfd39f2f1fd11262858c5a0af26f27c4f3f83d612e38d21fac4beeb37f4c0cdde6b19c0bea7b789e5f26771d55165057f2e2ac660eea","ssdeep":"768:Y2bnaMmmjCqw648+QhS8u+Jcj/XcdNjNpmOdY08kUbTehzbcepw4f:Y2bnZp4x5O+jvcVdY0U3fm","tlshash":"a863c7483f91b27802e6b8fa712fa61af0265c0195d8e4d8f503f4deae66719f035f25","size":72587,"data":"","first_seen":"2025-08-19T07:40:33.357502Z","last_seen":"2025-08-19T07:40:33.357502Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"b1d91f10cdb1e55628e2dd899c43bf52","sha1":"c57af585967f62507ed406251f2d180bf0a40fd3","sha256":"9e4570586316707b416b1e43d1ad9cc90bb62a358f8c6f691d76ac91a9ea3b9d","sha512":"8b8b2598b1eeb16d59b7b2f73d4afc901bffbc48ba9d168541b161bd43bcbb490aaad541a607c52735fafeeb9b30896804db88da04b171a78b9e42937b2cc26e","ssdeep":"","tlshash":"1d410aa7802b6e585d96ef7503cce960397bc1861b646e453e4d3a011734475133bdcc","size":2091,"data":"","first_seen":"2025-08-19T07:40:33.440321Z","last_seen":"2025-08-19T07:40:33.440321Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"712ed9e49acdce9885ee84a67331accd","sha1":"be9efd541cbe8c18d2d16b3bd852f88bfb29f4bc","sha256":"c6bda82120361367327f96d708d68019aba981c15ebf950d775bb152f5b345ee","sha512":"6bbe530133404a4d719ef5e1eeddd2a97e73d1d8fe5ca2e500f9d244f94432f66f56d6f0d27d9c0c2388f2c37001f2e1f2d9c9082b05138accadb65193fe249b","ssdeep":"96:Zozxsu9Nbg/O9/jTEn3jG/tEkY5d81/D4CfMEDaH:Wze4FTwjG/CkEdkb4CkCaH","tlshash":"f8a11a7a2dc2717839d7b07f11beaa183e6192163504cd467d5cf202a7252702abaee8","size":4798,"data":"","first_seen":"2025-08-19T07:40:33.441306Z","last_seen":"2025-08-19T07:40:33.441306Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84380,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T09:34:35.836032Z","times_seen":16148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/39/64/c2/3964c29655a100a3d8cc29a5ebb94dfc.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"16570ad1e0c4553d1392e34d1cd9a214","sha1":"2bc0960e10cdcbda6cad95b10b709c0049ddec89","sha256":"698bd1f7dfc9da1b5894e804fa4d467a1a66a4cae5560c1d492b3f19d48a6d83","sha512":"82e3dcd5554132cc37a9f1a956ab5e41df409514848cccfa3a280c7a3130bb772f59dcd481bbc8cb9919501a2c210e3db042bf22659797c73ad7055a25384019","ssdeep":"1536:gFMvR03G4SjfXSLWyJR8QxUmDhe9caAJwabHDg1I/:I3caW+yQO9caAiu","tlshash":"e473eb887f71b06f23a524b3223f5547f19a5c06545cf4b8f117f8596bac31af0baa28","size":73453,"data":"","first_seen":"2025-08-19T07:40:33.370923Z","last_seen":"2025-08-19T07:40:33.370923Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/ac/74/45/ac744539d885732140d6b141d5a36226.js","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"df7d4b309fa9d6f5d92f32592556d51a","sha1":"c9d94c13ffdabd08e52fc904010766372f12ae02","sha256":"5174d52477564e1c3d24cb45c2c4e7236c0041e622c8b3278591d39ea169eaf1","sha512":"b6efb117235f9de0de6336e565893a867cf16d91a0408249b7fb1da7dca292efbdb5b589f4ca9cf91094718cc3e918f3f2d684b405d6b6046f2073b26931011e","ssdeep":"1536:gFMvR03G4SjfXSKWyJR8QxUmDhe9caAJwabHDzqI/:I3crW+yQO9caAiE","tlshash":"9473fb887f71b06f23a524b3222f5547f19a5c06545cf4b8f117f8596bac31af0baa28","size":73421,"data":"","first_seen":"2025-08-19T07:40:33.325604Z","last_seen":"2025-08-19T07:40:33.325604Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"7374151fc8220dcf6ac4c8657254c4ba","sha1":"78c0ca7f08e67129d20b453e2d10bd70fc58f982","sha256":"dde6316961a52d6cbbe1e840b735d6381f2eab462f50578e27a4d6a29fe7e1d1","sha512":"b7e694d5437c902ab5097e551e6197b37b4a40dfeaa21e3dc5bccd5790ab611a2b7189552e944d728bae42d7e86145987e8bfb055422a352e74652733e140806","ssdeep":"96:hozsVoy2PoJzWTXBoYqdo6nmTbbf9aSnM8R2wYQZ84e1/DMCfMEDaH:+z1kWTXWY8MvcSnM8NYQyHbMCkCaH","tlshash":"43a12b769dc70174294371bf171e9288ba62e1072914eec2f89cee019734d701daeed9","size":4783,"data":"","first_seen":"2025-08-19T07:40:33.442332Z","last_seen":"2025-08-19T07:40:33.442332Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a1eb53a53526204021955f53e46fcf1","sha1":"ee6bd81dead003e71a4502682d989eb660bdca00","sha256":"b5d41623fd7977cb4aee34b288943a8ed5a83bd26567fa7fbf5c89196a779fb8","sha512":"ff2fb7b6fc7d787e88e4e0cfff63c0ad5ce1c1f3abe054e397f6d23b1b1d366a389f1ce53146e71dbef96cb2d3fb73ab579e54aaf7954bb62366eb3305c619a0","ssdeep":"96:hozmSV3Q9XfNM/HNu7/M4s953+vpImGOC41/DMCfMEDaH:+zvQ1fIt6/MpjEpI5OpbMCkCaH","tlshash":"5aa14be75d8b9638ad01d9ae26b9aa587972c00b3b04ed467d8ce6444b346704b3adcc","size":4887,"data":"","first_seen":"2025-08-19T07:40:33.443266Z","last_seen":"2025-08-19T07:40:33.443266Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"d88f58a01830f2964f936235d19deaaf","sha1":"6bc7f89d71d9aa95f945c64efdbfd4b0b9669a61","sha256":"de3a7a833120a0facb8f0a022c4a1290ea2b3c8864442d6bfd08adc118b1dfba","sha512":"b0b1aca4b7d6e72a8930644bf047840198733f8da8b6eaa75e1b8bc58cd59e9e11f78047c2a13e0b1d5ec66793312e2c170a00a3db630cddab9b20dc1a62d7a7","ssdeep":"","tlshash":"7231ea774241712c78d7b01305aebb285b1126616a1b8cc60c296264f24d23095b0679","size":1566,"data":"","first_seen":"2025-08-19T07:40:33.444297Z","last_seen":"2025-08-19T07:40:33.444297Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1902172a8a9cae0ca54e6fad7d2e60d8","sha1":"8f0a2d847f4217fd8ba267d708280633863079e0","sha256":"a2f10c082768fd5b9970a783e6d29ae34a22a2076042ab6c1b26173a1054af2a","sha512":"74e00ef24bb8cd1d97ba950127f0adaf91fe9bb6d6e64416072b738b5a0b3b91f2aeb117475683fefe88722c1e1a7697b92e0fdec65b3cad1215b8e1b330106e","ssdeep":"","tlshash":"0bc08c8aaf070a31bf5037bf1e0827c0c8c24a02bc263b925290c1c460aa8338a68008","size":145,"data":"","first_seen":"2025-08-02T11:30:48.705501Z","last_seen":"2025-10-16T23:53:34.901984Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d010ab78b7bdf59bd0518cfa02dafbab","sha1":"17a1ba85cdfbeeeb3d12235327ef3ad260bd89bc","sha256":"3e821900a76696d2fabadd610c8f20f4f1a274dfe92c598fb5141a854fd6192a","sha512":"e7692d1e0c85f40e89dbbb1e51ee6f43ada40a768fffa857c67c03b473161beeb5b02f6727d167d1f7021e82aff8a2cfad6c2e9a92e75dc2f184988c77389db0","ssdeep":"","tlshash":"04c08c08687e168327aa12207692c1d382eea1a01640c1bc1b8fe1311ec7855a8ebb4e","size":162,"data":"","first_seen":"2023-03-25T23:59:59Z","last_seen":"2026-02-25T05:51:20.987167Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/age-gate/dist/age-gate.js?ver=3.7.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5c59b999bbc9a0a21bfda49b7e9a421b","sha1":"b8276550f0c140a8f114d3ccb6467cf7e97b310e","sha256":"ab1902984fdbcf3a3fa876b7df1b32e6140c784229bc2685a0094e2dfe845cff","sha512":"1ff8041726e8c12a15c3fd02402b751a5f9eb1740a1f3767d06b3d3d011a837c03880c40e3b0921b94eb4a849a423208e7b8df2408ff5d13711921f4b2fcac5f","ssdeep":"1536:gFDppw9hMfRboy6hGkRq+8t/45AWUxx4wBpp/bj9l:gFDpp+OfRbojdRq+8t/45A9xxxpp/bZl","tlshash":"aa8329d8b2a5f43a43a721e890bf280af27c5515b90c4864f355e4f524b8d4ea27bf7c","size":81333,"data":"","first_seen":"2025-02-27T08:12:09.272948Z","last_seen":"2026-04-09T19:06:57.745081Z","times_seen":745,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"f4b191592fe4a4046cd788f4d59607a0","sha1":"d00ff844e15ee6f12144e47446aeb8102786589b","sha256":"32d8987f985a486b5a2e21ef948a8c09b463b8cab90531b62b809c1372515af0","sha512":"3975136841ae381dcf3caee4632d84ec6e774e73338f27544832fadc42032589055611702e22b052d01d15bf20508a39cc7dc5d63490a0c5dbc253fec74233d9","ssdeep":"","tlshash":"f1410937886b16311e4377b3235e67803b97f2424f646ec278ac6706837ed70125ae5b","size":2037,"data":"","first_seen":"2025-08-19T07:40:33.445687Z","last_seen":"2025-08-19T07:40:33.445687Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b6e1bb6aedf7097c03bda6b9257aa3a9","sha1":"5c2ba025e094f7dceb477c5c434c9570248d5ef7","sha256":"c03d296f27ee82aebcd5e54c5cf0c821c22fc0ac8b70f2620f5f0e588ae0d551","sha512":"22e924df982980c2513928e5bbac9b5a411c2b09f9e0a01030e54f76af783c5fb7a97e9fdbacc02a5871c4f1d2702df2ebab0c3c0d0c250576e504c387c86e87","ssdeep":"","tlshash":"6cf078ed93bcb3334eeba093c28a4bdd1331002ca16e2dcd202bd20f19f468e4382845","size":601,"data":"","first_seen":"2025-08-19T07:40:33.4467Z","last_seen":"2025-08-19T07:40:33.4467Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84380,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T09:34:35.836032Z","times_seen":16148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"f0d198f6889793ba87e1df771012b74f","sha1":"16ca4f0af7d1fd0971b670716e656c7ef30ca999","sha256":"d43c9cbc28b8a1562558ea1817079571d1d94f857a05361d5300d806b5699bba","sha512":"b38bd4ec12e439dcf167c970dfc2b411724366401df8eb2db5b87ebf5e058579e19000dd5e8fc28ba7972977d04c7535bb563c23ba794e95c64fc8e09df4f50d","ssdeep":"","tlshash":"2d31eab7a86b256e6778d41d0a3e027c6eb84387b4403bd00558b438b6b18a1077ac74","size":1556,"data":"","first_seen":"2025-08-19T07:40:33.447715Z","last_seen":"2025-08-19T07:40:33.447715Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/f1/96/f1/f196f12eba49c74f7aab0889dfff3f05.js","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f6265a485a628e8256e7afb8cab57e65","sha1":"e0f9afdc8334dfa0cdad8057f66f58b77d1172fd","sha256":"90367c67c192f54663c5ce5a8b90323a10706a7633168905356c553f96a3c9b2","sha512":"f67140edb023c4ca4fc0d397cd8b8e47d06c491fba2f7851308e9fb24257e35c37114819e9a57b2667357fac1547fb030e6cfb3680473076faeb5184efc3281d","ssdeep":"768:Y2bnaMmGj9qw648+QhS8u+Jcj/XcdNjNpmOdY08kUbTehzbcepwOf:Y2bn1G4x5O+jvcVdY0U3f4","tlshash":"8f63c7483f91b27802e6b8fa712fa61af0265c0195d8e4d8f503f4ddae66719f036f25","size":72608,"data":"","first_seen":"2025-08-19T07:40:33.359524Z","last_seen":"2025-08-19T07:40:33.359524Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/main.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e533ba8761de8be51b78aa4e749ac9f3","sha1":"d0504684c093de0fb3945c175f0d10534a160dd8","sha256":"67ec8fe3469e48f9545699aaed3284193c3108c34c9709dd721ca3182de489e4","sha512":"cf6046a80c188552b8f5f94b74b3c9440b0758cef339015976cd658398dc5adb13d8fe8dd7b09b6b54c9f09c40df06faaa2f7d2c65bfec20c7533a7fd7224158","ssdeep":"","tlshash":"a001f62cbc8914a909b6e720fd7f533ae62ba4373a494684b84c88655f31374855dd50","size":706,"data":"","first_seen":"2024-05-23T01:34:44Z","last_seen":"2026-04-09T19:51:58.091991Z","times_seen":377,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/jquery.smartmenus.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"efcff8546ef4a6330321fdc755a75229","sha1":"2398c0f4f8d06009fb78e1801efb1bea6f3a71ce","sha256":"752345e29ce9c0ceb0c303f00a21c79991457e250fbd17d36150c41608f1bca8","sha512":"588b259158f14070fce9724b2dfd3814aae9725088cab8809bca04f345274ac27f21136f44cfe63a80f69142304ee05e28e64c63414ba7a6bc9ff8a4d3239070","ssdeep":"768:NE7foC3IGcqeO1fqnS0BaVftMib9oAaIQuIK7/0p9hxKMlL17tZAlnOsmKOKn3:NJJwK295afKMF17LDKOKn3","tlshash":"df2373ca735d712f82e633b4853f556aeb3dd072c20250bffcae6998656046813b0db9","size":46951,"data":"","first_seen":"2023-03-10T02:43:07Z","last_seen":"2026-04-09T21:28:29.835698Z","times_seen":843,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-10T09:55:29.743535Z","times_seen":298332,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/90a43dc0a7ac9c4f7c3ad622f2bfdf80/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5a5d3564bbc3df9e9b12f357bccf5ea7","sha1":"9fbe488aab467ee25c3853d238bdd38eefa542db","sha256":"5eb60a01d7679103935578f1d9be0f3acad153c8fd887fa0fb44a03b8023dc8e","sha512":"44992a0411e0b108a98e5b4657908314e5975d13b88203701e1294f127b8470e8b1008da9077829a083ca18ec1a4ed4b86791971b505355c48943f49436ef05b","ssdeep":"384:lznDJ4p9df1PPXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:BJefHbULz3KQQmTO5qel+qL0PFcWg","tlshash":"dbe208883f70b44d1776303b322f856ef9b5cd555488d88cd287ac952ab9b1ee437e09","size":33053,"data":"","first_seen":"2025-08-19T07:40:33.371854Z","last_seen":"2025-08-19T07:40:33.371854Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/age-gate/dist/all.js?ver=3.7.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"aba2e182a6e18a260866682e92fbc931","sha1":"f966035d4b21cad17c051aa80fbdfd339f3b062f","sha256":"c930264229cb6d811028b73bc84570680b3f941ee56964c30a56a34f290c48e9","sha512":"c839d449d39435d959bd81ba48fdc362048a162f35927bb4a6c33b4afabf804f167bb9d1c05841d3af59dee5bfbc0a9d85ac67b63c84844797500b29c691858b","ssdeep":"","tlshash":"cd5175c57b86f4a803f6913fa12f570e7a7a8524181ed440e24ad9e47c30cbb4327d6e","size":3023,"data":"","first_seen":"2024-08-26T13:39:55Z","last_seen":"2026-04-10T09:31:50.172542Z","times_seen":1047,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9ce67adc1907648ebd076418aa885073","sha1":"5e438fc21d2acec8166a8b63214492ddae06616a","sha256":"df0437de816d5af6319c28d2c9c69b9aeb970b64ef50a2cddf8af23793c8548e","sha512":"15d2ba9e4a2fb254ca5cc946d856ac1ad8a7a572f3fbd8d1273c50441220d55d0f10492892f76283d7e4b4adaccff32b5772c6459ecf9d429c428e2624f3ced0","ssdeep":"","tlshash":"59f09eb891bd0d0153e213d4750bb12a89f951902bbcd861eff9dd9105f14869a661cb","size":476,"data":"","first_seen":"2025-08-02T11:30:48.692013Z","last_seen":"2025-08-30T22:25:41.296935Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/0d/f1/11/0df111c9e9b45fe6808f25140878e8de.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"32045db2cd3ee41b67fa0deec2347186","sha1":"5717ad7b491de263832d62e14dc8e671053045f0","sha256":"8115b6946a30a03a29367869de230679a5dbb7fd2232aecf7a64180eed9cc6c1","sha512":"e2a03be98439f3939f11ded7d5c18a5f8741097f1ac343a34ac812e07dea13ae778bd75b70aa654d127654d6467144b64345a9a5c2e0cc21baf5e72cedcac2f8","ssdeep":"1536:SOHjXWbSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXy+IPC+:SJhKfEMRbhJIMuV0DZIPT","tlshash":"c0a3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0bf63e558","size":104639,"data":"","first_seen":"2025-08-19T07:40:33.344684Z","last_seen":"2025-08-19T07:40:33.344684Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/74/65/cb/7465cb288a218ddbb170ef80f071601b.js","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce3606f54c4603161c985c1716566e82","sha1":"051937254c0397659172ff0c437e0403ba0957a5","sha256":"e37b6ca3e7b953e33b131a930b0cc63e8f8280f19a9d6415c2bda1ac2b704152","sha512":"388174170b03a24d96659c9a80aa4f7efa5981ada22bc72af82e5227aefcf09736c17ad2e4a4b744e5a01c69efe7ceea4c515005787ec003af0ad83c51e89bf6","ssdeep":"1536:SOXvqWtSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXL+IPC+:jJhKfEMRbhJIMuV0D6IPT","tlshash":"dea3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0af63e558","size":104640,"data":"","first_seen":"2025-08-19T07:40:33.323011Z","last_seen":"2025-08-19T07:40:33.323011Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"e943973e8b3cac106a17c662dd87bb84","sha1":"cb1845ffd6747751f1962b395b0db0c33b7e678f","sha256":"7ae23a8f0122464d036221abd43de95ea48778b81ce48ab85211d836ea519276","sha512":"99fce39156c606f5595de7cca502bd6b0d4e9e6bc3d2ce5497683055fe9732f71f07925f85046cade4833b376552fb6736f72ff825a9ffaae89a1d48788a52a8","ssdeep":"96:7ozbr3rgvG3qnNlRmCuv69CgvG3qnNlRmCuG1/D0CfMEDaH:Mzb3qnj9uv6c3qnj9u6b0CkCaH","tlshash":"f1a12bb12cf26ab52113b67f51bdb3293e54c22949418c85bcdce3400fa5b318de9f28","size":4790,"data":"","first_seen":"2025-08-19T07:40:33.449743Z","last_seen":"2025-08-19T07:40:33.449743Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84380,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T09:34:35.836032Z","times_seen":16148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/jquery.smartmenus.bootstrap.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1427fe4a30d1b12e19d40bca25948a66","sha1":"5487ad1163c9ff890279de78f3e47dc8667de24b","sha256":"54d577b87649fbb5e3dac61c643a1fe14075c03cabe4f2bd2c269b4df5069f4a","sha512":"98dc61ce175db1b3aa750bd4dbacb41d6304f9d236a8c0d127e98cfbba9724caca510d205e5e966dfb0008f07b06d3ea11869861da79e89cb7b17bfa402a3a7a","ssdeep":"96:Q8X9VopuRtsZg9gpoQ+Ma0IirYrZFhrJ82ulG/Ak:Vuw6f0eYBlh","tlshash":"e5c166c173ae715fc4d7221625bf924aaf6ec1789046407e756b92ac7ed048823b3e3d","size":6116,"data":"","first_seen":"2023-03-13T22:18:50Z","last_seen":"2026-04-09T19:51:58.097829Z","times_seen":632,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"2eebc08d4d40f94a2cb846e6605b66ab","sha1":"75568c0c0bfed21e871bc3469710f646e6119e58","sha256":"92e68d933cd9f7e02fa5132296955b416090823893f89e5457b4b5ccbf8811e3","sha512":"8d9be5a133c5f864abde88cc7db4758187fc22bcef3694fad387b1c4c71fa0f2aa447d898a4dbed1eb40d28617586002387c6d9cdcaafdb7ff439b04cae80af9","ssdeep":"","tlshash":"38411b92e99982b2e9e3f6d379dc326c3c60e146050af886b81dd2051318dbf2654e12","size":2052,"data":"","first_seen":"2025-08-19T07:40:33.450662Z","last_seen":"2025-08-19T07:40:33.450662Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84380,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T09:34:35.836032Z","times_seen":16148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"672305f1b21c4e9d9549fcc8d838c73d","sha1":"2bbf46a749d7d4b9afad47d2a6f99faa60aff6b8","sha256":"ce326d5c59f910bc9da1c2e0782f5dc0ca78ad41ef55f54170bbffbc3db8071d","sha512":"48b5b32d4876301611480bc689ed5df818881041bcab97bf05d7f009eb4e5b5644a0baa4082ff170a76fb450b5d3ee28fe95336abe27e216f4c2961fbdf5e555","ssdeep":"","tlshash":"53110088a6d96cb058e47bd4401db73122975a1335008668d2f89d6e07fe9ecb225703","size":901,"data":"","first_seen":"2025-08-19T07:40:33.451532Z","last_seen":"2025-08-19T07:40:33.451532Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"03d6d38af8c34d50a7d4f77919f3f6c7","sha1":"90e18129a2b50addce02c98c923534d242233216","sha256":"9f7a87d73cf34cd5d76d600a5ce326ac1ce32a021067b1bb50587fa488b13444","sha512":"28832956f6898aae55555f210e05bbb1a396fa48244b0c83057e36c721287e4976063ed6fc28a6dcdaa282010e9e9afb74fe50405a2428205e765219a4f2d833","ssdeep":"","tlshash":"bee07dfafd5b457111e7a1237bce739e293275a3e92a4c402889ce806c38dd31126dd1","size":329,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-04-10T07:54:24.975771Z","times_seen":9175,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/ac/74/45/ac744539d885732140d6b141d5a36226.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5d4cab9ff8000376eb9f86b48a78e8c3","sha1":"10b1dc654c60de6ef03c7e40ccba7016ade11390","sha256":"173d3cb9b0eabe2a08767dc6c2580eb411341580140897b85acfd6e3fbafc7da","sha512":"ec967f9f59a26de228f3836d5e0e54aaed80465b1686930de87c5ae497814b6c07ee36da0223f94002a049bfe0062c3af47416df661c376749ea4d0f499b6bf2","ssdeep":"768:Y2bnaMmNjXqw648+QhS8u+Jcj/XcdNjNpmOdY08kUbTehzbcepwPf:Y2bnmU4x5O+jvcVdY0U3fX","tlshash":"9b63c7483f51b27802e6b8fa712fa61af0265c0195d8e4d8f503f4deae66719f036f25","size":72577,"data":"","first_seen":"2025-08-19T07:40:33.362803Z","last_seen":"2025-08-19T07:40:33.362803Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ed8c4e931da3e169db96e952876d429","sha1":"9b8156cecf3d9761496f21cf88dd2c2248e858d1","sha256":"dd26d68f5138dbf605acf1633d8cc14061d484aa2ec686f2ec77f707d3bf227b","sha512":"4b8bc079cca92c27361d5a77b4c65a91cbb9496999bac13baf04f9d6823d54e93e3f05633ad319e4c09c07455c6dbb33a85ca6adebe46da704a717d17808a0ff","ssdeep":"96:4ozxC1OwZl37SvHM+F3eN3As90OwZl37SvHM+F3eN3+1/D2CfMEDaH:hzoNs34QsYNs34yb2CkCaH","tlshash":"b0a1e8a2ded9c1b4b9e375977afcb15c3c30a10b0506ec06f81ce10a5b14aba5e94e65","size":4811,"data":"","first_seen":"2025-08-19T07:40:33.45295Z","last_seen":"2025-08-19T07:40:33.45295Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/related-posts-thumbnails/assets/js/lazy-load.js?ver=4.3.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ac6d573d88d4c9f5e2707c876b986c7","sha1":"01f5d2cffe836c2ae50d1616f3bc7fc215aad447","sha256":"93bbd63f5a9277ff3ffeca2b9c5de102146ba4cce4b4f713971b9da7a505bfac","sha512":"f8f1ed80dfa7fe981ca8d213acaa935e96b62e76badda63c58ef229f38c0b637daaf3c02bd6acdb1fb226bfe36239b82ae076286cce52fe5c3cdf070f69e8c4b","ssdeep":"","tlshash":"5931e1c478e3a1bfa867292b63bf029d37e850870448cb127e5d42554fb4da932b1fe4","size":1482,"data":"","first_seen":"2025-08-16T23:50:24.312687Z","last_seen":"2026-04-10T05:24:59.922987Z","times_seen":241,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/43fb6dba152dc7d216fc2c00b1313dbb/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"775f18b0af8528210e0073cfb6ee8268","sha1":"e96883408650feaea0fc993471a1b849811a3d73","sha256":"23fbb9f099c60c295ea897589c2fd0606f887c6db2c437974f256fb29df494d3","sha512":"496fdc8118ae57926d4add040501b27bd652571b9ac38827089f965db95d10c5bb37eeb190464760fe8e44b1e402ebc6321602d18ff0a1032130d697969293f8","ssdeep":"384:lznDKyAp9nf1GPXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:5KygfcbULz3KQQmTO5qel+qL0PFcWg","tlshash":"89e208883f70b44d1776303b322f856efab5cd555488d88cd287ac952ab9b1ee437e09","size":33023,"data":"","first_seen":"2025-08-19T07:40:33.360905Z","last_seen":"2025-08-19T07:40:33.360905Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-includes/js/comment-reply.min.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4a49df71f8b98c1d9f9d8fce74d89e8","sha1":"b95fcda0c8c26305ad94e80343d0cfca8a048a10","sha256":"9d4687a19cab8f7442a3bda40c45be4d10e42488e091ddd706c3caed83c3ee1f","sha512":"42cd5f854779886f24c43ed14617380110c946d1b430b454060c3b391de6fbae6d0ed8ab7cdd7cfdc9726b2d6142a4e01c4448e36088dfcee7fdd00b60909f89","ssdeep":"","tlshash":"5051a7d437c95d762a83b3395efe930271712709a50805608826c86931bcfea63b67fe","size":3026,"data":"","first_seen":"2024-11-13T06:33:24.856382Z","last_seen":"2026-04-10T09:55:12.504205Z","times_seen":58558,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e88ac65d42e544b650e5c4423bebba98","sha1":"e0505434fcf6af9eb058302bc317ccbccfdf4445","sha256":"7a6423f4e9f1bb21792c2a06f33502f65b695f4b2e96153691d898e253184138","sha512":"a805a2ca2418adf118e21e952056cfa5eee2ec2d3898f8d1b69e8df826904cedd8db4197ecfef875de2cb7b4768496f66fd7522bc7ded6d06bf7fc7c4e0603b6","ssdeep":"1536:UqBu6DD4UaD2L694onHfEwn6bDBffA6cuK/nqippdGn4XZfO0UVsC6pF34LWZtF1:HDD44OqCf2ifqippxZfrXF3ft72297C+","tlshash":"73832bd1bf3069361ebb41b1b06f018bb6f5d9375a8d4062e508c8a92f68c9710f7f69","size":85196,"data":"","first_seen":"2025-02-04T01:21:37.841747Z","last_seen":"2026-04-05T01:30:24.258105Z","times_seen":199,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"28fa9b1a4c823f0286dafda4d9331072","sha1":"90b72987baa0c16592f4084d85ff4957cebd8290","sha256":"3aa43609b0b1fc955e726851f6dab6d9c59b7513772d160b914190df33840dee","sha512":"b5a23e235fa1692f8e9b7e7fe992d9ecdfb803bb991843a24a00ff0719af2fa32b9fa9e5ce467c9d547022df1c23f7515a6df9631ceda9f234e90e436e95f9aa","ssdeep":"","tlshash":"1bc08ca49f080020b2603c8e1acde38168f30317b9f1082f2a1c489874a60ae06020c0","size":145,"data":"","first_seen":"2025-08-02T11:30:48.677957Z","last_seen":"2025-10-16T23:53:34.85969Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c36ecf97e793833dc33160adeda894c9","sha1":"30263cd00c393e30682014e6c711c1f40bcaa2dd","sha256":"8ae82dc529c56ffefdbfef28895926bbe6d7703d7a77ca0faaeab96858013340","sha512":"74b71ac80b557546bd0ddbc7cd35746cac4eb2806fb62fb571df398b71138cb7274d7ed7d94653feead2c5e65078a960afc6c194c992453a27f80dfe5a5388c2","ssdeep":"","tlshash":"b421adab43bcb3b21587f013c2415ed89732006da46e2e8e312ac18d1ef83ad43e6195","size":1276,"data":"","first_seen":"2025-08-19T07:40:33.436095Z","last_seen":"2025-09-22T18:56:30.465544Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/sticksy.min.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c8f1751e0f2b662caaa1d91afaea1637","sha1":"96286ad38080c821e4aeffd26f3f688650403fbe","sha256":"1fab90f3bf3f8f2b7ac35a013612fab34d6201f5b1002ad6bd55c206366cac63","sha512":"972b33d5c5d6761703546a140f3e21b27fba96f016f9d50bb317fed5867e7983ed8d4eded5023e28a1097ce3a98aedf329ea991e105ef8eee8878f0d80337d5f","ssdeep":"96:Vh9vD08cLp94YEKZ5oSpwe8wf5eWyjyl1FxQQyXzZG/oO:JmCY9Z5H3f5eWyjyl1Fx/ysoO","tlshash":"f3c1750873a1342a458b95d6473fa90b7572546c9146847c3d6cc4f29cf1b8e27bbebc","size":5727,"data":"","first_seen":"2023-03-13T01:30:43Z","last_seen":"2026-04-09T19:51:58.139037Z","times_seen":618,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/8b/59/4f/8b594fd93843afec253d5e5f7141da24.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"34d1c69133b88b45db2ce1d6669be43d","sha1":"dbe0e8ad593ec79600fb9242ec2efb64f00c7eda","sha256":"8bf4ffb0d3b5d23947baa444ff689a41858019dda623aa635fc2918186dfe1cd","sha512":"1c9ffd8f0c0dff7a3f278db0af1ede1d79064a37109c58a31c6ba7c238acc8f33607cdafce51ed0c5ba473c56912e80010c91d83849b25a52308c20b3798c281","ssdeep":"1536:SO/ysWbSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXz+IPC+:+JhKfEMRbhJIMuV0DSIPT","tlshash":"b7a3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0bf63e558","size":104629,"data":"","first_seen":"2025-08-19T07:40:33.413663Z","last_seen":"2025-08-19T07:40:33.413663Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1902172a8a9cae0ca54e6fad7d2e60d8","sha1":"8f0a2d847f4217fd8ba267d708280633863079e0","sha256":"a2f10c082768fd5b9970a783e6d29ae34a22a2076042ab6c1b26173a1054af2a","sha512":"74e00ef24bb8cd1d97ba950127f0adaf91fe9bb6d6e64416072b738b5a0b3b91f2aeb117475683fefe88722c1e1a7697b92e0fdec65b3cad1215b8e1b330106e","ssdeep":"","tlshash":"0bc08c8aaf070a31bf5037bf1e0827c0c8c24a02bc263b925290c1c460aa8338a68008","size":145,"data":"","first_seen":"2025-08-02T11:30:48.705501Z","last_seen":"2025-10-16T23:53:34.901984Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/bootstrap.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b38ad66233d951b97b32d03cb8d042dd","sha1":"d1caf0e2cd63daa44b6821b5c4abb2dc45671119","sha256":"62512d1879bf167a7101baf82aa8b9a2df5f391d6201087fa8aed120cfccf7a9","sha512":"958bf35d52094f1f0573793cb1b6d33d6a5e8feacff7960a49ad563a4805996d5890ed34f61a6b548dfa2a356c2e334fab56604af38e29f5ab36123e88e410e2","ssdeep":"1536:6P1jVdO9VK+afC5Ds5SwLcJIpnLzLzoCQTUK92DbP3DF0dc/q8Ovq:yyY5z4CQTLIzF0GjOvq","tlshash":"4fe356493d9a2473493be77e9f63411efb2201ab610691987dac0a8c1fb546051eeffc","size":153248,"data":"","first_seen":"2023-03-13T22:18:49Z","last_seen":"2026-04-09T19:51:58.09703Z","times_seen":630,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/custom.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d8503e5d5a42fa4a500ab2b4f24e0d85","sha1":"a566876e230985aa1dd578283207ab810e2f2fd1","sha256":"2df9ad74e129325fb3f2f62165502e0c95075a5bcfed8b6f67fb580f2a774a0e","sha512":"193ed82f5594d737d1d7f3fda3f24069b9a4fccacf75f686d4e72882f96ffa4d7ae07a5d8ebcaafc1a543968cd32ffe24452d56da0d0482c26faa10f2464f9bc","ssdeep":"","tlshash":"1741d0993419217209bb6f3e7b7ea384fd36001b9101d546b4ad4aea2f70b5851a3dc9","size":2317,"data":"","first_seen":"2025-04-22T12:18:55.703952Z","last_seen":"2026-04-09T19:51:58.099248Z","times_seen":223,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"38524b75d7b39e7d99c3af947ee83101","sha1":"4ae8cc40e6f45b146637ef19c0294f4c98d7fe0c","sha256":"c0552c21f34230d12cb65a5d470a608359a02f56872c685e307c18e7ffc79b1d","sha512":"3d0bdc4d51973bd82ef380201a0c3815d64ce1dbc2e77a6d21c367735ee9d1cb8b055ea72428beea89a4695848aa651e3a79d149c37692b5af39b9be8a81c096","ssdeep":"","tlshash":"8ec08cbc2f390c226530388efb4c23c08ac14b0b38a21690a908c40060c6033e082408","size":145,"data":"","first_seen":"2025-08-02T11:30:48.746752Z","last_seen":"2025-10-16T23:53:35.00979Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"d7cd83cee04a55c498be165e5b8cbfa5","sha1":"ba7c2acc50f7c74589c844d3e4a3548833807832","sha256":"7addbc8863c31a59627dc0effc1abff84f55d130c568f53b32aadc044d9803e4","sha512":"480b1061eb30429cfc51928b499cc1dc3d1a7a77493de31ca2a0dceb041fa5c23ad6f53bcf2d2434d5531c83b3c9f84991a9d3e619ba40d6cfc997330f753b19","ssdeep":"","tlshash":"1e312ce6620e5a38fe208d8a7ab16f1f7fe2911e32224cd9209d85cc939c270c712077","size":1608,"data":"","first_seen":"2025-08-19T07:40:33.456464Z","last_seen":"2025-08-19T07:40:33.456464Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"obtrusiveorganizeresponse.com/ren.gif?sid=H4sIAAAAAAAC_1RSTYgcRRSu2exJD0YRD57mIPi7s93TPT9tDsEYoyExCUkkB0_117uV6e5qq7qnJwNKNBBy0gFFjF56vpnN-hMlnrwoyKwgsiA4twWzF68qgpCDJ-nNwOg7fO-9-qrge1-96-N8n3jI6d65V_VQRRFdbzWc-lOXVCJ0YetnLtZdp-EcqV9SSds_Uh9UYPrPu57fcJ6uvyx5T683HddxXMetn1BGhnqwfsBCpbcDtxE4Db_ZcFs-Bub_vc1rsLQG0d8nj0CJ-UO_ha9D8RmS-M5xaXuZTp97Kc4jmmmDvth-LeklukgQL8vQ1BAm24vb0HZOyEcr0Mn2YgLo_rSaAEzNycpjd8GS7YVMsP7WfaUsgkzAxIMo-jPIaAZFZ-D6GpT4hQBc4MxZJPGtM9oU9Mp9llbsnKze-xuqmJPVu48iib86FqlB_YKO8kzpxGIQllCDGdTGDGm-g2y4AlXsgGfvQImfyfq900ji6VkbaSix94Tndrgv2nLNb7Lmmh_4_hrtitZaS3Le8cJWux2yA4tUOAO1K8htDbmqIQ9ryNMaYrFX952uz13qtcNA8I7jU98XkjlBt-k4NOAd5LzSPkKWjsCjEbi5itS8_anwOtJj3B8z9NQIJv8edrOEFTXYjKAvShSSoLAEBSUoFEGRERT9cktEtmnLWyKyOXMXubnIXjnR2caYbulsQyYE1IxgRDlV6Rv2Gnh2aDIMrZjoCijLygllohyn--ThyuHah5_soif36k3akS2vHXY46wStNqUO7YacBb7vuV0hu7CqhLIroLaGoZqTU-_-ilTNyZPPXgajO7DRDrg6DJq7oEUJullimHyZUt6zKqO2wXUMoUuk2SqyK7VxtE8eP_jkC9f_gOS7RwfvZ99efusfcFMiNSUuqx8INqIbk_O6INPzurDk67NppmI1pNUCXMhoJg99fkpeKbQRJ4_b0Wcv8IqoytsXpc1O00SoZMOSL44pIaQ5oQ2X5LuT9pJk53K7eSw3SZ6ePvfiiZNxaqS1SiczUDUn5OYdcDUnh39882C5G9-8B2VmMHmJON8liwBPr8KmS-1WE5hoybN0BUVeTkyTLQ8jRRDJZU9ZCfufni3riaHVa6rKsb2BDbMKml1DEpfomxL9qASNRrD5A5MsNbtHf7pZxcdg0eqERWZ1yiITfVBZ_NeBzxX8WcHvsGqv3moyr93ttmXYFqEnvKYngpYjA58GbT_wW8jsfHP6zCv_BgAA___f6QIPyQQAAA==","fqdn":"obtrusiveorganizeresponse.com","domain":"obtrusiveorganizeresponse.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obtrusiveorganizeresponse.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 31 Jul 2025 08:17:55 GMT","end":"Wed, 29 Oct 2025 08:17:54 GMT"},"fingerprint":{"sha1":"01:BF:0E:08:1A:51:22:FA:47:6E:E8:5C:27:AD:57:D6:0D:B9:0D:49","sha256":"74:90:CC:3C:B8:82:9D:36:BC:2C:8C:07:85:B7:C2:E4:4F:42:44:5B:FE:16:52:43:DC:36:21:8B:0C:7B:25:97"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSTYgcRRSu2exJD0YRD57mIPi7s93TPT9tDsEYoyExCUkkB0_117uV6e5qq7qnJwNKNBBy0gFFjF56vpnN-hMlnrwoyKwgsiA4twWzF68qgpCDJ-nNwOg7fO-9-qrge1-96-N8n3jI6d65V_VQRRFdbzWc-lOXVCJ0YetnLtZdp-EcqV9SSds_Uh9UYPrPu57fcJ6uvyx5T683HddxXMetn1BGhnqwfsBCpbcDtxE4Db_ZcFs-Bub_vc1rsLQG0d8nj0CJ-UO_ha9D8RmS-M5xaXuZTp97Kc4jmmmDvth-LeklukgQL8vQ1BAm24vb0HZOyEcr0Mn2YgLo_rSaAEzNycpjd8GS7YVMsP7WfaUsgkzAxIMo-jPIaAZFZ-D6GpT4hQBc4MxZJPGtM9oU9Mp9llbsnKze-xuqmJPVu48iib86FqlB_YKO8kzpxGIQllCDGdTGDGm-g2y4AlXsgGfvQImfyfq900ji6VkbaSix94Tndrgv2nLNb7Lmmh_4_hrtitZaS3Le8cJWux2yA4tUOAO1K8htDbmqIQ9ryNMaYrFX952uz13qtcNA8I7jU98XkjlBt-k4NOAd5LzSPkKWjsCjEbi5itS8_anwOtJj3B8z9NQIJv8edrOEFTXYjKAvShSSoLAEBSUoFEGRERT9cktEtmnLWyKyOXMXubnIXjnR2caYbulsQyYE1IxgRDlV6Rv2Gnh2aDIMrZjoCijLygllohyn--ThyuHah5_soif36k3akS2vHXY46wStNqUO7YacBb7vuV0hu7CqhLIroLaGoZqTU-_-ilTNyZPPXgajO7DRDrg6DJq7oEUJullimHyZUt6zKqO2wXUMoUuk2SqyK7VxtE8eP_jkC9f_gOS7RwfvZ99efusfcFMiNSUuqx8INqIbk_O6INPzurDk67NppmI1pNUCXMhoJg99fkpeKbQRJ4_b0Wcv8IqoytsXpc1O00SoZMOSL44pIaQ5oQ2X5LuT9pJk53K7eSw3SZ6ePvfiiZNxaqS1SiczUDUn5OYdcDUnh39882C5G9-8B2VmMHmJON8liwBPr8KmS-1WE5hoybN0BUVeTkyTLQ8jRRDJZU9ZCfufni3riaHVa6rKsb2BDbMKml1DEpfomxL9qASNRrD5A5MsNbtHf7pZxcdg0eqERWZ1yiITfVBZ_NeBzxX8WcHvsGqv3moyr93ttmXYFqEnvKYngpYjA58GbT_wW8jsfHP6zCv_BgAA___f6QIPyQQAAA== HTTP/1.1\r\nHost: obtrusiveorganizeresponse.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl26647499=1; nlec2a7e536f7cb7956aa0a8fcb944318de8=[5474032,5474029,5474030,5474028]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: obtrusiveorganizeresponse.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 42879960fb74c54d89291bba6baac44c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"obtrusiveorganizeresponse.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/css/bootstrap.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:50.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/css/bootstrap.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 22426\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 23 Jul 2026 16:42:32 GMT\r\nlast-modified: Mon, 21 Jul 2025 08:15:17 GMT\r\netag: \"326b7-687df715-bdc9077aa5221b7f;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 2321838\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NevTWP7JdnHY8QmwykrGRquLo5jrxe4Zm%2F6r5jhbAdwvjgCzTdDbwonTjozXQFjDiapV8uLT9OWMcC63uRhfL59PaLx%2BAu2K7Gc5VFc%3D\"}]}\r\ncf-ray: 9717ffdb88908bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":206519,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (560), with CRLF line terminators","md5":"531c7f6cc193e3dd85d7e929bbc3aad9","sha1":"ba495a599ba2618b08d10a77e63f45ab277ddb2f","sha256":"32912330a43502eb8254911da01bf007e5873ebf195c4cd038878d6a748e242a","sha512":"172794af552b97909bcca9c7db455b399f1d8987e1ce98beff4310e5a8e767ed64b110130b5aaa0f985ce6fb5254abedeb1cd664921f5fd987c1ebd744f215a9","ssdeep":"1536:pda+NJRoDp1QC4EhQee/MhJDc7Rt/Q5j67GrdHAVNzeWAJuYWQ+gME8HKuhSoLSE:2gJj/w2iBgbzSoLSmyNdX+","tlshash":"8b1489adf982140716b38b78eb936abfff6e00a3c7014679b9e26154d7846d04c66dcc","first_seen":"2023-04-09T10:25:11Z","last_seen":"2026-04-09T19:51:58.092786Z","times_seen":581,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogza/css/colors/default.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogza/css/colors/default.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 4856\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 23 Jul 2026 02:10:46 GMT\r\nlast-modified: Mon, 28 Apr 2025 20:53:02 GMT\r\netag: \"71e4-680feaae-62f7767d83d29a77;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 2374144\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o%2FJWLkV1v8afdDl0iR9xPGXi06gs%2FPZtmBplzFKKpy283HyOx3XMobbDlE%2FRJmoOicqgV%2F%2B4n87NeOeWBHfy3bZM%2FZiGiFnHlAbmMQs%3D\"}]}\r\ncf-ray: 9717ffdb98b58bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":29156,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (311), with CRLF line terminators","md5":"1e7e5d49c4369a8aaab38972b1a1deae","sha1":"03801b1b413f9dafc9088db631ad95b30f8aa7ee","sha256":"7821dce579fbd372ffd4706f77570574e246f971fe76d87dbec7284f284c4f4d","sha512":"55de77ffda7d1a17d5e8e554d060334a8e799b9a8e473c1c38b24e4656e0cd82326a4a5e3f3e7bd48aef086b89ffaa2b4abda50ca4864e08e6b5b9abe88b4188","ssdeep":"192:BhwIXp643LUdxEhNd2i2mFaCxWy22N2gysV57JjEWGya7nByMLfZU+aalW6/dP:9ZJv22NT7JjEPWG","tlshash":"01d2e0efe15628ae3b575afe6a7191c06f5850e8e9040bbc7c2605b411cd3c93e37e86","first_seen":"2024-10-23T09:42:29.412958Z","last_seen":"2026-03-27T09:48:25.362686Z","times_seen":24,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/impr.gif?sid=H4sIAAAAAAAC_1RTy4sc1Re-NZPd7wc-EBeC0IuAz-mpV1d3m4UkJiNjYhKTSBYuwq17q2ZuuqpueR9dk3ETDJGspMWNK6n-ujOjcRT9AwTtcRcUbFeDZjb-CULAnfRMQ-tZnNf3FXzn1LkfDe0hCWDpweW35bbIMrraarqNF6-LgstKNy5ea3hu0z3VuC6KKDzV2Jo51X_NC8Km-1LjzYT15Krveq7ruV5jTagklVurRyhEudf1ml23GfpNrxViS_231nYJmjrg_UPyNASfPvFn-h4Em6DIvz2b6J6R5avncptRIxX6fPfdolfIqkC-SFPlIC1252xIPSXksyXIYnc-AWR_PJsAsZiSpWcfIS525zIR9-8fK40zJAVi_j9U_QmSbAJBJ2DyDgT_lQCM4-IlFPnORakqeusYpTN0Sk48_guimpITj55BkX9zJhNbjasys0bIQmMrrSG2JhAbE5R2H2Z7CaLaBzMfQvBfyOrjCyjy8SWdSQh-cDL2O3Hc8qIVl_FoJeQ8WKG-6614nThqpz510056tCKRTkD1Mqx2YIUDmzqwpYOcHzRCtxMyjwZR2uWs7YY0DHkSu92O77q0y9qwbKZ9AFMOwLIBmLo7tgXTQ--Lkm-aXj_wx0bZZGfWDPyht2dvlJkfRUE78Nyht3PMOuKgVLfREwMo-wP0Zg3Nl6DNlDjv3Eaf16gSgkoTVJSgEgSVIaj69X2eaV_XOzzTNvbm0Z_HoB5JszGk96XZSAoCqgZQvB6L8n19B8wsj7ZTzUdy5mhsHqyt-FG7vdK64Y1ozOtheUiemv0d5_Mff0cvOWhQ1g7DVtDlnU6rHfhe6PIo9kKPt2gQ-X4ELWoIvQSqHWyLKTn_8R8oxZS88MpNxHQfOtsHE0-C2udBqxp0s8Z28XVJWU8LQ3WTyRxc1ijNCZhbzjA7JM8dHcjpvz9Fwh6-_ltwZGCqRqlq3BQ_EWxk90ZXZEXGV2SlyXeXSiNysU1nx3PVUJMsPzif3Kqk4utn9eDL02wGzNK9a4k2F2jBRbGhyVdnBOeJWpOKJeT7dX09iS9bvXnGqsKWFy6_sbaelyrRWshiAiqmxPngZzAxJf9_69zRwzi5fhdCTaBsjdw-JHMDK29DlwvtWhKobIHHpYPK1iPlx4tmJgiyZFHTuIb-Vx0v8pGis6-pqIf6HjaUA2ruoMhr9FWNflaDZgNouzwypVrIiDNnFGfKGceZyj45XrEWB400SHzmup125AWdNPGCkLO01Qm7PKJuECQwero5fnn9nwAAAP__s6uJ8fYEAAA=","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:10:41 GMT","end":"Fri, 26 Sep 2025 22:10:40 GMT"},"fingerprint":{"sha1":"C7:75:50:5C:D3:7C:BF:A1:34:3E:61:33:FC:D6:81:21:2E:31:1D:92","sha256":"CB:A9:18:8B:DD:56:71:B4:C1:61:A7:9F:5C:50:7F:22:BB:83:72:BC:0F:B3:14:19:C4:E9:F9:59:6A:0F:95:EC"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTy4sc1Re-NZPd7wc-EBeC0IuAz-mpV1d3m4UkJiNjYhKTSBYuwq17q2ZuuqpueR9dk3ETDJGspMWNK6n-ujOjcRT9AwTtcRcUbFeDZjb-CULAnfRMQ-tZnNf3FXzn1LkfDe0hCWDpweW35bbIMrraarqNF6-LgstKNy5ea3hu0z3VuC6KKDzV2Jo51X_NC8Km-1LjzYT15Krveq7ruV5jTagklVurRyhEudf1ml23GfpNrxViS_231nYJmjrg_UPyNASfPvFn-h4Em6DIvz2b6J6R5avncptRIxX6fPfdolfIqkC-SFPlIC1252xIPSXksyXIYnc-AWR_PJsAsZiSpWcfIS525zIR9-8fK40zJAVi_j9U_QmSbAJBJ2DyDgT_lQCM4-IlFPnORakqeusYpTN0Sk48_guimpITj55BkX9zJhNbjasys0bIQmMrrSG2JhAbE5R2H2Z7CaLaBzMfQvBfyOrjCyjy8SWdSQh-cDL2O3Hc8qIVl_FoJeQ8WKG-6614nThqpz510056tCKRTkD1Mqx2YIUDmzqwpYOcHzRCtxMyjwZR2uWs7YY0DHkSu92O77q0y9qwbKZ9AFMOwLIBmLo7tgXTQ--Lkm-aXj_wx0bZZGfWDPyht2dvlJkfRUE78Nyht3PMOuKgVLfREwMo-wP0Zg3Nl6DNlDjv3Eaf16gSgkoTVJSgEgSVIaj69X2eaV_XOzzTNvbm0Z_HoB5JszGk96XZSAoCqgZQvB6L8n19B8wsj7ZTzUdy5mhsHqyt-FG7vdK64Y1ozOtheUiemv0d5_Mff0cvOWhQ1g7DVtDlnU6rHfhe6PIo9kKPt2gQ-X4ELWoIvQSqHWyLKTn_8R8oxZS88MpNxHQfOtsHE0-C2udBqxp0s8Z28XVJWU8LQ3WTyRxc1ijNCZhbzjA7JM8dHcjpvz9Fwh6-_ltwZGCqRqlq3BQ_EWxk90ZXZEXGV2SlyXeXSiNysU1nx3PVUJMsPzif3Kqk4utn9eDL02wGzNK9a4k2F2jBRbGhyVdnBOeJWpOKJeT7dX09iS9bvXnGqsKWFy6_sbaelyrRWshiAiqmxPngZzAxJf9_69zRwzi5fhdCTaBsjdw-JHMDK29DlwvtWhKobIHHpYPK1iPlx4tmJgiyZFHTuIb-Vx0v8pGis6-pqIf6HjaUA2ruoMhr9FWNflaDZgNouzwypVrIiDNnFGfKGceZyj45XrEWB400SHzmup125AWdNPGCkLO01Qm7PKJuECQwero5fnn9nwAAAP__s6uJ8fYEAAA= HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[4323731]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nSet-Cookie: iprc_l+673684ba81bfe086ff7291f77a7327e0=4323731; expires=Wed, 20 Aug 2025 07:39:54 GMT; path=/; secure; SameSite=None\niprc_l:4323731=1; expires=Wed, 20 Aug 2025 07:39:54 GMT; path=/; secure; SameSite=None\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 741ca21d9643570b3b12d30db8bd1ce9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/ren.gif?sid=H4sIAAAAAAAC_1RTzYscxRuu3gR-hx_ED0QhIMxB8HNn-2t6ps1BjHFlSUxiEsnBQ6ju6t6tTE1XWx_Tmz0FA5KTjDdP0vPMZFdjFP0DRJn1IgEh42nB7MV_QBCDR5nZkYl1qHqffp4Hnnr7rY-H9pAEsPTg4rtyhwtB11pNt_HSVV4wWenG-SsNz226pxpXeRGFpxrbs031X_eCsOm-3HgnS7tyzXc91_Vcr7HOVZbL7bU5C17ei71m7DZDv-m1Qmyr_2JtV6CpA9Y_JE-Ds-kTv-cfgKcTFL1vz2S6a2T52ts9K6iRCn22937RLWRVoLcsc-UgL_YWakg9JeSzFchib3EDyP54dgMkfEpWnn2IpNhbxETSv3OUNBHICiTs_6j6E2RiAk4nSOUtcPaAACnD-QsoervnparojSOWztgpOf7oT_BqSo4_fAZF75vTgm83LkthDZeFxnZeg29PwDcnKO0-zM4KeLWP1HwEzn4ha4_OoeiNL2ghwdnBC4nfSZKWF626KYtWQ8aCVeq73qrXSaJ27lM37-TzFvF8AqqPwWoHljuwuQNbOuixg0bodsLUo0GUxyxtuyENQ5YlbtzxXZfGaRs2nWUfwJQDpGKAVN2-Z6-Vwo_abuBG8dD7omRbptv3g7FRNtu1Rar9YOgtVFHQ9uPW0Ns9Us0145lmaYweM0ZDD6W6iS4fQNkfobdqaLYCbabEee8m-qxGlRFUmqCiBBUnqAxB1a_vMKF9Xe8yoW3iLU5_cQb1SJrNIb0jzWZWEFA1gGL1mJcf6ltIzbHRTq7ZSM42mpi766t-1G6vtq65I5qwelgekqdm_9D5fH8d3eygkXtxlHt-ltAwTtth3qY0cTudmOV5HuRuC5rX4HoFVDvY4VNy9pPfUPIpefHV60joPrTYR8qfBLXPg1Y16FaNneLrkqZdzQ3VzVT2wGSN0hyHueEMxSE5OR-j5t8BsvQ-WSykqkapalznPxFsitujS7Ii40uy0uS7C6XhPb5DZyN22VCTOXfPZjcqqdjGGT348s10RszKe1cybc7RgvFiU5OvTnPGMrUuVZqR7zf01Sy5aPXWaasKW567-Nb6Rq9UmdZcFhNQ_uDECaR8Sv7381_zx_Pc4UlwNYGyNXr2saTlTehyibUkUGKJk9JBZeuR8pPlR8EJRLbENKmhs_s__PGvaVmPFJ25Ka-H-jY2lQNqbqHo1eirGn1Rg4oBtD02MqW6_8avwXwhEc4oEcoZJ0KJT48arPlBo-UnQdTpRFkesTxggR-wuOVmcUjjKIzDFoyebo1f2fgnAAD__9f9WWAaBQAA","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTzYscxRuu3gR-hx_ED0QhIMxB8HNn-2t6ps1BjHFlSUxiEsnBQ6ju6t6tTE1XWx_Tmz0FA5KTjDdP0vPMZFdjFP0DRJn1IgEh42nB7MV_QBCDR5nZkYl1qHqffp4Hnnr7rY-H9pAEsPTg4rtyhwtB11pNt_HSVV4wWenG-SsNz226pxpXeRGFpxrbs031X_eCsOm-3HgnS7tyzXc91_Vcr7HOVZbL7bU5C17ei71m7DZDv-m1Qmyr_2JtV6CpA9Y_JE-Ds-kTv-cfgKcTFL1vz2S6a2T52ts9K6iRCn22937RLWRVoLcsc-UgL_YWakg9JeSzFchib3EDyP54dgMkfEpWnn2IpNhbxETSv3OUNBHICiTs_6j6E2RiAk4nSOUtcPaAACnD-QsoervnparojSOWztgpOf7oT_BqSo4_fAZF75vTgm83LkthDZeFxnZeg29PwDcnKO0-zM4KeLWP1HwEzn4ha4_OoeiNL2ghwdnBC4nfSZKWF626KYtWQ8aCVeq73qrXSaJ27lM37-TzFvF8AqqPwWoHljuwuQNbOuixg0bodsLUo0GUxyxtuyENQ5YlbtzxXZfGaRs2nWUfwJQDpGKAVN2-Z6-Vwo_abuBG8dD7omRbptv3g7FRNtu1Rar9YOgtVFHQ9uPW0Ns9Us0145lmaYweM0ZDD6W6iS4fQNkfobdqaLYCbabEee8m-qxGlRFUmqCiBBUnqAxB1a_vMKF9Xe8yoW3iLU5_cQb1SJrNIb0jzWZWEFA1gGL1mJcf6ltIzbHRTq7ZSM42mpi766t-1G6vtq65I5qwelgekqdm_9D5fH8d3eygkXtxlHt-ltAwTtth3qY0cTudmOV5HuRuC5rX4HoFVDvY4VNy9pPfUPIpefHV60joPrTYR8qfBLXPg1Y16FaNneLrkqZdzQ3VzVT2wGSN0hyHueEMxSE5OR-j5t8BsvQ-WSykqkapalznPxFsitujS7Ii40uy0uS7C6XhPb5DZyN22VCTOXfPZjcqqdjGGT348s10RszKe1cybc7RgvFiU5OvTnPGMrUuVZqR7zf01Sy5aPXWaasKW567-Nb6Rq9UmdZcFhNQ_uDECaR8Sv7381_zx_Pc4UlwNYGyNXr2saTlTehyibUkUGKJk9JBZeuR8pPlR8EJRLbENKmhs_s__PGvaVmPFJ25Ka-H-jY2lQNqbqHo1eirGn1Rg4oBtD02MqW6_8avwXwhEc4oEcoZJ0KJT48arPlBo-UnQdTpRFkesTxggR-wuOVmcUjjKIzDFoyebo1f2fgnAAD__9f9WWAaBQAA HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv26=true; uncs26=1; u_pl26703069=1; pdhtkv23=true; uncs23=1; u_pl26637295=1; pdhtkv29=true; uncs29=1; u_pl27181530=1; slec3964c29655a100a3d8cc29a5ebb94dfc=[4323737]; u_pl27181894=1; slecf196f12eba49c74f7aab0889dfff3f05=[3078195]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b61d959dec940c21f8a940d7f3268043\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ILD5hVJ0mnV2rN3RNzycQEKQGoAFThzLPrQ1nwHn4bSsIw3zpR1ZnHb340gswZTjmfdAEQo3IWLSLY9U662MpkjIROq6A6cmj%2Fs9YSrBe4Q%3D\"}]}\r\ncf-ray: 9717ffed4fef9780-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-10T09:34:35.831084Z","times_seen":10596,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/jquery.smartmenus.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/js/jquery.smartmenus.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 11332\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 08 Aug 2026 18:43:13 GMT\r\nlast-modified: Mon, 04 Aug 2025 08:15:36 GMT\r\netag: \"b767-68906c28-1aa6634ab3c0f344;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 932196\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ygznlMkFvWqdPGID%2FxXB%2FqiiHruUY1gzzgDYK3mTKfxwmxkmqr5oAKmEBmuX8GMZ%2F%2FGOWX4ugagOW8wlKStZzICsH3HiQdpVT4ou2Rc%3D\"}]}\r\ncf-ray: 9717ffdba8db8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46951,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"efcff8546ef4a6330321fdc755a75229","sha1":"2398c0f4f8d06009fb78e1801efb1bea6f3a71ce","sha256":"752345e29ce9c0ceb0c303f00a21c79991457e250fbd17d36150c41608f1bca8","sha512":"588b259158f14070fce9724b2dfd3814aae9725088cab8809bca04f345274ac27f21136f44cfe63a80f69142304ee05e28e64c63414ba7a6bc9ff8a4d3239070","ssdeep":"768:NE7foC3IGcqeO1fqnS0BaVftMib9oAaIQuIK7/0p9hxKMlL17tZAlnOsmKOKn3:NJJwK295afKMF17LDKOKn3","tlshash":"df2373ca735d712f82e633b4853f556aeb3dd072c20250bffcae6998656046813b0db9","first_seen":"2023-03-10T02:43:07Z","last_seen":"2026-04-09T21:28:29.835698Z","times_seen":843,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/watch.998052445414.js?dev=e\u0026key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=4a4f99e557a2a307ae744472a13bb5626c3a909106822dfe06b137a6ec8f690a1716c07d604db91b01cb0b917d777ca12ba061b520a2ee9e74e76dabb1015d5ee25fac4cd27c651bec82af7e6e61f6e9ddfa8359be2474ed416a25\u0026tz=0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /watch.998052445414.js?dev=e\u0026key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=4a4f99e557a2a307ae744472a13bb5626c3a909106822dfe06b137a6ec8f690a1716c07d604db91b01cb0b917d777ca12ba061b520a2ee9e74e76dabb1015d5ee25fac4cd27c651bec82af7e6e61f6e9ddfa8359be2474ed416a25\u0026tz=0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nReferer: https://packsitas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; u_pl26637310=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; expires=Tue, 26 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv32=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs32=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nu_pl26637310=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 9\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 60e2acc7ab08fbc3c979a5b4665f2401\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":4919,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (4043)","md5":"217901abbd631b9a9c712650cf12c205","sha1":"f5c063c3a1db4489ff9f3b95d412efaf6106cec7","sha256":"d8588b5332dc5a9ac96cfda75375e9f334906dcd9250b942b94216ed13046f93","sha512":"ade98f8c1ece723b04b1341f6a22b1b0b067bba38e401cbdd4f6e9a02c8fbd28e6e695371ceebf51870b53918bad8c1a7ac9dc6c02795637554f0b0fdf705d89","ssdeep":"96:WozmSV3Q9XfNM/HNu7/M4s953+vpImGOC41/DMCfMEDaH:jzvQ1fIt6/MpjEpI5OpbMCkCaH","tlshash":"c8a15ce75d8b9638bd02d5ae36b9aa583972c00b3b04ed467d8ce6440b346704f79dcc","first_seen":"2025-08-19T07:40:33.312821Z","last_seen":"2025-08-19T07:40:33.312821Z","times_seen":1,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/watch.400632852932.js?key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /watch.400632852932.js?key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nlocation: https://torchfriendlypay.com/watch.400632852932.js?dev=e\u0026key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=5e3aa79a1f1c6cc6eb2a755638fd204e1fcccc047ff4606171cd6c496abeadad05ca633d7a1ae51783e19c6e222be9434cf9ea99e6f091588e4107fdcb9096c30a711091a739943340515aea9a197a513b9be5df2e6866e4e2684f\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; expires=Tue, 19 Aug 2025 07:40:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: dde3d22585efcddc370ce40a752e83b5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":4811,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":794,"timings":{"blocked":341,"dns":1,"connect":110,"send":0,"wait":112,"receive":0,"ssl":225},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/watch.896527579863.js?key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:10:41 GMT","end":"Fri, 26 Sep 2025 22:10:40 GMT"},"fingerprint":{"sha1":"C7:75:50:5C:D3:7C:BF:A1:34:3E:61:33:FC:D6:81:21:2E:31:1D:92","sha256":"CB:A9:18:8B:DD:56:71:B4:C1:61:A7:9F:5C:50:7F:22:BB:83:72:BC:0F:B3:14:19:C4:E9:F9:59:6A:0F:95:EC"}}},"request":{"raw":"GET /watch.896527579863.js?key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1 HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://packsitas.com\r\nAccess-Control-Allow-Credentials: true\r\nLocation: https://rashcolonizeexpand.com/watch.896527579863.js?dev=e\u0026key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=c83f4cb538588d6581f0fef8e472efc981bb10bdf40b93e36e6aa1fff2c2e6b097aeca9b8d2d187374d35ce7a3249506460e37dd8f9613b0b075efb93fcc7f3b2faf8e9b17d9fd4a3538717e7e3845af7ae43f6294d192c6ec6a34\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1\r\nSet-Cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; expires=Tue, 19 Aug 2025 07:40:52 GMT; path=/; secure; SameSite=None\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0b8147e073c8698493333c075a8b5b57\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4815,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":871,"timings":{"blocked":373,"dns":1,"connect":122,"send":0,"wait":124,"receive":0,"ssl":247},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/ren.gif?sid=H4sIAAAAAAAC_1RSz2skRRSuTvam4A_EgyDMYcGfM-lf88s9yK67kbgxibsrOXiQqq7uSe1Ud7VV3dOT8RIMyp5kxIsn6Xwz2eC6iv4Bgk68LQqOp4Cbi2dPwoI3mWRg9B3ee199VfC9r94nB_kp8ZDTk6231UBISVfqNbvy4rZIuCpMZeNWxbFr9qXKtkga_qVKf5Z07zXH82v2S5U3w6CrVlzbsW3HdiqrQoeR6q-csRDp_bZTa9s13605dR99_X9scguGWuC9U_I0BJ8-8Wf0HkQwQRJ_dzU03Uylr16Lc0kzpdHjR-8m3UQVCeJFG2kLUXI0vw1lpoR8sQSVHM0ngOqNZxOAiSlZevYhWHI0lwnWOzxXyiTCBIw_hqI3QSgnEHSCQO1D8N8IEHBsbCKJ724oXdDdc5bO2Cm58OhviGJKLjx8Bkn87RUp-pWbSuaZUIlBPyoh-hOIzgRpfoxssARRHCPIPoLgv5KVR-tI4vGmkQqCn1xkbouxutOo2gFvVH3OvSp1bafqtFijGbnUjlrRmUUimoCaZeTGQi4s5JGFPLUQ85OKb7f8wKFeI2rzoGn71Pd5yOx2y7Vt2g6ayIOZ9iGydIhADhHoPaR6D10xhM5_hNkpYfgyTDYl1jt76PESRUhQGIKCEhSCoMgIil55yKVxTXmXS5MzZ17defXKkco6B_RQZZ0wIaB6CM3LsUg_MPsIsuXRIDJ8pGaJsuzeatVtNJvV-vv2iDJeHqSn5KmZydaXP_2FbnhScbzQjpoubdlNxlp222Ge4zl-1AibrcClTRhRQpglUGNhIKbk-qd_IBVT8sIrt8HoMYw8RiCeBM2fBy1K0J0Sg-SblAZdIzJqaoGKwVWJNLuAbNc6kKfkubN_vvzP5wiDB6__7p0FAl0i1SVui58JOvLO6IYqyPiGKgz5fjPNRCwGdLYDNzOahcv3roe7hdJ87aoZfnU5mBGz9v6t0GTrNOEi6Rjy9RXBeahXlQ5C8sOa2Q7ZVm52ruQ6ydP1rTdW1-JUh8YIlUxAxZRYH_6CQEzJ429dO9vvi2sfQ-gJdF4izh-QeSBI92DShXajCLRc8Cy1UOTlSLtscSgFgQwXmLIS5j-YLfqRprPXVJQH5g462gLN9pHEJXq6RE-WoHIIky-PslQvZDBpjZjU1phJLT87t9iIk0rdZV6j1WqEUYNHHvdcj7frdtj2abvht_06MjPdGb-89m8AAAD__2N3EY69BAAA","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 02 Jul 2025 00:39:20 GMT","end":"Tue, 30 Sep 2025 00:39:19 GMT"},"fingerprint":{"sha1":"2F:53:8D:73:5E:CE:FB:91:B4:FD:2B:4E:F3:E9:80:AA:62:1A:61:CD","sha256":"C1:D4:30:78:23:7C:54:B2:69:C9:DF:D9:A9:CB:93:CF:63:1B:C9:46:05:84:47:B1:70:77:4E:B8:85:DE:85:B8"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz2skRRSuTvam4A_EgyDMYcGfM-lf88s9yK67kbgxibsrOXiQqq7uSe1Ud7VV3dOT8RIMyp5kxIsn6Xwz2eC6iv4Bgk68LQqOp4Cbi2dPwoI3mWRg9B3ee199VfC9r94nB_kp8ZDTk6231UBISVfqNbvy4rZIuCpMZeNWxbFr9qXKtkga_qVKf5Z07zXH82v2S5U3w6CrVlzbsW3HdiqrQoeR6q-csRDp_bZTa9s13605dR99_X9scguGWuC9U_I0BJ8-8Wf0HkQwQRJ_dzU03Uylr16Lc0kzpdHjR-8m3UQVCeJFG2kLUXI0vw1lpoR8sQSVHM0ngOqNZxOAiSlZevYhWHI0lwnWOzxXyiTCBIw_hqI3QSgnEHSCQO1D8N8IEHBsbCKJ724oXdDdc5bO2Cm58OhviGJKLjx8Bkn87RUp-pWbSuaZUIlBPyoh-hOIzgRpfoxssARRHCPIPoLgv5KVR-tI4vGmkQqCn1xkbouxutOo2gFvVH3OvSp1bafqtFijGbnUjlrRmUUimoCaZeTGQi4s5JGFPLUQ85OKb7f8wKFeI2rzoGn71Pd5yOx2y7Vt2g6ayIOZ9iGydIhADhHoPaR6D10xhM5_hNkpYfgyTDYl1jt76PESRUhQGIKCEhSCoMgIil55yKVxTXmXS5MzZ17defXKkco6B_RQZZ0wIaB6CM3LsUg_MPsIsuXRIDJ8pGaJsuzeatVtNJvV-vv2iDJeHqSn5KmZydaXP_2FbnhScbzQjpoubdlNxlp222Ge4zl-1AibrcClTRhRQpglUGNhIKbk-qd_IBVT8sIrt8HoMYw8RiCeBM2fBy1K0J0Sg-SblAZdIzJqaoGKwVWJNLuAbNc6kKfkubN_vvzP5wiDB6__7p0FAl0i1SVui58JOvLO6IYqyPiGKgz5fjPNRCwGdLYDNzOahcv3roe7hdJ87aoZfnU5mBGz9v6t0GTrNOEi6Rjy9RXBeahXlQ5C8sOa2Q7ZVm52ruQ6ydP1rTdW1-JUh8YIlUxAxZRYH_6CQEzJ429dO9vvi2sfQ-gJdF4izh-QeSBI92DShXajCLRc8Cy1UOTlSLtscSgFgQwXmLIS5j-YLfqRprPXVJQH5g462gLN9pHEJXq6RE-WoHIIky-PslQvZDBpjZjU1phJLT87t9iIk0rdZV6j1WqEUYNHHvdcj7frdtj2abvht_06MjPdGb-89m8AAAD__2N3EY69BAAA HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[4323737]; u_pl27181549=1; slec13e0f72a807bb8091b31314f6e78c2a7=[4323731]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 081a92c42c00818f9bc90077a348e2cd\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-includes/css/dist/block-library/style.min.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:50.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-includes/css/dist/block-library/style.min.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 14360\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 15 Aug 2026 07:55:49 GMT\r\nlast-modified: Tue, 15 Jul 2025 20:15:52 GMT\r\netag: \"1c679-6876b6f8-40c119a62274d4fc;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 366241\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xvzuNqonjqMFk8qHId6nLI3b3YEW%2FVkGfE3mlH%2B9l4NE0hHvOI6OyjpgQpCtkz4%2BK7gELooZnJFs3Lo8V96SzhVvvpL6qf6Dl67uMMQ%3D\"}]}\r\ncf-ray: 9717ffdb888d8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":116345,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (55654)","md5":"a06b3af98203ddc303997e0e0caaff83","sha1":"04c3e7de74a890d18014588c4e1f077a52d79acc","sha256":"838ede31a58a3cdb411d6dd7f13cbe65d4a26193d9fa31882854e63938f12bac","sha512":"4ce1079b8dc07043b0201dc74f5888b50aa530a4e604eecd7673e225946de62c421b290a707014ddaf4366591f8c4767737b5689bc44d57eb0a11aef905cead9","ssdeep":"3072:seeJu1iQg5MG7x+qehvP0x2pck2qkA3Pu:b1iQg5MG7x+qehvP0x2pck2lA2","tlshash":"34b3615417b4dcf935ffa73a5e4ee248a503aa41c68a57ebe066d190618ca490cf3f0f","first_seen":"2025-07-15T17:03:07.843749Z","last_seen":"2026-04-10T09:54:39.744095Z","times_seen":165051,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/jquery.cookie.min.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/js/jquery.cookie.min.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 622\r\ncache-control: public, max-age=31557600\r\nexpires: Mon, 27 Jul 2026 12:16:18 GMT\r\nlast-modified: Mon, 21 Jul 2025 08:15:17 GMT\r\netag: \"515-687df715-96fafd44c71402a8;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1992212\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f6fql2FsuO7YXEJ63du9htZZkxYVY9KRzAJsID9KIkJIkbj5vUB3oF7IDASrUYVnWVYJ5UpabfbNYT5%2F4YWg5hBDeAe1ntjpmbtLKPw%3D\"}]}\r\ncf-ray: 9717ffdba8df8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1301,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1266), with CRLF line terminators","md5":"23d834419c7ccced820e192be7081228","sha1":"ec662cb3d06ee33848a3fa19585f1f31d4475ec5","sha256":"239011ddd00345611806d77467c81dc5a4c90d15fec6f66357671b73920287dc","sha512":"e8f79309ed49af97ea34f684e1fc512a8717edc0a017f79e7c5bf2e24c9dd3f0aa889f6ca5349b367a95f10bee50869ea075b3b7c543e5d66558bf0e44ec16e1","ssdeep":"","tlshash":"b32120987089b815521b9a35677f109bb078ab55d09c40e9c3d1e4e03f708820d72ef9","first_seen":"2023-03-07T01:19:12Z","last_seen":"2026-04-10T06:57:56.54591Z","times_seen":1243,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-d1b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jSKc5c9XHPskzfpetxklxAePcXOxvrXZHJt8cYk2ViKbnNOk9AgRD9a6IOBZ8kQ2UlpD%2Frf41c8ladkeTJKy5a6ISFYxurHNdcK4w%2BJhMTM%3D\"}]}\r\ncf-ray: 9717ffee6fd7588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3355,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"039a6734d79ed9aa51cf81c52479c5fe","sha1":"9cf29c4ea1a3880681d50c7228374f8073b7778b","sha256":"a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1","sha512":"879f067d02f582c2ff8f9c0308cbb44b24964136c4d8074f1a1b200169b520bb49fdd2b290772dfbc3ca432fba2ce9d5b1a398eb14746613cc942dd7567fa1d9","ssdeep":"","tlshash":"3a61ba966b670a04b51ad0ab3f667b4723084007995fed757fc8620ccfc92a8d6d378e","first_seen":"2024-02-12T03:25:01Z","last_seen":"2026-04-10T09:34:35.833065Z","times_seen":2194,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/e7/1b/13/e71b13312082539e211f40b180b929f1/1680663431.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/e7/1b/13/e71b13312082539e211f40b180b929f1/1680663431.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 70608\r\nserver: nginx/1.21.6\r\nlast-modified: Wed, 05 Apr 2023 02:57:19 GMT\r\netag: \"642ce38f-113d0\"\r\nexpires: Thu, 21 Aug 2025 07:39:54 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70608,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"61b6bebe0cb42acfc8731bdca04aa71a","sha1":"d396876682997f10b3bf721df1204677e3b5b0be","sha256":"3bebac68fde7ea059ec5422cb3162c3765ff43c7263e9be6e6b324b73ad0e6f2","sha512":"6883904fb678ea57cbedbd3753c93f5e8f73a79b8abf79fefed3ca2ea0d3eb635c9843419cfda66a561addaed6c68d67151ed51270d31ed3e597e67215173e5a","ssdeep":"1536:xK57wBBmhOG4aC7NV3fwtbCj9Q4tsd8aB0oqaoPHmqrfTwHMX:xK1wBgNZaNV34Cj9Q4Sd5aosPd/wsX","tlshash":"0c63010ed38967b86ec02b9fb3097f408b2473acc719c0d768b059b7a346c1961b7d5a","first_seen":"2023-06-24T15:48:47Z","last_seen":"2026-04-09T21:33:03.47401Z","times_seen":846,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sentry.developzilla.com/api/12/store/","fqdn":"sentry.developzilla.com","domain":"developzilla.com","tld":"com"},"ip":{"addr":"96.46.180.116","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"developzilla.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 07 Jul 2025 20:58:44 GMT","end":"Sun, 05 Oct 2025 20:58:43 GMT"},"fingerprint":{"sha1":"AE:CE:02:AD:6B:2C:68:87:F6:2D:3D:3E:59:10:E2:07:70:C8:3D:C4","sha256":"42:DA:7B:D8:6E:9E:FA:8B:AB:1F:DD:37:A9:07:5E:FD:94:98:AD:35:4F:7B:80:02:89:1F:C7:A2:DA:75:94:E8"}}},"request":{"raw":"OPTIONS /api/12/store/ HTTP/1.1\r\nHost: sentry.developzilla.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-sentry-auth\r\nReferer: https://packsitas.com/\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.25.5\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: x-sentry-auth,x-requested-with,x-forwarded-for,origin,referer,accept,content-type,authentication,authorization,content-encoding,transfer-encoding\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\nallow: POST,GET,HEAD\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload;\r\nx-content-type-options: nosniff\r\nx-robots-tag: none\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":700,"timings":{"blocked":197,"dns":14,"connect":107,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.559Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:21:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5PocRATXKInUy3irRyDxn%2Fk%2FDXsnpYDCpud%2FVkC846D1AFVaMzEIy2OAvfmPBPiYHwMHrs%2BH4VHJahyrHHGgV9cC0JzO6veuTQuAKBh0ew%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9717ffebb8c7bb02-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1545,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"3f8de4c280d2d48e8418a562095ac7e4","sha1":"3dc3e5bc655dcd0ff5b045b147c28398e07b6e4d","sha256":"54358796e1fc6b065f33194b7e4f02b43fc28050a3d64e482e59f4251d06fc15","sha512":"c18250930cb2c86f3a7d61f48af05396524b301f316fdba1de20d4a47e4ebf85f98b0b7dd045320c232c861c07b4869ca74dcae0eb7ca578f8398c5e573d6ac3","ssdeep":"","tlshash":"cb314c462fecd5b611c38685bb303f27ec86d94be9462501b6fc0a548bdbda2d943a07","first_seen":"2023-04-07T13:35:32Z","last_seen":"2026-04-09T09:03:23.864689Z","times_seen":418,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":434,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:21:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qRy9cc0nUPGgJlxiRzBIyx90C4JzUPJ6tFlLD4vrPI%2Fch7xOqUuZPjRtV47iDhp3D6uKI5V3QsPr%2Fo5Xo85lF3Ie6P9eBeNYPq8ZHQ2xSbE%3D\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"65aa8566-182\"\r\ncontent-encoding: br\r\ncf-ray: 9717ffec0d699780-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":386,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"5ca8c1679ba9453cfa512e01d6fec9c5","sha1":"45628341eb20e4acee5e812d3b2dfc8f23962daf","sha256":"520a0196a18cbe656f7382a02ec828125e68bdac511b9ebe2bf27f31e262d037","sha512":"842e878cb264f7362266570b9a8e4b50187e8bedf2a499c0b8fe5e9fa2c563fa7577427039f58540b103c4da5197287373efc5f031ebd7ce17e5b34bbb8d11f7","ssdeep":"","tlshash":"86e02b386158513487f7d1a2619f27df2730469ed00a025e702c474f0ce1fa622c1d9b","first_seen":"2023-04-05T09:22:06Z","last_seen":"2026-04-10T04:28:58.788781Z","times_seen":2566,"resource_available":false,"data":null}},"time_used":433,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":433,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRSu3s1NwR-IB0GYQ8CfM9u_pmfGHCQxWVkTk5hE9uBBqrq6ZytT3dVWdU_PjpfFBQkIMt70Ir3fzGYxRtE_QNBZb0HB8bRo9uKfIAS8yewOjL7De--rrwq-99X7eK84Jh4KenT9bTUUUtK1ZsOuvbgpUq5KU7t6q-bYDftcbVOkgX-uNpgn3X_N8fyG_VLtzSjsqTXXdmzbsZ3autBRrAZrJyxEdr_jNDp2w3cbTtPHQP8fm8KCoRZ4_5g8DcFnT_wVvwcRTpEm312MTC9X2auXkkLSXGn0-cG7aS9VZYpk2cbaQpweLG5DmRkhn69ApQeLCaD6k_kEYGJGVp59CJYeLGSC9fdPlTKJKAXjj6HsTxHJKQSdIlS7EPw3AoQcV68hTe5eVbqk26csnbMzcubR3xDljJx5-AzS5NsLUgxqN5UscqFSg0FcQQymEN0psuIQ-XAFojxEmH8EwX8la4-uIE0m14xUEPzoLHPbjDWdoG6HPKj7nHt16tpO3WmzoBW71I7b8YlFIp6CmlUUxkIhLBSxhSKzkPCjmm-3_dChXhB3eNiyfer7PGJ2p-3aNu2ELRThXPsIeTZCKEcI9Q4yvYOeGEEXP8JsVTB8FSafEeudHfR5hTIiKA1BSQlKQVDmBGW_2ufSuKa6y6UpmLOo7qJ61Vjl3T26r_JulBJQPYLm1URkH5hdhPnqeBgbPlbzRFl-b73uBq1Wvfm-M6aMV3vZMXlqbrL15U9_oBcd1WjY8v2m1-HtdrPluY5v84A5vsOb1AtcN4ARFYRZATUWhmJGLn_6JzIxIy-8chuMHsLIQ4TiSdDiedCyAt2qMEy_yWjYMyKnphGqBFxVyPIzyLetPXlMnjv55_P_fIEofPD6795JINQVMl3htviZoCvvjG-okkxuqNKQ769luUjEkM534GZO82j13uVou1Sab1w0o6_Oh3Ni3t6_FZn8Ck25SLuGfH1BcB7pdaXDiPywYTYjdr0wWxcKnRbZletvrG8kmY6MESqdgooZsT78BaGYkcffunSy32c3PoHQU-iiQlI8IItAmO3AZEvtRhFoueRZZqEsqrF22fJQCgIZLTFlFcx_MFv2Y03nr6mo9swddLUFmu8iTSr0dYW-rEDlCKZYHeeZXspg0hozqa0Jk1p-dmqxEUe1psu8oN0Oojjgscc91-Odph11fNoJ_I7fRG5mW5OXN_4NAAD__7hu_fO9BAAA","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 02 Jul 2025 00:39:20 GMT","end":"Tue, 30 Sep 2025 00:39:19 GMT"},"fingerprint":{"sha1":"2F:53:8D:73:5E:CE:FB:91:B4:FD:2B:4E:F3:E9:80:AA:62:1A:61:CD","sha256":"C1:D4:30:78:23:7C:54:B2:69:C9:DF:D9:A9:CB:93:CF:63:1B:C9:46:05:84:47:B1:70:77:4E:B8:85:DE:85:B8"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRSu3s1NwR-IB0GYQ8CfM9u_pmfGHCQxWVkTk5hE9uBBqrq6ZytT3dVWdU_PjpfFBQkIMt70Ir3fzGYxRtE_QNBZb0HB8bRo9uKfIAS8yewOjL7De--rrwq-99X7eK84Jh4KenT9bTUUUtK1ZsOuvbgpUq5KU7t6q-bYDftcbVOkgX-uNpgn3X_N8fyG_VLtzSjsqTXXdmzbsZ3autBRrAZrJyxEdr_jNDp2w3cbTtPHQP8fm8KCoRZ4_5g8DcFnT_wVvwcRTpEm312MTC9X2auXkkLSXGn0-cG7aS9VZYpk2cbaQpweLG5DmRkhn69ApQeLCaD6k_kEYGJGVp59CJYeLGSC9fdPlTKJKAXjj6HsTxHJKQSdIlS7EPw3AoQcV68hTe5eVbqk26csnbMzcubR3xDljJx5-AzS5NsLUgxqN5UscqFSg0FcQQymEN0psuIQ-XAFojxEmH8EwX8la4-uIE0m14xUEPzoLHPbjDWdoG6HPKj7nHt16tpO3WmzoBW71I7b8YlFIp6CmlUUxkIhLBSxhSKzkPCjmm-3_dChXhB3eNiyfer7PGJ2p-3aNu2ELRThXPsIeTZCKEcI9Q4yvYOeGEEXP8JsVTB8FSafEeudHfR5hTIiKA1BSQlKQVDmBGW_2ufSuKa6y6UpmLOo7qJ61Vjl3T26r_JulBJQPYLm1URkH5hdhPnqeBgbPlbzRFl-b73uBq1Wvfm-M6aMV3vZMXlqbrL15U9_oBcd1WjY8v2m1-HtdrPluY5v84A5vsOb1AtcN4ARFYRZATUWhmJGLn_6JzIxIy-8chuMHsLIQ4TiSdDiedCyAt2qMEy_yWjYMyKnphGqBFxVyPIzyLetPXlMnjv55_P_fIEofPD6795JINQVMl3htviZoCvvjG-okkxuqNKQ769luUjEkM534GZO82j13uVou1Sab1w0o6_Oh3Ni3t6_FZn8Ck25SLuGfH1BcB7pdaXDiPywYTYjdr0wWxcKnRbZletvrG8kmY6MESqdgooZsT78BaGYkcffunSy32c3PoHQU-iiQlI8IItAmO3AZEvtRhFoueRZZqEsqrF22fJQCgIZLTFlFcx_MFv2Y03nr6mo9swddLUFmu8iTSr0dYW-rEDlCKZYHeeZXspg0hozqa0Jk1p-dmqxEUe1psu8oN0Oojjgscc91-Odph11fNoJ_I7fRG5mW5OXN_4NAAD__7hu_fO9BAAA HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d9537e2682d318a802fe493a50849723\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 29744\r\ncache-control: public, max-age=31557600\r\nexpires: Sun, 16 Aug 2026 14:56:31 GMT\r\nlast-modified: Mon, 28 Aug 2023 15:14:24 GMT\r\netag: \"15601-64ecb9d0-36824ff6ebd60bee;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 254599\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dMk%2FgPMjj3ynnj5Bq7Ouuluwt2Yw3RdCc0ycgjMrXnds6rz2vcceRjJ2Pp2ie3gJVhN936FhoimroQBuzyQOlVlYt%2F3etBteqXOGEvg%3D\"}]}\r\ncf-ray: 9717ffdb98be8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-10T09:55:51.35953Z","times_seen":700364,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:11:38 GMT","end":"Mon, 29 Sep 2025 15:11:37 GMT"},"fingerprint":{"sha1":"F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3","sha256":"D8:C9:87:B5:89:5E:D4:F4:8D:FD:98:3C:31:39:42:67:D3:20:27:14:A9:AD:F2:AB:97:A4:48:0F:94:F0:FF:A2"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28254\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2a5e721f13ab2a923ff89a01aba32429\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Findex.html\u0026l=1545\u0026fd=137","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Findex.html\u0026l=1545\u0026fd=137 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=f196f12eba49c74f7aab0889dfff3f05\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:12:33 GMT","end":"Mon, 29 Sep 2025 15:12:32 GMT"},"fingerprint":{"sha1":"9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A","sha256":"FB:D4:A2:1D:0F:F1:FB:A8:D9:5E:88:03:1F:BB:94:D2:32:5C:CC:49:11:11:FC:04:7B:C6:43:40:CF:1E:A2:BA"}}},"request":{"raw":"GET /pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=f196f12eba49c74f7aab0889dfff3f05\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ef1657b10a210898076257689619a8c7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":853,"timings":{"blocked":359,"dns":1,"connect":118,"send":0,"wait":127,"receive":0,"ssl":241},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.222Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:11:38 GMT","end":"Mon, 29 Sep 2025 15:11:37 GMT"},"fingerprint":{"sha1":"F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3","sha256":"D8:C9:87:B5:89:5E:D4:F4:8D:FD:98:3C:31:39:42:67:D3:20:27:14:A9:AD:F2:AB:97:A4:48:0F:94:F0:FF:A2"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28254\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2759bb1e4854083f34e99c4f265688e7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":63,"dns":3,"connect":17,"send":0,"wait":24,"receive":18,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:21:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1kM%2BJvssFtg9ic0M9z7kwni91vSFA7E%2BgevlzO9UYFgcM6IXftuna2Hxza2H7xQgt35FBv0ufg6JNmd3UUXQO%2FA3S4XPAJg8OldtAL6Myw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9717ffeacef9bb02-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1545,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"3f8de4c280d2d48e8418a562095ac7e4","sha1":"3dc3e5bc655dcd0ff5b045b147c28398e07b6e4d","sha256":"54358796e1fc6b065f33194b7e4f02b43fc28050a3d64e482e59f4251d06fc15","sha512":"c18250930cb2c86f3a7d61f48af05396524b301f316fdba1de20d4a47e4ebf85f98b0b7dd045320c232c861c07b4869ca74dcae0eb7ca578f8398c5e573d6ac3","ssdeep":"","tlshash":"cb314c462fecd5b611c38685bb303f27ec86d94be9462501b6fc0a548bdbda2d943a07","first_seen":"2023-04-07T13:35:32Z","last_seen":"2026-04-09T09:03:23.864689Z","times_seen":418,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html\u0026l=1325\u0026fd=193","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html\u0026l=1325\u0026fd=193 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":137,"timings":{"blocked":8,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=497","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=497 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:11:38 GMT","end":"Mon, 29 Sep 2025 15:11:37 GMT"},"fingerprint":{"sha1":"F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3","sha256":"D8:C9:87:B5:89:5E:D4:F4:8D:FD:98:3C:31:39:42:67:D3:20:27:14:A9:AD:F2:AB:97:A4:48:0F:94:F0:FF:A2"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28254\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c21c7ae4962570b1f25bdad480e80dec\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/56/2e/61/562e61d246ea51456dbc6923816f7bbc/1723680005.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/56/2e/61/562e61d246ea51456dbc6923816f7bbc/1723680005.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 193846\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 15 Aug 2024 00:00:07 GMT\r\netag: \"66bd4507-2f536\"\r\nexpires: Thu, 21 Aug 2025 07:39:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":193846,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced","md5":"b1b4b94611a185e45daec44d7685025f","sha1":"7cda73a508402d93ee2cb2b1a921a9492210df4c","sha256":"69ededc75b0c01168a32d1ad917135fb734590cb25ec7ea0ef9cb2ba1dea2a8e","sha512":"8643811f94feb23aa4965ce2858a2c404dc4f828430620bf0d862cd8e191516f066a9f841a512b9faf363791657e84b925e5b2df20efefcc023491f014bba6c1","ssdeep":"3072:DO+D2iUhWyPd7iXZ3944SHNAT+eOhH5y08JoaDcvEWI0S75LalD1Wp88MaBUUm/4:DO8yPd7iXZipHNXhU3ofvEWHsNalD1Wd","tlshash":"0714232469e48014a0012f5df5684e3a3e146dc366acf77a7d076a365ff9aaf0a7d033","first_seen":"2024-12-23T18:18:26.515082Z","last_seen":"2025-09-21T08:47:17.600424Z","times_seen":352,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/impr.gif?sid=H4sIAAAAAAAC_1RTv28cRRSecyIKUgABUVBdgcSv2J7Znd29JQXChECUkIQkKAU082vtifd2l5ndW8eiiIiEUiHToJTr75xYQEDQ0CGhM10kJI7KEnHDfwBSSkDnWHJ4xXvvm29G-t7MN59tNnskRCN2L75Xrts8F4vRAu2_fNUWumx9__yVPqML9GT_qi1ifrK_Nktu9DoL-QJ9pf-OUavlYkAZpYyy_mnrTFauLe6zsNW9lC2kdIEHCyziWHP_x77pwYse9GiPHIfV06f-zD6EVRMUw-9PGb9al9WJt4dNLurSYaS3PyhWi7ItMDxsM9dDVmwf7Ebpp4TcnkNZbB9MgHK0NZsA0k7J3PMPIIvtA5mQozuPlMocpoDUx9COJjD5DqyYQJU3YfVvBFAa5y-gGN49X7pWXH_Eihk7JUcf_g3bTsnRB8-hGH63lNu1_uUyb2pbFh5rWQe7NoFdnqBqdlCvz8G2O1D1p7D6V7L48ByK4dYFn5ewevfFkCWK69jM80AG8zzlfF4MdDQfGaWSMIviOJP7V2SzCYSfQ-N7aGwPTdZDU_Uw1Lt9TgdcMRHGWapVQrngXBtJ00FAqUhVgkbNtG-grjag8g0odwOVu4FV-8WU9I4dh2t-hl_Z_TEyoRBJKljGVKxUbGQgkiiKw0GmA8oNy5RSivIky3hMY5YwpWPF01hII7TQNFIiDkOdCCZMxJJBaFiqYhMEgTQpD7nKUiPS1MQZTVk0GBjOaJJpJVOaxiqkImGMpkwkYZryMOQ0YpEwIhUsTUTEQplKE-ksMPEgjg03QTzgGbzuwdcEI92hNQStJ2gFQWsJ2pqgHXV3dO4D393VuW8kO6jBQQ27cVkvb4o7Zb1sCgLhNuB0t2Wrj_1NqPrIeD3zelzOkpB1NxZSd5vVHnlmZonel_4frJrdPg8zGWspWBRoleiAxZkKFKWShSzUUsLbDtbPQfge1u2UnP38D1R2Sl567Rqk2IHPd6Ds0xBNH6IdhwGFWEFEsV58Wwm16m0t_IIqh9Blh6o-ivp6bzPfIy_sW_Ojv96HUffJQUC5DpXrcM3-QrCc3xpfKluydalsPfnhQlXboV0XM9terkVtnvj6rLnelk6fOeU3vnpTzYhZe--K8fU5UWhbLHvyzZLV2rjTpVOG_HTGXzXyYuNXlhpXNNW5i2-dPjOsnPHelsUEwk7Jk3snoOyUPPvJ0v6X5Lf_hXUTuKbDsHlMa3UDvjrEviRw-SGWFUHbdGMXyMPF3BLk5hAL2cE_huVhP3ZidlrYbtPfwrLrQdQ3UQw7jFyHUd5B5BvwzZFxXbn7b_we7gdk3hvL3JEtmbsZb3f7WWhmjzpIYhYOMsNCrlUWDXiqY0HD0KD205WtV9_9LwAA__9YctonawUAAA==","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTv28cRRSecyIKUgABUVBdgcSv2J7Znd29JQXChECUkIQkKAU082vtifd2l5ndW8eiiIiEUiHToJTr75xYQEDQ0CGhM10kJI7KEnHDfwBSSkDnWHJ4xXvvm29G-t7MN59tNnskRCN2L75Xrts8F4vRAu2_fNUWumx9__yVPqML9GT_qi1ifrK_Nktu9DoL-QJ9pf-OUavlYkAZpYyy_mnrTFauLe6zsNW9lC2kdIEHCyziWHP_x77pwYse9GiPHIfV06f-zD6EVRMUw-9PGb9al9WJt4dNLurSYaS3PyhWi7ItMDxsM9dDVmwf7Ebpp4TcnkNZbB9MgHK0NZsA0k7J3PMPIIvtA5mQozuPlMocpoDUx9COJjD5DqyYQJU3YfVvBFAa5y-gGN49X7pWXH_Eihk7JUcf_g3bTsnRB8-hGH63lNu1_uUyb2pbFh5rWQe7NoFdnqBqdlCvz8G2O1D1p7D6V7L48ByK4dYFn5ewevfFkCWK69jM80AG8zzlfF4MdDQfGaWSMIviOJP7V2SzCYSfQ-N7aGwPTdZDU_Uw1Lt9TgdcMRHGWapVQrngXBtJ00FAqUhVgkbNtG-grjag8g0odwOVu4FV-8WU9I4dh2t-hl_Z_TEyoRBJKljGVKxUbGQgkiiKw0GmA8oNy5RSivIky3hMY5YwpWPF01hII7TQNFIiDkOdCCZMxJJBaFiqYhMEgTQpD7nKUiPS1MQZTVk0GBjOaJJpJVOaxiqkImGMpkwkYZryMOQ0YpEwIhUsTUTEQplKE-ksMPEgjg03QTzgGbzuwdcEI92hNQStJ2gFQWsJ2pqgHXV3dO4D393VuW8kO6jBQQ27cVkvb4o7Zb1sCgLhNuB0t2Wrj_1NqPrIeD3zelzOkpB1NxZSd5vVHnlmZonel_4frJrdPg8zGWspWBRoleiAxZkKFKWShSzUUsLbDtbPQfge1u2UnP38D1R2Sl567Rqk2IHPd6Ds0xBNH6IdhwGFWEFEsV58Wwm16m0t_IIqh9Blh6o-ivp6bzPfIy_sW_Ojv96HUffJQUC5DpXrcM3-QrCc3xpfKluydalsPfnhQlXboV0XM9terkVtnvj6rLnelk6fOeU3vnpTzYhZe--K8fU5UWhbLHvyzZLV2rjTpVOG_HTGXzXyYuNXlhpXNNW5i2-dPjOsnPHelsUEwk7Jk3snoOyUPPvJ0v6X5Lf_hXUTuKbDsHlMa3UDvjrEviRw-SGWFUHbdGMXyMPF3BLk5hAL2cE_huVhP3ZidlrYbtPfwrLrQdQ3UQw7jFyHUd5B5BvwzZFxXbn7b_we7gdk3hvL3JEtmbsZb3f7WWhmjzpIYhYOMsNCrlUWDXiqY0HD0KD205WtV9_9LwAA__9YctonawUAAA== HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; u_pl26637310=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 626e895c2c22e26954dcc6102d78769d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:11:38 GMT","end":"Mon, 29 Sep 2025 15:11:37 GMT"},"fingerprint":{"sha1":"F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3","sha256":"D8:C9:87:B5:89:5E:D4:F4:8D:FD:98:3C:31:39:42:67:D3:20:27:14:A9:AD:F2:AB:97:A4:48:0F:94:F0:FF:A2"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28254\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d0c9b7764dfbb9df2a33c5e1571e6755\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-includes/js/comment-reply.min.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-includes/js/comment-reply.min.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1247\r\ncache-control: public, max-age=31557600\r\nexpires: Sun, 16 Aug 2026 15:40:37 GMT\r\nlast-modified: Thu, 06 Feb 2025 16:27:26 GMT\r\netag: \"bd2-67a4e2ee-c1a17f3c0a11aab9;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 251953\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nd2F1AG901uRALxzd3b3tduK6TnB%2BK2uk9MK8jOOegpRndcGXum8wW%2FpyKYorxzRl5bhN89Fjk4bZBVxEMio8gIuoTv6sBOgDa0u4%2Bw%3D\"}]}\r\ncf-ray: 9717ffdbb9028bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3026,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (2991)","md5":"e4a49df71f8b98c1d9f9d8fce74d89e8","sha1":"b95fcda0c8c26305ad94e80343d0cfca8a048a10","sha256":"9d4687a19cab8f7442a3bda40c45be4d10e42488e091ddd706c3caed83c3ee1f","sha512":"42cd5f854779886f24c43ed14617380110c946d1b430b454060c3b391de6fbae6d0ed8ab7cdd7cfdc9726b2d6142a4e01c4448e36088dfcee7fdd00b60909f89","ssdeep":"","tlshash":"5051a7d437c95d762a83b3395efe930271712709a50805608826c86931bcfea63b67fe","first_seen":"2024-11-13T06:33:24.856382Z","last_seen":"2026-04-10T09:55:12.504205Z","times_seen":58558,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obtrusiveorganizeresponse.com/ntv.json?key=2a7e536f7cb7956aa0a8fcb944318de8\u0026vstc=4\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22b%22%7D\u0026rb=","fqdn":"obtrusiveorganizeresponse.com","domain":"obtrusiveorganizeresponse.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obtrusiveorganizeresponse.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 31 Jul 2025 08:17:55 GMT","end":"Wed, 29 Oct 2025 08:17:54 GMT"},"fingerprint":{"sha1":"01:BF:0E:08:1A:51:22:FA:47:6E:E8:5C:27:AD:57:D6:0D:B9:0D:49","sha256":"74:90:CC:3C:B8:82:9D:36:BC:2C:8C:07:85:B7:C2:E4:4F:42:44:5B:FE:16:52:43:DC:36:21:8B:0C:7B:25:97"}}},"request":{"raw":"GET /ntv.json?key=2a7e536f7cb7956aa0a8fcb944318de8\u0026vstc=4\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22b%22%7D\u0026rb= HTTP/1.1\r\nHost: obtrusiveorganizeresponse.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/json\r\nContent-Length: 16709\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://packsitas.com\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; expires=Tue, 26 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nu_pl26647499=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nnlec2a7e536f7cb7956aa0a8fcb944318de8=[5474032,5474029,5474030,5474028]; expires=Tue, 19 Aug 2025 07:39:57 GMT; path=/; secure; SameSite=None\r\nHost: obtrusiveorganizeresponse.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7ca6b1459584526612c30eada2edc36d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16709,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2736dd38f624ea993ede4b7897550a67","sha1":"33ed0be880547d873fe6446f66b845dca818fbfc","sha256":"3d24d204d91243bcc4899e52549c90e3f339855bfa03232046c557e9d6c4a072","sha512":"6d122f23d3e3c1e4f0a22d77041c301e888a3b5212328c9e673a1d9f2cf811cbc10bf363fa3291ad669fc2849311b41c94d743c834b71b90eb0af11e3835b66e","ssdeep":"384:eiLdcinlTHsrJGxVlLJ1qXwexkKEhNhM4N6yWg04CJ837Dz47rlBJvtEO:em5sExfL+XwrThNG4N6yZ0J8LP4XlBJF","tlshash":"2872b0fa801c02d938a07d67851b6ee99d81754fd59acddcce88060ec4fd1db635138a","first_seen":"2025-08-19T07:40:33.319809Z","last_seen":"2025-08-19T07:40:33.319809Z","times_seen":1,"resource_available":false,"data":null}},"time_used":686,"timings":{"blocked":-1,"dns":26,"connect":126,"send":0,"wait":147,"receive":126,"ssl":261},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"obtrusiveorganizeresponse.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sentry.developzilla.com/api/12/store/","fqdn":"sentry.developzilla.com","domain":"developzilla.com","tld":"com"},"ip":{"addr":"96.46.180.116","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"developzilla.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 07 Jul 2025 20:58:44 GMT","end":"Sun, 05 Oct 2025 20:58:43 GMT"},"fingerprint":{"sha1":"AE:CE:02:AD:6B:2C:68:87:F6:2D:3D:3E:59:10:E2:07:70:C8:3D:C4","sha256":"42:DA:7B:D8:6E:9E:FA:8B:AB:1F:DD:37:A9:07:5E:FD:94:98:AD:35:4F:7B:80:02:89:1F:C7:A2:DA:75:94:E8"}}},"request":{"raw":"POST /api/12/store/ HTTP/1.1\r\nHost: sentry.developzilla.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://packsitas.com/\r\nContent-Type: application/json\r\nX-Sentry-Auth: Sentry sentry_version=7, sentry_key=18eb246192ea9ed123b97c23c9107596\r\nContent-Length: 1869\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.25.5\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after\r\ncross-origin-resource-policy: cross-origin\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload;\r\nx-content-type-options: nosniff\r\nx-robots-tag: none\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9abafd46f114bda7f5273ae5da95a8ac","sha1":"a3bf53832af36c4f170afe1cb7d60f058eaa9365","sha256":"edfc37964c5fe2c3ccbc48f2b63793350246f2f4a3323de3199f45609be239d1","sha512":"ede7a5fe24e17c02cebaf576477aae0a5c402144d54b5785eb59f1c272b9c712a5df2d12b7b67b8dde1715737cef1e7abce3e0d2dcb9763be00a4cde452f5a05","ssdeep":"","tlshash":"f190040c140157777474f747450d454430405354cc0d4cc5d17d47017410711151c445","first_seen":"2025-08-19T07:40:33.321475Z","last_seen":"2025-08-19T07:40:33.321475Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/af/8b/74/af8b74def5e24f9582f73ba12bab9177/1680148975.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/af/8b/74/af8b74def5e24f9582f73ba12bab9177/1680148975.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 65159\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 30 Mar 2023 04:03:04 GMT\r\netag: \"642509f8-fe87\"\r\nexpires: Thu, 21 Aug 2025 07:39:54 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65159,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"c6a1f91858a0ead000fd923888b0b941","sha1":"ef5ec08b41a7a8618ae2bb8003f5d6cad068a57c","sha256":"19fc121de270074fd89cd824f91c2cee3720e6c0f7511e70c7b4c4443223f41b","sha512":"63aedb3703d2068bcfaf828bde70ddef2f702b27addaf6bb137f5aa4c0c16e8aa7c060700492df232718253edd13a1bdb0bdf0736a77329d83ceb675d536ffef","ssdeep":"1536:8x27FaAV8n9zA6qluyyswoPmlA0PcQ8SknbDzTY1Ow0Kz:8x274s8n9z9qQiPmi0t0nbDz6Ow7","tlshash":"7153022b88264f87b9d2991296f8144557f53b16f53ea1dcaf18b462c3b40cef484ba3","first_seen":"2023-06-24T15:50:35Z","last_seen":"2026-04-10T08:36:00.566628Z","times_seen":817,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/74/65/cb/7465cb288a218ddbb170ef80f071601b.js","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:21:33 GMT","end":"Fri, 26 Sep 2025 22:21:32 GMT"},"fingerprint":{"sha1":"4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97","sha256":"A8:42:B5:4A:20:C8:13:EF:B5:90:0F:54:37:F7:05:60:8D:91:07:E3:A4:0F:7A:22:C9:AF:F1:F5:22:E8:68:C9"}}},"request":{"raw":"GET /74/65/cb/7465cb288a218ddbb170ef80f071601b.js HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 32392\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 5\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 1bda93f0a95569756c6bf981aac7d0a7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104640,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ce3606f54c4603161c985c1716566e82","sha1":"051937254c0397659172ff0c437e0403ba0957a5","sha256":"e37b6ca3e7b953e33b131a930b0cc63e8f8280f19a9d6415c2bda1ac2b704152","sha512":"388174170b03a24d96659c9a80aa4f7efa5981ada22bc72af82e5227aefcf09736c17ad2e4a4b744e5a01c69efe7ceea4c515005787ec003af0ad83c51e89bf6","ssdeep":"1536:SOXvqWtSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXL+IPC+:jJhKfEMRbhJIMuV0D6IPT","tlshash":"dea3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0af63e558","first_seen":"2025-08-19T07:40:33.323011Z","last_seen":"2025-08-19T07:40:33.323011Z","times_seen":1,"resource_available":true,"data":null}},"time_used":915,"timings":{"blocked":348,"dns":17,"connect":108,"send":0,"wait":116,"receive":108,"ssl":216},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obtrusiveorganizeresponse.com/ren.gif?sid=H4sIAAAAAAAC_1RSTYgcRRSu2cxJD0YRD57mIPi7s93TPT9tDsEYoyExCUkkB0_117uV7e5qq7qnJwNKNBByCgOKGL30fDPJ-hMlnrwoyKwgsiA4twWzF68qgpCDJ-ndgdF3-N579VXB975618f5HvGQ091zr-uhiiK61m46jWcuqUTowjbOXGy4TtM50rikko5_pDGowPRfdD2_6TzbeFXyTb3WclzHcR23cUIZGerB2j4Lld4N3GbgNP1W0237GJj_9zavwdIaRH-PPAYl5o_8Fr4JxWdI4nvHpd3MdPrCK3Ee0Uwb9MXWG8lmoosE8bIMTQ1hsrW4DW3nhHy0Ap1sLSaA7k-rCcDUnKw8cR8s2VrIBOvfPlDKIsgETDyMoj-DjGZQdAaur0GJXwjABc6cRRLfOaNNQa8csLRi56T-4G-oYk7q9x9HEn91LFKDxgUd5ZnSicUgLKEGM6j1GdJ8G9lwBarYBs_egxI_k7UHp5HE07M20lBi9ynP7XJfdOSq32KtVT_w_VXaE-3VtuS864XtTidk-xapcAZqV5DbGnJVQx7WkKc1xGK34Ts9n7vU64SB4F3Hp74vJHOCXstxaMC7yHmlfYQsHYFHI3BzFal591PhdaXHuD9m2FQjmPx72I0SVtRgM4K-KFFIgsISFJSgUARFRlD0y9sisi1b3hGRzZm7yK1F9sqJztbH9LbO1mVCQM0IRpRTlb5lr4FnhybD0IqJroCyrJxQJspxukcerRyuffjJDjblbqNFu7LtdcIuZ92g3aHUob2Qs8D3PbcnZA9WlVB2BdTWMFRzcurmr0jVnDz9_GUwug0bbYOrw6C5C1qUoBslhsmXKeWbVmXUNrmOIXSJNKsju1IbR3vkyf1PvnD9d0i-c3Twfvbt5Xf-ATclUlPisvqBYD26MTmvCzI9rwtLvj6bZipWQ1otwIWMZvLQ56fklUIbcfK4HX32Eq-Iqrx7UdrsNE2EStYt-eKYEkKaE9pwSb47aS9Jdi63G8dyk-Tp6XMvnzgZp0Zaq3QyA1VzQm7dA1dzcvjHt_eXu_nNTSgzg8lLxPkOWQR4ehU2XWq3msBES56ldRR5OTEttjyMFEEklz1lJex_erasJ4ZWr6kqx_YG1k0dNLuGJC7RNyX6UQkajWDzhyZZanaO_nSrio_BovqERaY-ZZGJPqgs_quCPyr488Bxq3Yb7RbzOr1eR4YdEXrCa3kiaDsy8GnQ8QO_jczON6bPvfZvAAAA__9hZMvMyQQAAA==","fqdn":"obtrusiveorganizeresponse.com","domain":"obtrusiveorganizeresponse.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obtrusiveorganizeresponse.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 31 Jul 2025 08:17:55 GMT","end":"Wed, 29 Oct 2025 08:17:54 GMT"},"fingerprint":{"sha1":"01:BF:0E:08:1A:51:22:FA:47:6E:E8:5C:27:AD:57:D6:0D:B9:0D:49","sha256":"74:90:CC:3C:B8:82:9D:36:BC:2C:8C:07:85:B7:C2:E4:4F:42:44:5B:FE:16:52:43:DC:36:21:8B:0C:7B:25:97"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSTYgcRRSu2cxJD0YRD57mIPi7s93TPT9tDsEYoyExCUkkB0_117uV7e5qq7qnJwNKNBByCgOKGL30fDPJ-hMlnrwoyKwgsiA4twWzF68qgpCDJ-ndgdF3-N579VXB975618f5HvGQ091zr-uhiiK61m46jWcuqUTowjbOXGy4TtM50rikko5_pDGowPRfdD2_6TzbeFXyTb3WclzHcR23cUIZGerB2j4Lld4N3GbgNP1W0237GJj_9zavwdIaRH-PPAYl5o_8Fr4JxWdI4nvHpd3MdPrCK3Ee0Uwb9MXWG8lmoosE8bIMTQ1hsrW4DW3nhHy0Ap1sLSaA7k-rCcDUnKw8cR8s2VrIBOvfPlDKIsgETDyMoj-DjGZQdAaur0GJXwjABc6cRRLfOaNNQa8csLRi56T-4G-oYk7q9x9HEn91LFKDxgUd5ZnSicUgLKEGM6j1GdJ8G9lwBarYBs_egxI_k7UHp5HE07M20lBi9ynP7XJfdOSq32KtVT_w_VXaE-3VtuS864XtTidk-xapcAZqV5DbGnJVQx7WkKc1xGK34Ts9n7vU64SB4F3Hp74vJHOCXstxaMC7yHmlfYQsHYFHI3BzFal591PhdaXHuD9m2FQjmPx72I0SVtRgM4K-KFFIgsISFJSgUARFRlD0y9sisi1b3hGRzZm7yK1F9sqJztbH9LbO1mVCQM0IRpRTlb5lr4FnhybD0IqJroCyrJxQJspxukcerRyuffjJDjblbqNFu7LtdcIuZ92g3aHUob2Qs8D3PbcnZA9WlVB2BdTWMFRzcurmr0jVnDz9_GUwug0bbYOrw6C5C1qUoBslhsmXKeWbVmXUNrmOIXSJNKsju1IbR3vkyf1PvnD9d0i-c3Twfvbt5Xf-ATclUlPisvqBYD26MTmvCzI9rwtLvj6bZipWQ1otwIWMZvLQ56fklUIbcfK4HX32Eq-Iqrx7UdrsNE2EStYt-eKYEkKaE9pwSb47aS9Jdi63G8dyk-Tp6XMvnzgZp0Zaq3QyA1VzQm7dA1dzcvjHt_eXu_nNTSgzg8lLxPkOWQR4ehU2XWq3msBES56ldRR5OTEttjyMFEEklz1lJex_erasJ4ZWr6kqx_YG1k0dNLuGJC7RNyX6UQkajWDzhyZZanaO_nSrio_BovqERaY-ZZGJPqgs_quCPyr488Bxq3Yb7RbzOr1eR4YdEXrCa3kiaDsy8GnQ8QO_jczON6bPvfZvAAAA__9hZMvMyQQAAA== HTTP/1.1\r\nHost: obtrusiveorganizeresponse.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl26647499=1; nlec2a7e536f7cb7956aa0a8fcb944318de8=[5474032,5474029,5474030,5474028]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: obtrusiveorganizeresponse.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6c69e105282fc96ed690a8c23c618da2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":112,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"obtrusiveorganizeresponse.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/07/brujita-roja-onlyfans-gratis-2025-768x432.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/07/brujita-roja-onlyfans-gratis-2025-768x432.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 34258\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 19 Aug 2026 01:44:15 GMT\r\nlast-modified: Sun, 27 Jul 2025 04:37:18 GMT\r\netag: \"85d2-6885acfe-c5af2671f64a96be;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 42936\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B8s%2BnmPWJVimZq5kOa23oQrpVr8FsJE%2BZQ9qQQwZVjj0I6OJeyh%2B0keBe%2FQinb4DiOK7F0VeOrIFFa0aUb7IFRGCZ%2BURfeHQV%2FhWg0M%3D\"}]}\r\ncf-ray: 9717ffe16e90f9e2-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34258,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"441bad367ba227ea8b5382e5974c8b1f","sha1":"2072adb5c339ea9428c9e7df339855ea13c28149","sha256":"b58381cf293b3fa0bb0cfca05907bcc512854c3a4fb4c902a05c3307f75320e1","sha512":"096d319df8391c7ce03dcea767a8541f416a346d7c8a86d1d7874d9bd9fdcdd024571bf0722a9f3dfc42f1574a97061650ea4571ae6b98a3923447478df6decd","ssdeep":"768:JbrfKC1jCeNFYT8DkUxMsAMXlctEYRSoAVCxfwjTtzU69Jwfm2:1fh7vY4DrusAjtETAyf9Jk","tlshash":"0df2f1f89cc5026fc6e2dcb6e6d8a390514f39ca25bc07678efc22a10fa1b454509df1","first_seen":"2025-08-02T11:30:48.509101Z","last_seen":"2025-09-20T03:56:14.401961Z","times_seen":4,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=497","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=497 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:21:26 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MrBURDSLyC08be8xR5N4AklE68aUwWODivT91jc2yCt7HCjXb3OBhx6Aiv8XFHuuOKdWLzjFMNGGbFP9VDaL85c7Qk%2BZs8Zri0j0hw91g5Q%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"65aa8566-182\"\r\ncf-ray: 9717ffef4ffc588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":386,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"5ca8c1679ba9453cfa512e01d6fec9c5","sha1":"45628341eb20e4acee5e812d3b2dfc8f23962daf","sha256":"520a0196a18cbe656f7382a02ec828125e68bdac511b9ebe2bf27f31e262d037","sha512":"842e878cb264f7362266570b9a8e4b50187e8bedf2a499c0b8fe5e9fa2c563fa7577427039f58540b103c4da5197287373efc5f031ebd7ce17e5b34bbb8d11f7","ssdeep":"","tlshash":"86e02b386158513487f7d1a2619f27df2730469ed00a025e702c474f0ce1fa622c1d9b","first_seen":"2023-04-05T09:22:06Z","last_seen":"2026-04-10T04:28:58.788781Z","times_seen":2566,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 591\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa84fe-24f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 714105\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ib2ldxsfgIRYVFbpUGZdgJiYItGeaph6MgH4Fzhq3t2eJyaHeFnDM2OXxdAcxn0K%2BJRaQNCzmaSRUpq%2F3lqMJVuSAk4Q7eu4Fof96bPkqJY%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9717ffef880b588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced","md5":"9fd5bcb6103d86e317bd1eb019bcbe71","sha1":"6b5a52ea669dcb74946f2bed4bdd7ec985026113","sha256":"0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae","sha512":"e244a8842c009fa83e8d9d1088ec5b76ca2a42660568b7886e01724977b9ebd4e43690e0c651e25287c64dcc4826391b34cae6a106e2148139450dd05fc5a562","ssdeep":"","tlshash":"b0f0414e7c5903a1874caf3b18dd00119c27898077c82e0db689eed20e008e215471da","first_seen":"2023-04-11T11:09:41Z","last_seen":"2026-04-10T09:34:35.833505Z","times_seen":4732,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbs?c=1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.568Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/ac/74/45/ac744539d885732140d6b141d5a36226.js","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:10:41 GMT","end":"Fri, 26 Sep 2025 22:10:40 GMT"},"fingerprint":{"sha1":"C7:75:50:5C:D3:7C:BF:A1:34:3E:61:33:FC:D6:81:21:2E:31:1D:92","sha256":"CB:A9:18:8B:DD:56:71:B4:C1:61:A7:9F:5C:50:7F:22:BB:83:72:BC:0F:B3:14:19:C4:E9:F9:59:6A:0F:95:EC"}}},"request":{"raw":"GET /ac/74/45/ac744539d885732140d6b141d5a36226.js HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 25899\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nSet-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_F-2677-5=1; expires=Tue, 19 Aug 2025 07:39:52 GMT; secure; SameSite=None\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: face1f534bbc8e1b1fa0ce2d3db8ce3c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73421,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"df7d4b309fa9d6f5d92f32592556d51a","sha1":"c9d94c13ffdabd08e52fc904010766372f12ae02","sha256":"5174d52477564e1c3d24cb45c2c4e7236c0041e622c8b3278591d39ea169eaf1","sha512":"b6efb117235f9de0de6336e565893a867cf16d91a0408249b7fb1da7dca292efbdb5b589f4ca9cf91094718cc3e918f3f2d684b405d6b6046f2073b26931011e","ssdeep":"1536:gFMvR03G4SjfXSKWyJR8QxUmDhe9caAJwabHDzqI/:I3crW+yQO9caAiE","tlshash":"9473fb887f71b06f23a524b3222f5547f19a5c06545cf4b8f117f8596bac31af0baa28","first_seen":"2025-08-19T07:40:33.325604Z","last_seen":"2025-08-19T07:40:33.325604Z","times_seen":1,"resource_available":true,"data":null}},"time_used":972,"timings":{"blocked":360,"dns":1,"connect":118,"send":0,"wait":129,"receive":118,"ssl":243},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/webfonts/fa-brands-400.woff2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/webfonts/fa-brands-400.woff2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/wp-content/themes/blogus/css/all.css?ver=6.8.2\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 117372\r\ncache-control: public, max-age=31557600\r\nexpires: Mon, 10 Aug 2026 08:00:45 GMT\r\nlast-modified: Mon, 04 Aug 2025 08:15:36 GMT\r\netag: \"1ca7c-68906c28-e7d6e273459d3ee7;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 797946\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8rhVdaAl9teNbafeIRRvVi6dTtQ4v2DJVDBCYbcRaEU%2Fb34BhEdbyGAtp6zanyMmHP7JZr7NZt3beSz3jMu%2FLj%2B90TfkVy9n7KSdv14%3D\"}]}\r\ncf-ray: 9717ffe10e8df9e2-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":117372,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 117372, version 773.768","md5":"b6356c957274676e6571c1ff5e11c9a8","sha1":"4022f95e001d734ca8f082b8e7627abd205609ec","sha256":"3a8924cd5203a28628716aedb5cef0943da4c3b44e3ffcee90ab06387b41c490","sha512":"83de79c74480fafc62cdac4012ff2a129d8701772ee16216c3d9488826ac21a9c2f8a416fe3208a61bfea7e12c24ac1cc2d26f6d22bd2b0ba39a22d630238b59","ssdeep":"3072:U3JKgVzg5ybfXYe5W59JPQaPWKSsx/DBMnVnqedkAFqPQTzIBIOK2vDMF:IVM5A5GJPQaH/NMtBkAvcnYF","tlshash":"c4b312f88b7ac9a5e304e67b55e4613555a0aec8b180f35453be7c2c221e10dc67afe3","first_seen":"2023-12-02T04:06:15Z","last_seen":"2026-04-10T09:57:10.00641Z","times_seen":19683,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"18.198.116.222","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.592Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://packsitas.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; expires=Fri, 17 Aug 2035 07:39:51 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"b5bc4ca90092166599cfad21d269bf51","sha1":"05ade2fb9b1375faa252827922ccf7547196fd55","sha256":"f1729659de9bbc70af20590bcdee5cba5deae9d59a50b3c535b99af3766bd45d","sha512":"dd173f56b8c7e57461ae5eeb0ff2280c99966afde13c56a6ea62ab28e8da84785a9cfca42e786c1bc1b78b4d200a2bd750a2de4e8fa5989b7deec8672036cef2","ssdeep":"","tlshash":"29900413511dc430dff04135c30313d7540450104034014d3d45f40d5510c05045d1d4","first_seen":"2025-08-19T07:40:33.327703Z","last_seen":"2025-08-19T07:40:33.327703Z","times_seen":1,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":80,"dns":12,"connect":22,"send":0,"wait":21,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/07/masha-onlyfans-2025-768x432.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/07/masha-onlyfans-2025-768x432.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 54506\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 19 Aug 2026 01:44:37 GMT\r\nlast-modified: Sun, 27 Jul 2025 01:33:55 GMT\r\netag: \"d4ea-68858203-3d0e67c60d58ba3;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 42914\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TB24469MKqchWdPL2vr2R9IWRyb2IiBtUFjcudCr63DtS6J85MMvYFMTpA4vqaGYUFmVNvd%2BQuLjtYn5HjMlUOKpcAeJdP6eKIalY84%3D\"}]}\r\ncf-ray: 9717ffe16e92f9e2-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":54506,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5b2cb1c4efc09d92cfba3bc81d77b34f","sha1":"37b9f3eeee62397739f359edf3651fe79496010b","sha256":"99ab5cf86a8cb88bf7aa23a8bee5a5a8c308195d1a985d2d916833648d9a3d52","sha512":"9728ae8ffea227507f354d79942e6d129e2fa02be9ae6de065cfc5fffeb7195334a9ac6f56bf2a265d9c2c3111b28d7d367f793d2c74258d4dcdafa2e795961f","ssdeep":"768:+BJQ9lfKCp4SoIOY9071V+musskoMWtWExjneGXsMhuA/lLC8Bzxc2YRpRG2Eonu:XUDVSQ1Exje0BuAdHxlYvICn6cpBde","tlshash":"fa33022b43f2bdebfca5df3f9866160215444c084299ab6618de4f0e1fdd9821db905f","first_seen":"2025-08-02T11:30:48.228349Z","last_seen":"2025-09-20T03:56:14.330827Z","times_seen":4,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1STz2sdVRTH76TFhV2oVRRcvYXgrya5985vuxBjrZbWtrSVLnRzf01ym3kz49yZN2lwUSxoVxI3orvJ96UNahXduBPkxV1B8LkK2Gz8AwSFruWlgdSzOOd85zMXvudy7ieb7R7x0Yrdi--W6zbPxWK4QAcvXbWFLjs3OH9lwOgCPTm4aosoODlYm6V69BrzgwX68uBto1bLRU4ZpYyywWlbm6xcW9ynsNXdlC2kdCHgCywMsFb_X7vWgxMe9GiPHIfV0yf-yt6HVRMUwx9OGbfalNWJt4ZtLpqyxkhvv1esFmVXYHjYZrWHrNg--BulmxLy5RzKYvtgApSjrdkEkHZK5p69D1lsH9iEHN1-6FTmMAWkPoZuNIHJd2DFBKq8Cat_J4DSOH8BxfDO-bLuxPWHVMzolBx98C9sNyVH7z-DYvj9Um7XBpfLvG1sWTisZT3s2gR2eYKq3UGzPgfb7UA1H8Pq38jig3MohlsXXF7C6t0XJE-kDFk0T5WO5gOt_XnBKZtniYzijAuaJdn-FdlsAuGOoHUeWuuhzTy0lYeh3h0ENAkUE36UpVrFNBBBoI2kacIpFamK0aqZ9w001QZUvgFV30BV38Cq_XxKvGPHUbe_wK3s_hSGcaBYxNM0iTOfxozRUGjfl4ZxziKpNPdZIoJQGqF8qjgPRaRMGGRRkISBinXAtJJhzDIZJwnnLMgiEcWhEpqrKGAs8v2I6xnNmK-iJAtNGMk4lTKioeA0iWjIEx5LP4njgAcxC7UKgtRwFvqzmTKVSS41MzpTkkWG8wxOe3ANwUj36AxB5wg6QdBZgq4h6Eb9bZ077vo7OnetZAeVH1S_H5fN8qa4XTbLpiAQ9QZq3W_Z6kN3E6o5Ml7PnB6XsyRk04-F1P1mtUeemq2E94X7G6tmd8CMSUPFszQQRgma8JTFNKQqFrGSsUjhbA_r5iCch3U7JWc_-xOVnZIXX70GKXbg8h0o-yRE-xxEN455ArGClGK9-K4SatXZRrgFVQ6hyx5VcxTNdW8z3yPP76_mB_98CqPukYOAqntUdY9r9leC5fzW-FLZka1LZefIjxeqxg7tupit7eVGNOaxb86a611Z6zOn3MbXb6gZmLV3rxjXnBOFtsWyI98uWa1NfbqslSE_n3FXjbzYupWlti7a6tzFN0-fGVa1cc6WxQTCTsnjeyeg7JQ8_dHS_pMMvgph6wnqtsewfcRrdQOuOtSuJKjzQy0rgq7txzWXhx9zS5CbQy1kD_eIlof9uBaz08L2m-4WlmsPormJYthjVPcY5T1EvgHXHhk3VX3v9T_8_YDMvbHMa7Il83rG7e4g8w1XlCZxxPwkM8wPtMrCJEh1JKjvGzRuurL1yjv_BQAA__-jmT3UawUAAA==","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1STz2sdVRTH76TFhV2oVRRcvYXgrya5985vuxBjrZbWtrSVLnRzf01ym3kz49yZN2lwUSxoVxI3orvJ96UNahXduBPkxV1B8LkK2Gz8AwSFruWlgdSzOOd85zMXvudy7ieb7R7x0Yrdi--W6zbPxWK4QAcvXbWFLjs3OH9lwOgCPTm4aosoODlYm6V69BrzgwX68uBto1bLRU4ZpYyywWlbm6xcW9ynsNXdlC2kdCHgCywMsFb_X7vWgxMe9GiPHIfV0yf-yt6HVRMUwx9OGbfalNWJt4ZtLpqyxkhvv1esFmVXYHjYZrWHrNg--BulmxLy5RzKYvtgApSjrdkEkHZK5p69D1lsH9iEHN1-6FTmMAWkPoZuNIHJd2DFBKq8Cat_J4DSOH8BxfDO-bLuxPWHVMzolBx98C9sNyVH7z-DYvj9Um7XBpfLvG1sWTisZT3s2gR2eYKq3UGzPgfb7UA1H8Pq38jig3MohlsXXF7C6t0XJE-kDFk0T5WO5gOt_XnBKZtniYzijAuaJdn-FdlsAuGOoHUeWuuhzTy0lYeh3h0ENAkUE36UpVrFNBBBoI2kacIpFamK0aqZ9w001QZUvgFV30BV38Cq_XxKvGPHUbe_wK3s_hSGcaBYxNM0iTOfxozRUGjfl4ZxziKpNPdZIoJQGqF8qjgPRaRMGGRRkISBinXAtJJhzDIZJwnnLMgiEcWhEpqrKGAs8v2I6xnNmK-iJAtNGMk4lTKioeA0iWjIEx5LP4njgAcxC7UKgtRwFvqzmTKVSS41MzpTkkWG8wxOe3ANwUj36AxB5wg6QdBZgq4h6Eb9bZ077vo7OnetZAeVH1S_H5fN8qa4XTbLpiAQ9QZq3W_Z6kN3E6o5Ml7PnB6XsyRk04-F1P1mtUeemq2E94X7G6tmd8CMSUPFszQQRgma8JTFNKQqFrGSsUjhbA_r5iCch3U7JWc_-xOVnZIXX70GKXbg8h0o-yRE-xxEN455ArGClGK9-K4SatXZRrgFVQ6hyx5VcxTNdW8z3yPP76_mB_98CqPukYOAqntUdY9r9leC5fzW-FLZka1LZefIjxeqxg7tupit7eVGNOaxb86a611Z6zOn3MbXb6gZmLV3rxjXnBOFtsWyI98uWa1NfbqslSE_n3FXjbzYupWlti7a6tzFN0-fGVa1cc6WxQTCTsnjeyeg7JQ8_dHS_pMMvgph6wnqtsewfcRrdQOuOtSuJKjzQy0rgq7txzWXhx9zS5CbQy1kD_eIlof9uBaz08L2m-4WlmsPormJYthjVPcY5T1EvgHXHhk3VX3v9T_8_YDMvbHMa7Il83rG7e4g8w1XlCZxxPwkM8wPtMrCJEh1JKjvGzRuurL1yjv_BQAA__-jmT3UawUAAA== HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv26=true; uncs26=1; u_pl26703069=1; pdhtkv23=true; uncs23=1; u_pl26637295=1; pdhtkv29=true; uncs29=1; u_pl27181530=1; slec3964c29655a100a3d8cc29a5ebb94dfc=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 8\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a89a61002c5224e7a3c10ba92d2ce520\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/main.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/js/main.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 258\r\ncache-control: public, max-age=31557600\r\nexpires: Fri, 14 Aug 2026 01:03:00 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:13 GMT\r\netag: \"2c2-6899a691-850668f490c0798d;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 477410\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u9UbHIQANTmItyuKIqbysnAcHsyfeF8e%2BfkymJ6hBPiwDbbFHiN2d4uwX49iBkumyV4ULYe%2ByIdX2kIIHzSMJPB39JNmqrlEj8mhzkc%3D\"}]}\r\ncf-ray: 9717ffdba8d28bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":706,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"e533ba8761de8be51b78aa4e749ac9f3","sha1":"d0504684c093de0fb3945c175f0d10534a160dd8","sha256":"67ec8fe3469e48f9545699aaed3284193c3108c34c9709dd721ca3182de489e4","sha512":"cf6046a80c188552b8f5f94b74b3c9440b0758cef339015976cd658398dc5adb13d8fe8dd7b09b6b54c9f09c40df06faaa2f7d2c65bfec20c7533a7fd7224158","ssdeep":"","tlshash":"a001f62cbc8914a909b6e720fd7f533ae62ba4373a494684b84c88655f31374855dd50","first_seen":"2024-05-23T01:34:44Z","last_seen":"2026-04-09T19:51:58.091991Z","times_seen":377,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/e04e9b072ee6a34b832778e9f9226f9b/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"offensivefountainrabbit.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 19:39:45 GMT","end":"Sun, 02 Nov 2025 19:39:44 GMT"},"fingerprint":{"sha1":"A7:93:39:18:F1:01:BB:4D:82:C0:BF:90:31:9E:64:25:36:F2:0C:E1","sha256":"A2:CD:CF:2A:E2:3E:21:B9:56:69:56:80:26:AE:D8:89:B0:DD:F4:FA:0B:A6:CB:42:B5:1A:6F:6B:D6:38:25:BB"}}},"request":{"raw":"GET /e04e9b072ee6a34b832778e9f9226f9b/invoke.js HTTP/1.1\r\nHost: offensivefountainrabbit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:51 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 13045\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: offensivefountainrabbit.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7fbb3226177d6d77a235de4363b44299\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":33026,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (33026), with no line terminators","md5":"58839e6b34c63ec70b4c9a32bdf96ea2","sha1":"e161bcf463690dfcc968a8fb2bac18cdf39f0241","sha256":"67ee2da9d4cc71358c715b09a09f22685f1be478d49861f6a90e5bc45c8d2ecd","sha512":"a3bc86d7d06134fadb6e2585b6727c3fa9a333c89afaa64add498ac5f01af907f608318dfa70978d7767d18a81e27cffaa20fc5ae18ffe494c45f846c2c5c2fc","ssdeep":"384:lTnDw7p9Af1TPXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:5wIfTbULz3KQQmTO5qel+qL0PFcWg","tlshash":"abe2f8883f70b44d1776303b322f856ef9b5cd555488d88cd287ac952ab9b1ee437e0a","first_seen":"2025-08-19T07:40:33.330132Z","last_seen":"2025-08-19T07:40:33.330132Z","times_seen":1,"resource_available":true,"data":null}},"time_used":818,"timings":{"blocked":327,"dns":46,"connect":111,"send":0,"wait":111,"receive":1,"ssl":220},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"offensivefountainrabbit.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/css/all.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:50.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/css/all.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 23198\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 08 Aug 2026 18:43:13 GMT\r\nlast-modified: Mon, 04 Aug 2025 08:15:36 GMT\r\netag: \"24542-68906c28-516f02c0256c1743;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 932197\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c3dVDFlt7EwGwwAwDTY44vgtahx1KIy3Tbuu3yB1HPE%2Fe5WX3HYI3LtpokET2mNbU1W3UvFR0pfxbAFUwqs5uQ62QOFjNPOO5Ew0Zok%3D\"}]}\r\ncf-ray: 9717ffdb88938bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":148802,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"83c96e2016033f9d896c39dec6839543","sha1":"58821f0b48d0d2ed4b64d1a01b361713ffe98474","sha256":"fa00e4b4abb5a737fa74860c7fe7fc408f04bea7dbf0b7e8db70d38b7257de51","sha512":"6a5961b28845f6bdb6d855294742615ff81accb9535bb46a3192cdc8dab671ef99499126fd6a1f80e6f3ed3992d134e3ade5b4981f4cd52956afc1a2e0694341","ssdeep":"3072:VAnZh+9flUFtCQ4ySOyDMmk7eG6mq9oFfT6pa/3BkgJT8gggyweyI2AmkauAQE7N:DTTKPj","tlshash":"b2e373be906f00d68b33d3a5e747e2217f35a63cfa020854f2a6698d81c161e61c6fdd","first_seen":"2024-01-21T11:39:27Z","last_seen":"2026-04-09T19:51:58.098733Z","times_seen":596,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/swiper-bundle.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/js/swiper-bundle.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 55507\r\ncache-control: public, max-age=31557600\r\nexpires: Sun, 16 Aug 2026 14:56:31 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:13 GMT\r\netag: \"4e54e-6899a691-18641282f0bf5031;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 254599\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A%2F%2BonjyipGzmciJ5daV6Dc8y18Es7TLtNfelA7cHAiGjETsc9vzCoTWgcSVNxWu8vPOXqxWGTVYIrT9vV8A%2BD3wvegGU%2BAUb13PcxWQ%3D\"}]}\r\ncf-ray: 9717ffdb98d08bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":320846,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"27fbae62289b17ce94845884c7347e1f","sha1":"5b4faedfe7a99ab51b36c36882f668960dfc4c34","sha256":"491451b0d104a756b3c7ae4f324c3637ca3419e1feb61175efa388e9afbeec08","sha512":"2a3efd587dbed82d3e26046442cc4d7d2d670425e0123258fcb07f74353859e5de7a9fdb6836238adbce2bb8f3d222e3f859d08be18355c207a77b74a900daa3","ssdeep":"6144:BRm9b44OeRpEA5A2Mqqn6GvyIqcgMMQFj65G4IrV+vISpYggSCmyS:yOy","tlshash":"5c64204d9551229558b37b2edfae8108f7ba0223a147865179ac8d54efb483803bdffc","first_seen":"2023-03-13T22:18:49Z","last_seen":"2026-04-09T21:28:29.896159Z","times_seen":826,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.1708279162910.js?key=90a43dc0a7ac9c4f7c3ad622f2bfdf80\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /watch.1708279162910.js?key=90a43dc0a7ac9c4f7c3ad622f2bfdf80\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nlocation: https://kettledroopingcontinuation.com/watch.1708279162910.js?dev=e\u0026key=90a43dc0a7ac9c4f7c3ad622f2bfdf80\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=43c0e8a69853531f6b97a2cc58e08aee41e0a45efeb4fe03abaed018768f78e74689cfec32f29499d0e2d415c7ab3581aeb8f1e00a2f00c43e350748fb31b191162a3b5e2ccf77938e2a2af4bdbbda22aaf954562080bd90556ef5\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjcwMzA2OSwiayI6IjkwYTQzZGMwYTdhYzljNGY3YzNhZDYyMmYyYmZkZjgwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjYsInB0Ijo0LCJwayI6Inl2emU1MnMzMCIsImNwa3MiOnsiMjgiOiIwZGYxMTFjOWU5YjQ1ZmU2ODA4ZjI1MTQwODc4ZThkZSIsIjI5IjoiMTNlMGY3MmE4MDdiYjgwOTFiMzEzMTRmNmU3OGMyYTcifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3BhY2tzaXRhcy5jb20vbmlxdWlkb2xsLyIsImFyIjpbXX19.pucpFMYVdNqs5djsGAAGK_bKySKvF-T-iLnvv4_8oZc; expires=Tue, 19 Aug 2025 07:40:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ead2a50eaa262ee6775a8e8b0a93af00\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":4844,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":447,"timings":{"blocked":-1,"dns":3,"connect":103,"send":0,"wait":123,"receive":0,"ssl":213},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 591\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa84fe-24f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 714105\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wIyqVqizab6EweCfgrJcAbnOg%2BoIX9ROhzPNxkNCMTYEomTY3DOIjNrdmER3t2PeJv08fBQsZmisOrS4eRthYxFnuA4GPd5C%2BQQ2OEJ1xLI%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9717fff0882e588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced","md5":"9fd5bcb6103d86e317bd1eb019bcbe71","sha1":"6b5a52ea669dcb74946f2bed4bdd7ec985026113","sha256":"0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae","sha512":"e244a8842c009fa83e8d9d1088ec5b76ca2a42660568b7886e01724977b9ebd4e43690e0c651e25287c64dcc4826391b34cae6a106e2148139450dd05fc5a562","ssdeep":"","tlshash":"b0f0414e7c5903a1874caf3b18dd00119c27898077c82e0db689eed20e008e215471da","first_seen":"2023-04-11T11:09:41Z","last_seen":"2026-04-10T09:34:35.833505Z","times_seen":4732,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obtrusiveorganizeresponse.com/ren.gif?sid=H4sIAAAAAAAC_1RSTYgcVRd9PZnV9y2MIi5c9ULwd3qquqp_yiyCMUZDYhKSSBau3l_1vHRVvfK9qq5OgxINhKykQRGjm-rTnYw_UeLKjYL0CCIDgr0bMLNxqyIIWbiSmjS03sW5977zHpx73r0-yfeJh5zunXtVj1QU0c1Ww6k_dUklQhe2fuZi3XUazpH6JZW0_SP1YQVm8Lzr-Q3n6frLkvf1ZtNxHcd13PoJZWSoh5sHLFR6J3AbgdPwmw235WNo_tvbvAZLaxCDffIIlFg89Gv4OhSfI4nvHpe2n-n0uZfiPKKZNhiI7deSfqKLBPGqDE0NYbK9vA1tF4R8uAadbC8ngB7MqgnA1IKsPXYPLNleygQb3HqglEWQCZj4P4rBHDKaQ9E5uL4GJX4mABc4cxZJfPuMNgW98oClFbsg6_f_gioWZP3eo0jiL49Fali_oKM8UzqxGIYl1HAO1ZsjzXeQjdagih3w7B0o8RPZvH8aSTw7ayMNJfae8NwO90VbbvhN1tzwA9_foF3R2mhJzjte2Gq3Q3ZgkQrnoHYNua0hVzXkYQ15WkMs9uq-0_W5S712GAjecXzq-0IyJ-g2HYcGvIOcV9rHyNIxeDQGN1eRmrc_EV5Heoz7E4a-GsPk38FulbCiBpsRDESJQhIUlqCgBIUiKDKCYlDeEpFt2vK2iGzO3GVuLrNXTnXWm9BbOuvJhICaMYwoZyp9w14Dzw5NR6EVU10BZVk5pUyUk3SfPFw5XPvg41305V69STuy5bXDDmedoNWm1KHdkLPA9z23K2QXVpVQdg3U1jBSC3Lq3V-QqgV58tnLYHQHNtoBV4dBcxe0KEG3SoySL1LK-1Zl1Da4jiF0iTRbR3alNon2yeMHn3zh-h-QfPfo8L3sm8tv_Q1uSqSmxGX1PUEvujE9rwsyO68LS746m2YqViNaLcCFjGby0Gen5JVCG3HyuB1_-gKviKq8c1Ha7DRNhEp6lnx-TAkhzQltuCTfnrSXJDuX261juUny9PS5F0-cjFMjrVU6mYOqBSE374KrBTn8w5sHy934egxl5jB5iTjfJcsAT6_CpivtVhOYaMWz9BCKvJyaJlsdRoogkqueshL2Xz1b1VNDq9dUlRN7Az2zDppdQxKXGJgSg6gEjcaw-f-mWWp2j_54s4qPwKL1KYvM-oxFJnq_svjPCn4_MLuC32DVXr3VZF67223LsC1CT3hNTwQtRwY-Ddp-4LeQ2cXW7JlX_gkAAP__UM7YnskEAAA=","fqdn":"obtrusiveorganizeresponse.com","domain":"obtrusiveorganizeresponse.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obtrusiveorganizeresponse.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 31 Jul 2025 08:17:55 GMT","end":"Wed, 29 Oct 2025 08:17:54 GMT"},"fingerprint":{"sha1":"01:BF:0E:08:1A:51:22:FA:47:6E:E8:5C:27:AD:57:D6:0D:B9:0D:49","sha256":"74:90:CC:3C:B8:82:9D:36:BC:2C:8C:07:85:B7:C2:E4:4F:42:44:5B:FE:16:52:43:DC:36:21:8B:0C:7B:25:97"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSTYgcVRd9PZnV9y2MIi5c9ULwd3qquqp_yiyCMUZDYhKSSBau3l_1vHRVvfK9qq5OgxINhKykQRGjm-rTnYw_UeLKjYL0CCIDgr0bMLNxqyIIWbiSmjS03sW5977zHpx73r0-yfeJh5zunXtVj1QU0c1Ww6k_dUklQhe2fuZi3XUazpH6JZW0_SP1YQVm8Lzr-Q3n6frLkvf1ZtNxHcd13PoJZWSoh5sHLFR6J3AbgdPwmw235WNo_tvbvAZLaxCDffIIlFg89Gv4OhSfI4nvHpe2n-n0uZfiPKKZNhiI7deSfqKLBPGqDE0NYbK9vA1tF4R8uAadbC8ngB7MqgnA1IKsPXYPLNleygQb3HqglEWQCZj4P4rBHDKaQ9E5uL4GJX4mABc4cxZJfPuMNgW98oClFbsg6_f_gioWZP3eo0jiL49Fali_oKM8UzqxGIYl1HAO1ZsjzXeQjdagih3w7B0o8RPZvH8aSTw7ayMNJfae8NwO90VbbvhN1tzwA9_foF3R2mhJzjte2Gq3Q3ZgkQrnoHYNua0hVzXkYQ15WkMs9uq-0_W5S712GAjecXzq-0IyJ-g2HYcGvIOcV9rHyNIxeDQGN1eRmrc_EV5Heoz7E4a-GsPk38FulbCiBpsRDESJQhIUlqCgBIUiKDKCYlDeEpFt2vK2iGzO3GVuLrNXTnXWm9BbOuvJhICaMYwoZyp9w14Dzw5NR6EVU10BZVk5pUyUk3SfPFw5XPvg41305V69STuy5bXDDmedoNWm1KHdkLPA9z23K2QXVpVQdg3U1jBSC3Lq3V-QqgV58tnLYHQHNtoBV4dBcxe0KEG3SoySL1LK-1Zl1Da4jiF0iTRbR3alNon2yeMHn3zh-h-QfPfo8L3sm8tv_Q1uSqSmxGX1PUEvujE9rwsyO68LS746m2YqViNaLcCFjGby0Gen5JVCG3HyuB1_-gKviKq8c1Ha7DRNhEp6lnx-TAkhzQltuCTfnrSXJDuX261juUny9PS5F0-cjFMjrVU6mYOqBSE374KrBTn8w5sHy934egxl5jB5iTjfJcsAT6_CpivtVhOYaMWz9BCKvJyaJlsdRoogkqueshL2Xz1b1VNDq9dUlRN7Az2zDppdQxKXGJgSg6gEjcaw-f-mWWp2j_54s4qPwKL1KYvM-oxFJnq_svjPCn4_MLuC32DVXr3VZF67223LsC1CT3hNTwQtRwY-Ddp-4LeQ2cXW7JlX_gkAAP__UM7YnskEAAA= HTTP/1.1\r\nHost: obtrusiveorganizeresponse.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl26647499=1; nlec2a7e536f7cb7956aa0a8fcb944318de8=[5474032,5474029,5474030,5474028]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: obtrusiveorganizeresponse.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b6db685bb3a50bcb62f04d2add804961\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"obtrusiveorganizeresponse.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/impr.gif?sid=H4sIAAAAAAAC_1RTv28dxRaedaJXvBQvL-8JCapbIPErtmd3Z3-RAmFCIEpIoiQoBTTza-2J9-4uM7t3HYsiIhJKhUyDUq6_68QCAoKGDgld00VC4lJdibjhPwApNbqOJYdTnHO--WY03xl98-l2u09CtHx25b1q0xQFX46W6ODlG6ZUVecGl64PfLpEzwxumDJmZwYb82RHr_shW6KvDN7Rcr1aDqhPqU_9wTljdV5tLB-wMPXDzF_K6BILlvyIYcP-E7vWg-Me1GifnIJR0__8kX8AIycoh9-d1W69qerTbw_bgjeVxUjtvl-ul1VXYnjU5tZDXu4e7kblpoTcW0BV7h5OgGq0M58AwkzJwnOPIcrdQ5kQo_tPlYoCuoRQJ9CNJtDFHgyfQFZ3YNSvBJAKly6jHD64VNmO33rK8jk7Jcef_AXTTcnxx_9HOfx2pTAbg2tV0TamKh028h5mYwKzOkHd7qHZXIDp9iCbT2DUL2T5yUWUw53Lrqhg1OzF0E8kU7FeZIEIFlnG2CJPVbQYaSmTMI_iOBcHT2TyCbhbQOs8tMZDm3toaw9DNRswmjLp8zDOMyUTyjhjSguapQGlPJMJWjnXvoWm3oIstiDtbdT2NtbN51PinTgF2_4Etzb7QXDGuQqECBOhYhZHUSpzJqn2VcpkRGWaiFgFMvZjFic8UUJp7gsmtfITFUVBGIbMT8P5vUEa-Tz0gzzNZMzjWGR5nuRC5nGa8DAIaZ7mIol0mARx6Ac6jAOW0oQyphI_i7TkaUSFT6VKdRZIxpimuQh95QdRKkKZpb6fx0HKOZzy4BqCkerRaYLOEXScoDMEXUPQjfr7qnCB6x-owrXCP6zBYQ37cdWsbvP7VbOqSwJut2BVv2Pqj9wdyObYeDN3alzNExdNP-ZC9dv1Pvnv3BLeF26GdT0baMp0JmgSaB3zkIk0DJIk1VmeBUGcZwLO9DBuAdx52DRTcuGz31GbKXnptZsQfA-u2IM0J8Hb58G7sR9T8LVxTCk2y29qLtedabhbktUQqupRN8fR3PK2i33ywoE3P_zzJLR8RA4D0vaobY-b5meC1eLu-GrVkZ2rVefI95frxgzNJp_79lrDG_2vry7oW11l1fmzbuvLN-WcmLcPr2vXXOSlMuWqI1-vGKW0PVdZqcmP590NLa60bm2ltWVbX7zy1rnzw9pq50xVTsDNlPx7_zSkmZL_fbxy8CfZPQtjJ7Btj2H7jNb6Nlx9hF1FYIsjLGqCru3HNhBHi4UhKPQR5qKHewaLo35s-fw0N_22u4tV64E3d1AOe4xsj1HRgxdbcO2xcVPbR2_8Fh4EROGNRWHJjijsnDezQR7qQFKaJrEfprn2Q6ZkHqUsUzGnYajRuOnazqvv_h0AAP__Zr5vpGwFAAA=","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:21:33 GMT","end":"Fri, 26 Sep 2025 22:21:32 GMT"},"fingerprint":{"sha1":"4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97","sha256":"A8:42:B5:4A:20:C8:13:EF:B5:90:0F:54:37:F7:05:60:8D:91:07:E3:A4:0F:7A:22:C9:AF:F1:F5:22:E8:68:C9"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTv28dxRaedaJXvBQvL-8JCapbIPErtmd3Z3-RAmFCIEpIoiQoBTTza-2J9-4uM7t3HYsiIhJKhUyDUq6_68QCAoKGDgld00VC4lJdibjhPwApNbqOJYdTnHO--WY03xl98-l2u09CtHx25b1q0xQFX46W6ODlG6ZUVecGl64PfLpEzwxumDJmZwYb82RHr_shW6KvDN7Rcr1aDqhPqU_9wTljdV5tLB-wMPXDzF_K6BILlvyIYcP-E7vWg-Me1GifnIJR0__8kX8AIycoh9-d1W69qerTbw_bgjeVxUjtvl-ul1VXYnjU5tZDXu4e7kblpoTcW0BV7h5OgGq0M58AwkzJwnOPIcrdQ5kQo_tPlYoCuoRQJ9CNJtDFHgyfQFZ3YNSvBJAKly6jHD64VNmO33rK8jk7Jcef_AXTTcnxx_9HOfx2pTAbg2tV0TamKh028h5mYwKzOkHd7qHZXIDp9iCbT2DUL2T5yUWUw53Lrqhg1OzF0E8kU7FeZIEIFlnG2CJPVbQYaSmTMI_iOBcHT2TyCbhbQOs8tMZDm3toaw9DNRswmjLp8zDOMyUTyjhjSguapQGlPJMJWjnXvoWm3oIstiDtbdT2NtbN51PinTgF2_4Etzb7QXDGuQqECBOhYhZHUSpzJqn2VcpkRGWaiFgFMvZjFic8UUJp7gsmtfITFUVBGIbMT8P5vUEa-Tz0gzzNZMzjWGR5nuRC5nGa8DAIaZ7mIol0mARx6Ac6jAOW0oQyphI_i7TkaUSFT6VKdRZIxpimuQh95QdRKkKZpb6fx0HKOZzy4BqCkerRaYLOEXScoDMEXUPQjfr7qnCB6x-owrXCP6zBYQ37cdWsbvP7VbOqSwJut2BVv2Pqj9wdyObYeDN3alzNExdNP-ZC9dv1Pvnv3BLeF26GdT0baMp0JmgSaB3zkIk0DJIk1VmeBUGcZwLO9DBuAdx52DRTcuGz31GbKXnptZsQfA-u2IM0J8Hb58G7sR9T8LVxTCk2y29qLtedabhbktUQqupRN8fR3PK2i33ywoE3P_zzJLR8RA4D0vaobY-b5meC1eLu-GrVkZ2rVefI95frxgzNJp_79lrDG_2vry7oW11l1fmzbuvLN-WcmLcPr2vXXOSlMuWqI1-vGKW0PVdZqcmP590NLa60bm2ltWVbX7zy1rnzw9pq50xVTsDNlPx7_zSkmZL_fbxy8CfZPQtjJ7Btj2H7jNb6Nlx9hF1FYIsjLGqCru3HNhBHi4UhKPQR5qKHewaLo35s-fw0N_22u4tV64E3d1AOe4xsj1HRgxdbcO2xcVPbR2_8Fh4EROGNRWHJjijsnDezQR7qQFKaJrEfprn2Q6ZkHqUsUzGnYajRuOnazqvv_h0AAP__Zr5vpGwFAAA= HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI3MywiayI6ImUwNGU5YjA3MmVlNmEzNGI4MzI3NzhlOWY5MjI2ZjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjUsInB0Ijo0LCJwayI6Ims1em1uMmk0IiwiY3BrcyI6eyIyOCI6Ijc0NjVjYjI4OGEyMThkZGJiMTcwZWY4MGYwNzE2MDFiIiwiMjkiOiJmMTk2ZjEyZWJhNDljNzRmN2FhYjA4ODlkZmZmM2YwNSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vcGFja3NpdGFzLmNvbS9uaXF1aWRvbGwvIiwiYXIiOltdfX0.2L91vOjoKZ-1o3qRPSdUC8mCSsNbUkO-ELpDTI_kuDY; uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; pdhtkv=true; uncs=1; pdhtkv25=true; uncs25=1; u_pl26637273=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 8\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 1dd101821b7e6cb81149261d3dada54e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Fcss%2Fstyle.css\u0026l=3664\u0026fd=503","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Fcss%2Fstyle.css\u0026l=3664\u0026fd=503 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/css/swiper-bundle.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:50.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/css/swiper-bundle.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 4186\r\ncache-control: public, max-age=31557600\r\nexpires: Sun, 16 Aug 2026 14:56:31 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:12 GMT\r\netag: \"40f1-6899a690-259b56430db2bed1;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 254599\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pnhMb6UA74%2Fy%2FeqdWJXQ4edAiu5%2FduBJ2lPezuClj1Uf7KZzAtq9i1wakljMXzSMEQV1ZZ2n4AMJCoq3wu99ahb%2FlVOZYRHPVtq8bFw%3D\"}]}\r\ncf-ray: 9717ffdb88958bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":16625,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2255), with CRLF line terminators","md5":"9b51d6d2d6952aa25f82f8ca7b554248","sha1":"200213e32684c2763055cb3ea619e43f3f8224d4","sha256":"fea92ac7d0d96150b7009efdc9951dd72cf8251236a40bd865b2f5b394fce704","sha512":"908114ad7f4479d9d96b61ea0ffe176bad9136dc9e9f0775c684de79521ef5c0bd99fe6225660f5224572c6b922939b6fc580042621700269e57e6ecbb7dd5cd","ssdeep":"384:p9UbeSvZk3a+bsyNEmPwjcGIYhptsyqB1il:pCb/vZk3a+VNEmPwjcGIYhptsyqil","tlshash":"377235581720242363764f7d1ba19678af6888d24f4349adf2c0dd44e7fb8f8a21eda5","first_seen":"2023-04-09T10:25:11Z","last_seen":"2026-04-09T21:28:29.853883Z","times_seen":818,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Fqg2yIR6myE9AUq9BXdRlOm9%2FA61nf4ylgOVLIeqlRbyc3coUjhm5WjVry%2FRXWNidN3VdmrwOCOsl8GdYpwQmajduRKKKhQ%2FFHEe2FSFISc%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\netag: W/\"65aa84fe-3c2\"\r\ncf-ray: 9717ffef6805588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":962,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"0013fbb3bd9e7300fa1bc9f62501dcf0","sha1":"447e4a8994979e2e158b9beff79b94e7d1b29508","sha256":"4cf18df81115ddab6967dc82096077ee024223dac3c6ffc9b810bffb7780a20e","sha512":"288a5e82fdbfdadf11f5a15ed40b54b67dd43fd83f0666abf85ebc0f14ef3b6e5e9104c3491fdb85b40e5556b252d933ee8cbe6e381e96e01170e76c60003dc6","ssdeep":"","tlshash":"e7117d37156882f06257f027a15729d6ee32029ee81a5707721c06cd0ec47b913fa6e7","first_seen":"2023-06-25T06:36:24Z","last_seen":"2026-04-10T09:34:35.813821Z","times_seen":2295,"resource_available":false,"data":null}},"time_used":438,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":438,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/sbar.json?key=ac744539d885732140d6b141d5a36226\u0026abt=F-2677-5_0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /sbar.json?key=ac744539d885732140d6b141d5a36226\u0026abt=F-2677-5_0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; u_pl26637310=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; expires=Tue, 26 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nu_pl27181531=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nslecac744539d885732140d6b141d5a36226=[3078195]; expires=Tue, 19 Aug 2025 07:39:58 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 211\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ec6fb492aad66b9c90c55df1a32cda05\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6401,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"8e3a8d62d890b7ea59758a5262e140a9","sha1":"0f915a37c79b08c00453c1d19e23980f52f7aeb5","sha256":"db9a5b1d176f6c3cdad54605ea6e639d195fd4fa30b50dd8e71056746d9ec3dc","sha512":"a149921708e15606e0922aeddfcb785e508884f9c6ade0c93e5e1c395e60ebc6fd1bd9147963de02a1fae8b2865fd64809f0399faf981d1d2736f9dfe3f5eed4","ssdeep":"96:9zb/6kGyZsk3gAXuBvGdwlnYzTv4NgoLDZMHdKIM5y7sf/JZDBrpLvn+8rSymftw:9ztrs69IvGdwlnYoNTxl5wsf/HDHZ","tlshash":"aad19dbf00ad217ccbc09e2a10df1ed63d4e2b0e49f5b9ce864f975cb4a4402249963d","first_seen":"2025-08-19T07:40:33.333217Z","last_seen":"2025-08-19T07:40:33.333217Z","times_seen":1,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":317,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-d1b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EY7THCbMkHm5KWQb2gg%2F4ylCfe7iZxOKPmU%2Fpkgm05r2ITF3hSv1fFc%2BAd1pLPfd8bjp%2FGnXMLDiiQiPiD%2B2xDRUwFmqo8iFuLRRjv9cXig%3D\"}]}\r\ncf-ray: 9717ffee1fa5588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3355,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"039a6734d79ed9aa51cf81c52479c5fe","sha1":"9cf29c4ea1a3880681d50c7228374f8073b7778b","sha256":"a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1","sha512":"879f067d02f582c2ff8f9c0308cbb44b24964136c4d8074f1a1b200169b520bb49fdd2b290772dfbc3ca432fba2ce9d5b1a398eb14746613cc942dd7567fa1d9","ssdeep":"","tlshash":"3a61ba966b670a04b51ad0ab3f667b4723084007995fed757fc8620ccfc92a8d6d378e","first_seen":"2024-02-12T03:25:01Z","last_seen":"2026-04-10T09:34:35.833065Z","times_seen":2194,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ql1QZGioESowbtSTFbyatRg2q4NyDuvKc8FNOWu78CkpABDFszrs5yNwamyLghmMsmNWEscWlBG83BNQRKBAiDR0z8wVjVD3oEMA204785M%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-3c2\"\r\ncf-ray: 9717fff0d837588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":962,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"0013fbb3bd9e7300fa1bc9f62501dcf0","sha1":"447e4a8994979e2e158b9beff79b94e7d1b29508","sha256":"4cf18df81115ddab6967dc82096077ee024223dac3c6ffc9b810bffb7780a20e","sha512":"288a5e82fdbfdadf11f5a15ed40b54b67dd43fd83f0666abf85ebc0f14ef3b6e5e9104c3491fdb85b40e5556b252d933ee8cbe6e381e96e01170e76c60003dc6","ssdeep":"","tlshash":"e7117d37156882f06257f027a15729d6ee32029ee81a5707721c06cd0ec47b913fa6e7","first_seen":"2023-06-25T06:36:24Z","last_seen":"2026-04-10T09:34:35.813821Z","times_seen":2295,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":212,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/custom.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/js/custom.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 805\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 18 Jul 2026 14:57:49 GMT\r\nlast-modified: Mon, 14 Jul 2025 08:16:31 GMT\r\netag: \"90d-6874bcdf-84d91cd6fcf68814;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 2760121\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OmepQUK8JDKJ55KNWh6twOKyNMD%2FJ0KD0ElS32xW0G5v1bgYp7uPwbAV7dUari3EZdwUphGp%2BpsghfmDehjg4BDpF%2FQiGKdqYz4bN5w%3D\"}]}\r\ncf-ray: 9717ffdbb9068bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2317,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"d8503e5d5a42fa4a500ab2b4f24e0d85","sha1":"a566876e230985aa1dd578283207ab810e2f2fd1","sha256":"2df9ad74e129325fb3f2f62165502e0c95075a5bcfed8b6f67fb580f2a774a0e","sha512":"193ed82f5594d737d1d7f3fda3f24069b9a4fccacf75f686d4e72882f96ffa4d7ae07a5d8ebcaafc1a543968cd32ffe24452d56da0d0482c26faa10f2464f9bc","ssdeep":"","tlshash":"1741d0993419217209bb6f3e7b7ea384fd36001b9101d546b4ad4aea2f70b5851a3dc9","first_seen":"2025-04-22T12:18:55.703952Z","last_seen":"2026-04-09T19:51:58.099248Z","times_seen":223,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/af/1e/9c/af1e9c0d32a0263b3ed968256e3cdb6b/1753954133.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /cti/af/1e/9c/af1e9c0d32a0263b3ed968256e3cdb6b/1753954133.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 26380\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 31 Jul 2025 09:28:53 GMT\r\netag: \"688b3755-670c\"\r\nexpires: Thu, 21 Aug 2025 07:39:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26380,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:07:29 14:31:43], progressive, precision 8, 320x50, components 3","md5":"71478891f824beb038933a1d3da2b4e4","sha1":"7241397dca929b4e2364235e8b89230689ed32e9","sha256":"4008fa0cb51bab3f2d79ef22a8f8b37866fea644dba7499b8566383e5bd0a2eb","sha512":"b72a6b0cb183351222e4edd5f03a4362d196e728effb9ef3b1486df28b5fe71e90e0005a3be3af9b89c9743ac72464f3f93a3a807ea35048414a7d1c66268a8b","ssdeep":"384:5jfUIYGPiiWGjfUIYGcnD87vi/AXA6x6QpvsC9rYNg7NmXynxkUU2sJdOqYaTb9:54GPifo4GcL6pEkYy4Xynih2sJPYaTb9","tlshash":"eac29e2ab7e6ad22f9c4a134c960d2a2a723fea4d673168579cc75063b703905d8d31f","first_seen":"2025-07-31T16:45:39.844781Z","last_seen":"2025-09-02T09:42:09.470542Z","times_seen":73,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":70,"dns":31,"connect":19,"send":0,"wait":36,"receive":4,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7%2Bz%2BhfrdTTNWbdbMLx%2FLkzpG7uNTugQKLn9r%2FzqYtbkBjmtQSd3con3xkyI3EphLfPCMnGQKgBTpdLbAFDHInNkxiEAKkV7iv7nZc9%2FgsyM%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-3c2\"\r\ncf-ray: 9717fff06827588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":962,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"0013fbb3bd9e7300fa1bc9f62501dcf0","sha1":"447e4a8994979e2e158b9beff79b94e7d1b29508","sha256":"4cf18df81115ddab6967dc82096077ee024223dac3c6ffc9b810bffb7780a20e","sha512":"288a5e82fdbfdadf11f5a15ed40b54b67dd43fd83f0666abf85ebc0f14ef3b6e5e9104c3491fdb85b40e5556b252d933ee8cbe6e381e96e01170e76c60003dc6","ssdeep":"","tlshash":"e7117d37156882f06257f027a15729d6ee32029ee81a5707721c06cd0ec47b913fa6e7","first_seen":"2023-06-25T06:36:24Z","last_seen":"2026-04-10T09:34:35.813821Z","times_seen":2295,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":64,"dns":3,"connect":20,"send":0,"wait":46,"receive":10,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/pixel/sbs?c=1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.686Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 02 Jul 2025 00:39:20 GMT","end":"Tue, 30 Sep 2025 00:39:19 GMT"},"fingerprint":{"sha1":"2F:53:8D:73:5E:CE:FB:91:B4:FD:2B:4E:F3:E9:80:AA:62:1A:61:CD","sha256":"C1:D4:30:78:23:7C:54:B2:69:C9:DF:D9:A9:CB:93:CF:63:1B:C9:46:05:84:47:B1:70:77:4E:B8:85:DE:85:B8"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[4323737]; u_pl27181549=1; slec13e0f72a807bb8091b31314f6e78c2a7=[4323731]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1539\u0026rd=1539\u0026fd=603\u0026bv=25.8.7886\u0026tmpl=136","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:21:33 GMT","end":"Fri, 26 Sep 2025 22:21:32 GMT"},"fingerprint":{"sha1":"4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97","sha256":"A8:42:B5:4A:20:C8:13:EF:B5:90:0F:54:37:F7:05:60:8D:91:07:E3:A4:0F:7A:22:C9:AF:F1:F5:22:E8:68:C9"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1539\u0026rd=1539\u0026fd=603\u0026bv=25.8.7886\u0026tmpl=136 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":187,"timings":{"blocked":82,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jan 2024 14:21:26 GMT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa8566-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NCwDE4a2htmpTUUM9QepIiFHPYPWh46Mzj%2FFygP5vf%2FcVQPMJud0v0IbRTSVT8dmz8YL55VSVdBxlGBRtBO1H7DQxoCXo1BDr96l6frfgdI%3D\"}]}\r\ncf-ray: 9717ffef2ff9588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-10T09:34:35.831084Z","times_seen":10596,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/e7/1b/13/e71b13312082539e211f40b180b929f1/1680663431.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/e7/1b/13/e71b13312082539e211f40b180b929f1/1680663431.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 70608\r\nserver: nginx/1.21.6\r\nlast-modified: Wed, 05 Apr 2023 02:57:19 GMT\r\netag: \"642ce38f-113d0\"\r\nexpires: Thu, 21 Aug 2025 07:39:53 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70608,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"61b6bebe0cb42acfc8731bdca04aa71a","sha1":"d396876682997f10b3bf721df1204677e3b5b0be","sha256":"3bebac68fde7ea059ec5422cb3162c3765ff43c7263e9be6e6b324b73ad0e6f2","sha512":"6883904fb678ea57cbedbd3753c93f5e8f73a79b8abf79fefed3ca2ea0d3eb635c9843419cfda66a561addaed6c68d67151ed51270d31ed3e597e67215173e5a","ssdeep":"1536:xK57wBBmhOG4aC7NV3fwtbCj9Q4tsd8aB0oqaoPHmqrfTwHMX:xK1wBgNZaNV34Cj9Q4Sd5aosPd/wsX","tlshash":"0c63010ed38967b86ec02b9fb3097f408b2473acc719c0d768b059b7a346c1961b7d5a","first_seen":"2023-06-24T15:48:47Z","last_seen":"2026-04-09T21:33:03.47401Z","times_seen":846,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Fjs%2Fscript.js\u0026l=386\u0026fd=488","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Fjs%2Fscript.js\u0026l=386\u0026fd=488 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbs?c=1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv26=true; uncs26=1; u_pl26703069=1; pdhtkv23=true; uncs23=1; u_pl26637295=1; pdhtkv29=true; uncs29=1; u_pl27181530=1; slec3964c29655a100a3d8cc29a5ebb94dfc=[4323737]; u_pl27181894=1; slecf196f12eba49c74f7aab0889dfff3f05=[3078195]; iprc_l+bd8c85ceda51526c29df1c6070b5ce73=3078195; iprc_l:3078195=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":106,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.842381889882.js?key=1ee95c2f94aeca082917050c7a7cb7a9\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /watch.842381889882.js?key=1ee95c2f94aeca082917050c7a7cb7a9\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nlocation: https://kettledroopingcontinuation.com/watch.842381889882.js?dev=e\u0026key=1ee95c2f94aeca082917050c7a7cb7a9\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=5574c1629987f3071105ad33be12216bcd2318a45beac30c225a6ce54f64854c7d41dcb571fb7882214f6a675cad2c641163362dfb78f13c68f5e56b79bb605a2086052827b3877424715dc449e2153b098fcfb2bd1edfcb16e22f\u0026tz=0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; expires=Tue, 19 Aug 2025 07:40:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 89b8adc347ffeafa128ef6581b7dd73c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4830,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":438,"timings":{"blocked":-1,"dns":1,"connect":107,"send":0,"wait":109,"receive":0,"ssl":221},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/related-posts-thumbnails/assets/js/front.min.js?ver=4.3.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/plugins/related-posts-thumbnails/assets/js/front.min.js?ver=4.3.1 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 2870\r\ncache-control: public, max-age=31557600\r\nexpires: Fri, 07 Aug 2026 15:27:55 GMT\r\nlast-modified: Wed, 06 Aug 2025 20:32:21 GMT\r\netag: \"24b5-6893bbd5-d0b6647aafa8a722;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1030315\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nRXKxFOjuGzsaFdBoFo5llrx6opEYhGFINS4QailzRhop6D5TGDm2Jm%2BfSc34zPJncWGvHWy7EjqRR0v00HkL8ysfPEBGgAdj3796YY%3D\"}]}\r\ncf-ray: 9717ffdb98ba8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9397,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9397), with no line terminators","md5":"2c0d0dd023bfd1f908cb121964b91117","sha1":"5f8efe0a874c8fb4a24c2219eb1a1ec2a4794ee5","sha256":"59746bf91e6cfeedda9941de6a4aca642401c762bd2f44fa95eb9b76cebb486c","sha512":"6f18c4fce088cff5cdd79f12c574cf6b962b75a96bfc71bc626712a1f8f9c169e1fb65b04eae3ecd2664d21083b26a209bf165668f219877c992014ac0b57ca0","ssdeep":"192:n/n+Uex+jPIas+/x+wK/UiarCpD3ijftpgX8/HQym8l0fx2zFow:n/+Uex+TIan/sB8iMCpDKbg00p2Jow","tlshash":"be12cb2a3e2208b819124fd1e7ff0328661a3113553480e0bb4df67717adada95a3b3d","first_seen":"2025-08-16T23:50:24.361063Z","last_seen":"2026-04-10T05:24:59.988328Z","times_seen":245,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/navigation.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/js/navigation.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 760\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 06 Aug 2026 15:05:39 GMT\r\nlast-modified: Mon, 04 Aug 2025 08:15:36 GMT\r\netag: \"938-68906c28-166bcd6677960e6f;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1118051\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mW1aNpaErr55hnCk3GU5ai%2BXC3AV4vruKOsVH39yKQ86dapsNN%2Fkazn5I5o2fz53kzhRFnDhlNe6zYxUhoiHVULG7nbE95pA%2FZVkabQ%3D\"}]}\r\ncf-ray: 9717ffdb98cb8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2360,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"ee5d178484a55e36788dcb5d14b52d01","sha1":"12dabdf70a87227c544d7aa52e8bbae78d90f90f","sha256":"a32e10b91b2fffdb8ca7dac1c2feb1569b5d43a929218e16b65d3a0b36cad43d","sha512":"e15263c212e2807cf884b3a50218560210e1d1261dbcf2ba6693b6c4269d3d16d307fa7ee8eb5cd8aacd7963f4258bf28a91468902c60f1b42e27a4a56f1b298","ssdeep":"","tlshash":"8d41fec73a8b323b96ca2354a17d64527a38c172d70a7d26b4b8d2852860c0506fdfcc","first_seen":"2023-03-07T01:38:19Z","last_seen":"2026-04-09T21:28:29.832673Z","times_seen":960,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obtrusiveorganizeresponse.com/6e/64/26/6e642680db3ecb105b002b772d76b2a8.js","fqdn":"obtrusiveorganizeresponse.com","domain":"obtrusiveorganizeresponse.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obtrusiveorganizeresponse.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 31 Jul 2025 08:17:55 GMT","end":"Wed, 29 Oct 2025 08:17:54 GMT"},"fingerprint":{"sha1":"01:BF:0E:08:1A:51:22:FA:47:6E:E8:5C:27:AD:57:D6:0D:B9:0D:49","sha256":"74:90:CC:3C:B8:82:9D:36:BC:2C:8C:07:85:B7:C2:E4:4F:42:44:5B:FE:16:52:43:DC:36:21:8B:0C:7B:25:97"}}},"request":{"raw":"GET /6e/64/26/6e642680db3ecb105b002b772d76b2a8.js HTTP/1.1\r\nHost: obtrusiveorganizeresponse.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 25920\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nSet-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_F-2677-5=1; expires=Tue, 19 Aug 2025 07:39:52 GMT; secure; SameSite=None\r\nHost: obtrusiveorganizeresponse.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0129bc1bf12eb5d666733f6cfc7dddca\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73422,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fbc158f872d5faa8017e999d7925aac2","sha1":"630357f16de34769e6f265b6a14f91a6cf3e201d","sha256":"10b17b83080fac5ab4e7be3b401d8b3edca8a02dbf760ecacf7f64a8a7be2d7a","sha512":"dace76436b6413cef3f5e02d00d4b086126444125d0f375b955eca5740085344d5f38ef0e09a132dc53849ff7b9a3883e305246df5a7e30eab92bb098ef77490","ssdeep":"1536:gFMvR03G4SjfXSBWyJR8QxUmDhe9caAJwabHDT7I/:I3c0W+yQO9caAiN","tlshash":"3373eb887f71b06f23a524b3223f5547f19a5c06545cf4b8f117f8596bac31af0baa28","first_seen":"2025-08-19T07:40:33.337077Z","last_seen":"2025-08-19T07:40:33.337077Z","times_seen":1,"resource_available":true,"data":null}},"time_used":678,"timings":{"blocked":-1,"dns":23,"connect":128,"send":0,"wait":132,"receive":128,"ssl":265},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"obtrusiveorganizeresponse.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:11:38 GMT","end":"Mon, 29 Sep 2025 15:11:37 GMT"},"fingerprint":{"sha1":"F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3","sha256":"D8:C9:87:B5:89:5E:D4:F4:8D:FD:98:3C:31:39:42:67:D3:20:27:14:A9:AD:F2:AB:97:A4:48:0F:94:F0:FF:A2"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28254\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4d6b1d065bcdfe6b52f23ec0a7036ada\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.1708279162910.js?dev=e\u0026key=90a43dc0a7ac9c4f7c3ad622f2bfdf80\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=43c0e8a69853531f6b97a2cc58e08aee41e0a45efeb4fe03abaed018768f78e74689cfec32f29499d0e2d415c7ab3581aeb8f1e00a2f00c43e350748fb31b191162a3b5e2ccf77938e2a2af4bdbbda22aaf954562080bd90556ef5\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.578Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /watch.1708279162910.js?dev=e\u0026key=90a43dc0a7ac9c4f7c3ad622f2bfdf80\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=43c0e8a69853531f6b97a2cc58e08aee41e0a45efeb4fe03abaed018768f78e74689cfec32f29499d0e2d415c7ab3581aeb8f1e00a2f00c43e350748fb31b191162a3b5e2ccf77938e2a2af4bdbbda22aaf954562080bd90556ef5\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nReferer: https://packsitas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; expires=Tue, 26 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv26=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs26=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nu_pl26703069=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 8\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5cd0652b3a408226fadc069084eb2ff9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":4844,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3968)","md5":"ac185695f3f23d34d9f8215b501b2760","sha1":"8a152632dcc631be7125efd1c81e8cd6aa11f806","sha256":"4cc2489d3571f49f18251edec3d1f91a9014a385fa8e5100568cc7be1a9a0237","sha512":"614d0cf9f5f2e53a45bbb4d1b8d08ad947041dce5fd99bacd016c9a032e2ecd1a73993bb3240fc734e976240dce481eefd336a761b2ae09f0adf695823ba0c62","ssdeep":"96:BozxC1OwZl37SvHM+F3eN3As90OwZl37SvHM+F3eN3+1/D2CfMEDaH:ezoNs34QsYNs34yb2CkCaH","tlshash":"99a109a2ded9c1b4b9d3749779fcb11c3c30a10b0606fc06f80ce1065b14eba1e94e65","first_seen":"2025-08-19T07:40:33.337979Z","last_seen":"2025-08-19T07:40:33.337979Z","times_seen":1,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obtrusiveorganizeresponse.com/ren.gif?sid=H4sIAAAAAAAC_1RSTYgcRRSu3uxJD0YRD57mIPi7s93TPT9tDsEYoyExCUkkB0_117uV7e5qq7qnJwtKNBBykkFFjF56vpnN-hMlnrwoyKwgsiA4twWzF68qgpCDJ-nNwOg7fO-9-qrge1-966Nin_go6N65V_WmimO62m66jacuqVTo0jbOXGx4btM90rik0k5wpDGowfSf9_yg6T7deFnyDb3acj3X9VyvcUIZGenB6gELld0OvWboNoNW02sHGJj_97ZwYKkD0d8nj0CJ2UO_Ra9D8SnS5M5xaTdynT33UlLENNcGfbH9WrqR6jJFsigj4yBKt-e3oe2MkI-WoNPt-QTQ_Uk9AZiakaXH7oKl23OZYP2t-0pZDJmCiQdR9qeQ8RSKTsH1NSjxCwG4wJmzSJNbZ7Qp6ZX7LK3ZGVm-9zdUOSPLdx9Fmnx1LFaDxgUdF7nSqcUgqqAGU6i1KbJiB_nmElS5A56_AyV-Jqv3TiNNJmdtrKHE3hO-1-WB6MiVoMVaK0EYBCu0J9orbcl514_anU7EDixS0RTULqGwDgrloIgcFJmDROw1ArcXcI_6nSgUvOsGNAiEZG7Ya7kuDXkXBa-1D5FnQ_B4CG6uIjNvfyr8rvQZD0YMG2oIU3wPu17BCgc2J-iLCqUkKC1BSQlKRVDmBGW_2hKxbdnqlohtwbx5bs2zX411vjaiWzpfkykBNUMYUU1U9oa9Bp4fGm9GVox1DZTl1ZgyUY2yffJw7bDz4Se72JB7jRbtyrbfibqcdcN2h1KX9iLOwiDwvZ6QPVhVQdklUOtgU83IqXd_RaZm5MlnL4PRHdh4B1wdBi080LICXa-wmX6ZUb5hVU5tk-sEQlfI8mXkV5xRvE8eP_jkC9f_guS7Rwfv599efusfcFMhMxUuqx8I1uIb4_O6JJPzurTk67NZrhK1SesFuJDTXB76_JS8UmojTh63w89e4DVRl7cvSpufpqlQ6ZolXxxTQkhzQhsuyXcn7SXJzhV2_Vhh0iI7fe7FEyeTzEhrlU6noGpGyM074GpGDv_45sFyN795D8pMYYoKSbFL5gGeXYXNFtqtJjDxgmeZg7KoxqbFFoexIojloqesgv1Pzxb12ND6NVXVyN7AmlkGza8hTSr0TYV-XIHGQ9jigXGemd2jP92s42OweHnMYrM8YbGJPziwuIY_avizht9h1V6j3WJ-p9fryKgjIl_4LV-EbVeGAQ07QRi0kdvZ-uSZV_4NAAD__07PoGzJBAAA","fqdn":"obtrusiveorganizeresponse.com","domain":"obtrusiveorganizeresponse.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obtrusiveorganizeresponse.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 31 Jul 2025 08:17:55 GMT","end":"Wed, 29 Oct 2025 08:17:54 GMT"},"fingerprint":{"sha1":"01:BF:0E:08:1A:51:22:FA:47:6E:E8:5C:27:AD:57:D6:0D:B9:0D:49","sha256":"74:90:CC:3C:B8:82:9D:36:BC:2C:8C:07:85:B7:C2:E4:4F:42:44:5B:FE:16:52:43:DC:36:21:8B:0C:7B:25:97"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSTYgcRRSu3uxJD0YRD57mIPi7s93TPT9tDsEYoyExCUkkB0_117uV7e5qq7qnJwtKNBBykkFFjF56vpnN-hMlnrwoyKwgsiA4twWzF68qgpCDJ-nNwOg7fO-9-qrge1-966Nin_go6N65V_WmimO62m66jacuqVTo0jbOXGx4btM90rik0k5wpDGowfSf9_yg6T7deFnyDb3acj3X9VyvcUIZGenB6gELld0OvWboNoNW02sHGJj_97ZwYKkD0d8nj0CJ2UO_Ra9D8SnS5M5xaTdynT33UlLENNcGfbH9WrqR6jJFsigj4yBKt-e3oe2MkI-WoNPt-QTQ_Uk9AZiakaXH7oKl23OZYP2t-0pZDJmCiQdR9qeQ8RSKTsH1NSjxCwG4wJmzSJNbZ7Qp6ZX7LK3ZGVm-9zdUOSPLdx9Fmnx1LFaDxgUdF7nSqcUgqqAGU6i1KbJiB_nmElS5A56_AyV-Jqv3TiNNJmdtrKHE3hO-1-WB6MiVoMVaK0EYBCu0J9orbcl514_anU7EDixS0RTULqGwDgrloIgcFJmDROw1ArcXcI_6nSgUvOsGNAiEZG7Ya7kuDXkXBa-1D5FnQ_B4CG6uIjNvfyr8rvQZD0YMG2oIU3wPu17BCgc2J-iLCqUkKC1BSQlKRVDmBGW_2hKxbdnqlohtwbx5bs2zX411vjaiWzpfkykBNUMYUU1U9oa9Bp4fGm9GVox1DZTl1ZgyUY2yffJw7bDz4Se72JB7jRbtyrbfibqcdcN2h1KX9iLOwiDwvZ6QPVhVQdklUOtgU83IqXd_RaZm5MlnL4PRHdh4B1wdBi080LICXa-wmX6ZUb5hVU5tk-sEQlfI8mXkV5xRvE8eP_jkC9f_guS7Rwfv599efusfcFMhMxUuqx8I1uIb4_O6JJPzurTk67NZrhK1SesFuJDTXB76_JS8UmojTh63w89e4DVRl7cvSpufpqlQ6ZolXxxTQkhzQhsuyXcn7SXJzhV2_Vhh0iI7fe7FEyeTzEhrlU6noGpGyM074GpGDv_45sFyN795D8pMYYoKSbFL5gGeXYXNFtqtJjDxgmeZg7KoxqbFFoexIojloqesgv1Pzxb12ND6NVXVyN7AmlkGza8hTSr0TYV-XIHGQ9jigXGemd2jP92s42OweHnMYrM8YbGJPziwuIY_avizht9h1V6j3WJ-p9fryKgjIl_4LV-EbVeGAQ07QRi0kdvZ-uSZV_4NAAD__07PoGzJBAAA HTTP/1.1\r\nHost: obtrusiveorganizeresponse.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl26647499=1; nlec2a7e536f7cb7956aa0a8fcb944318de8=[5474032,5474029,5474030,5474028]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nVary: Origin\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: obtrusiveorganizeresponse.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4a5f5615c43d7dc396641d2a291735ed\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"obtrusiveorganizeresponse.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/sbar.json?key=ac744539d885732140d6b141d5a36226\u0026abt=F-2677-5_1\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:10:41 GMT","end":"Fri, 26 Sep 2025 22:10:40 GMT"},"fingerprint":{"sha1":"C7:75:50:5C:D3:7C:BF:A1:34:3E:61:33:FC:D6:81:21:2E:31:1D:92","sha256":"CB:A9:18:8B:DD:56:71:B4:C1:61:A7:9F:5C:50:7F:22:BB:83:72:BC:0F:B3:14:19:C4:E9:F9:59:6A:0F:95:EC"}}},"request":{"raw":"GET /sbar.json?key=ac744539d885732140d6b141d5a36226\u0026abt=F-2677-5_1\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; u_pl26637310=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://packsitas.com\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; expires=Tue, 26 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nu_pl27181531=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nslecac744539d885732140d6b141d5a36226=[4323731]; expires=Tue, 19 Aug 2025 07:39:58 GMT; path=/; secure; SameSite=None\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3edc3b841211f747507901df31dee34f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6387,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"1dbf549f9c18bb27e06660fdb3844891","sha1":"fd897d84ff9ce695b073f212017546e6c42b30c6","sha256":"3141b19d7b9dfbcf6ca99696a4151077e4b1736878d0fce686f16d495f7185a0","sha512":"b8c920a5602760ad9466494f25803ba00bad6514dfdc7a0bd56d44db391919734efff5a7ce2b44e0cbeb50759e288f8f43bbe95b4be54f44aebc25d38f1c76ad","ssdeep":"96:9zz6zMP1HwOXudlBLb3m+NYMLrueOSm2eKZraUy5+t4TKhh18f8HGhyLxyY6znjs:9z9x7IWieag5++TczmGYydyYGRfq","tlshash":"28d18e2a2588fddf9ac69445931b6c350c8244d39e89dccdeb7f427e88684b777022f8","first_seen":"2025-08-19T07:40:33.339036Z","last_seen":"2025-08-19T07:40:33.339036Z","times_seen":1,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":330,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 591\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa84fe-24f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 714105\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BKkPkbIrFMWVdb8vwFzvJ4F5UB1ZEn4AFnJ%2BmIIAkH%2BfwYq549lPVsX6r%2FyX5LfUd8PYap2%2F6oZoPahh4wubjcvfowRC1nYA93QbzWjfXXc%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9717ffee3fc2588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced","md5":"9fd5bcb6103d86e317bd1eb019bcbe71","sha1":"6b5a52ea669dcb74946f2bed4bdd7ec985026113","sha256":"0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae","sha512":"e244a8842c009fa83e8d9d1088ec5b76ca2a42660568b7886e01724977b9ebd4e43690e0c651e25287c64dcc4826391b34cae6a106e2148139450dd05fc5a562","ssdeep":"","tlshash":"b0f0414e7c5903a1874caf3b18dd00119c27898077c82e0db689eed20e008e215471da","first_seen":"2023-04-11T11:09:41Z","last_seen":"2026-04-10T09:34:35.833505Z","times_seen":4732,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/08/niquidoll-onlyfans-2025-1-2-1024x518.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/niquidoll-onlyfans-2025-1-2-1024x518.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 61536\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 19 Aug 2026 13:39:51 GMT\r\nlast-modified: Sat, 02 Aug 2025 17:10:28 GMT\r\netag: \"f060-688e4684-3171d99bad7a41a4;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lBgIy9socTRU6ehnWQte6apYZmbRDENETd0ucjwv1Zk2XXor2JmENqj%2BSGhH4Eh1qz2WkwpFFlLbd6RDZioauD0MBq%2FoYMZlWd2UDqo%3D\"}]}\r\ncf-ray: 9717ffdba8e78bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":61536,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4bfc25d28c2e5f9b01866dfea2cec664","sha1":"1ce3e544ba2ec2e758f927f7bea749e58e8dee9e","sha256":"43a3510ed9bd995c9872f458c6a7865603c78502fdfd5d2b930f03812ecaf481","sha512":"23fd709aa9b34c10c32f553582fd126f47faa040a46262628ef211672f7a6b923672a2504b0ca3f9c97976da82213cb04769c1106825425e43d76ea5318c4057","ssdeep":"1536:3+3jVudxYD5pzbGNfSJnZdMDkX9upT5dzAq1EcIBeR:M4ItbKfongy9upNdD1EcI0","tlshash":"a753024852745dffc7e2dabb4a57d01235503a8b079935a08a86cbb04e568ffb0dcec2","first_seen":"2025-08-19T07:40:33.339943Z","last_seen":"2025-08-19T07:40:33.339943Z","times_seen":1,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obtrusiveorganizeresponse.com/4a/0c/a2/4a0ca258a97dd1a8855ea1430daff7d5.js","fqdn":"obtrusiveorganizeresponse.com","domain":"obtrusiveorganizeresponse.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obtrusiveorganizeresponse.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 31 Jul 2025 08:17:55 GMT","end":"Wed, 29 Oct 2025 08:17:54 GMT"},"fingerprint":{"sha1":"01:BF:0E:08:1A:51:22:FA:47:6E:E8:5C:27:AD:57:D6:0D:B9:0D:49","sha256":"74:90:CC:3C:B8:82:9D:36:BC:2C:8C:07:85:B7:C2:E4:4F:42:44:5B:FE:16:52:43:DC:36:21:8B:0C:7B:25:97"}}},"request":{"raw":"GET /4a/0c/a2/4a0ca258a97dd1a8855ea1430daff7d5.js HTTP/1.1\r\nHost: obtrusiveorganizeresponse.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 32395\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: obtrusiveorganizeresponse.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5327cb4fb7b45ae0670e84c05f714d7d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104639,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5294c2a9bbebbec3d60cd77eb874ff69","sha1":"e144657974ec7ec6c00a80b99699c1a181bd06ca","sha256":"ecf9767a93616b6a7ee0b0dabb8ec93748d299c595a7647d576283414c15258a","sha512":"05c9ea92bd35197d46653f10dee03451e0ed147fcdd5ebd9e7e00f0777cf60c8722f87475cc135c8df6a4f5b3f32bce6a81d5c0413149a0703dc31a4d0cd4243","ssdeep":"1536:SOy89WBSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTX8+IPC+:4JhKfEMRbhJIMuV0DvIPT","tlshash":"3aa3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0bf63e558","first_seen":"2025-08-19T07:40:33.341024Z","last_seen":"2025-08-19T07:40:33.341024Z","times_seen":1,"resource_available":true,"data":null}},"time_used":676,"timings":{"blocked":-1,"dns":24,"connect":125,"send":0,"wait":137,"receive":126,"ssl":262},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"obtrusiveorganizeresponse.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/af/8b/74/af8b74def5e24f9582f73ba12bab9177/1680148975.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/af/8b/74/af8b74def5e24f9582f73ba12bab9177/1680148975.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 65159\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 30 Mar 2023 04:03:04 GMT\r\netag: \"642509f8-fe87\"\r\nexpires: Thu, 21 Aug 2025 07:39:54 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65159,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"c6a1f91858a0ead000fd923888b0b941","sha1":"ef5ec08b41a7a8618ae2bb8003f5d6cad068a57c","sha256":"19fc121de270074fd89cd824f91c2cee3720e6c0f7511e70c7b4c4443223f41b","sha512":"63aedb3703d2068bcfaf828bde70ddef2f702b27addaf6bb137f5aa4c0c16e8aa7c060700492df232718253edd13a1bdb0bdf0736a77329d83ceb675d536ffef","ssdeep":"1536:8x27FaAV8n9zA6qluyyswoPmlA0PcQ8SknbDzTY1Ow0Kz:8x274s8n9z9qQiPmi0t0nbDz6Ow7","tlshash":"7153022b88264f87b9d2991296f8144557f53b16f53ea1dcaf18b462c3b40cef484ba3","first_seen":"2023-06-24T15:50:35Z","last_seen":"2026-04-10T08:36:00.566628Z","times_seen":817,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 591\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa84fe-24f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 714105\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YUGk9uZw5gvwmsR5poXF2RYZP%2BJWTvVg8whT8YZUYB0dMCmUFto%2By4Vjp%2B3gmJWQ8jSNjN%2Frfhhv9lPVfyW4VpxQP8hQDMczXWhDiqU8DbE%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9717ffedaf90588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced","md5":"9fd5bcb6103d86e317bd1eb019bcbe71","sha1":"6b5a52ea669dcb74946f2bed4bdd7ec985026113","sha256":"0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae","sha512":"e244a8842c009fa83e8d9d1088ec5b76ca2a42660568b7886e01724977b9ebd4e43690e0c651e25287c64dcc4826391b34cae6a106e2148139450dd05fc5a562","ssdeep":"","tlshash":"b0f0414e7c5903a1874caf3b18dd00119c27898077c82e0db689eed20e008e215471da","first_seen":"2023-04-11T11:09:41Z","last_seen":"2026-04-10T09:34:35.833505Z","times_seen":4732,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tnOBoog3nOhUfeoHl1%2F6b2iwiNINEQSJpuc8wiQHwI2do45hxVYZa5hLaD%2BTX1swYyYvutl5L6QQXP1wxpK6SsA9UFHnShWe%2BcaqRSVwpgk%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 885900\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-1499c\"\r\ncf-ray: 9717ffef880c588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84380,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T09:34:35.836032Z","times_seen":16148,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/style.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/style.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 13722\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 12 Aug 2026 12:02:17 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:13 GMT\r\netag: \"119d8-6899a691-3ab78ce9a489ff6e;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 610653\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ht8fTF6nJSL4hDtvmBf4XcmhM2gKPUZ2Sf5vXQBZwkYxqv0%2Bfbz0xZuRQSgcm6txgiGykm53%2BGiJWmWfFgBRzWM0SwWAlId33wBaQag%3D\"}]}\r\ncf-ray: 9717ffdb98b18bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":72152,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (585), with CRLF line terminators","md5":"34a9cedc9f8935b87042ed3fa6eb52e1","sha1":"709dedf8cafc2365105e64734f11f889e0918316","sha256":"8563493089e71d837977c83b2fcabae1dec412ec3889376e23d07f96cd0c1d4a","sha512":"f944e1a7213f31956ad2a8938580a15ee48cf7cd4e675e8930f19adb37926a6fa1050918a5e4fb0026b400659c37b8c686bb307cd63d5bf6120120313de51eb9","ssdeep":"768:uZWIri4gSGuv0uRxEQSUV5kPkT81xU18fWwWSxORxh/eq0u1XJVHknbJ/gVMIXP7:tnOSu3o16ec","tlshash":"8963a868ae54204c5371e7e9bff01b50ee5840a7ab0f00f9f8926658879679c15bffc8","first_seen":"2025-08-19T07:40:33.342573Z","last_seen":"2026-04-01T15:42:26.60987Z","times_seen":6,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/sbar.json?key=13e0f72a807bb8091b31314f6e78c2a7\u0026abt=F-2677-5_0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 02 Jul 2025 00:39:20 GMT","end":"Tue, 30 Sep 2025 00:39:19 GMT"},"fingerprint":{"sha1":"2F:53:8D:73:5E:CE:FB:91:B4:FD:2B:4E:F3:E9:80:AA:62:1A:61:CD","sha256":"C1:D4:30:78:23:7C:54:B2:69:C9:DF:D9:A9:CB:93:CF:63:1B:C9:46:05:84:47:B1:70:77:4E:B8:85:DE:85:B8"}}},"request":{"raw":"GET /sbar.json?key=13e0f72a807bb8091b31314f6e78c2a7\u0026abt=F-2677-5_0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://packsitas.com\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; expires=Tue, 26 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nu_pl27181549=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nslec13e0f72a807bb8091b31314f6e78c2a7=[4323731]; expires=Tue, 19 Aug 2025 07:39:58 GMT; path=/; secure; SameSite=None\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: cd00e0af555e66de69801cc5cfa37879\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6163,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"154164a5de0e5cdda14ed3eaf2b9ac82","sha1":"0f14796eef30b2ec94317d116ea7d159e451318d","sha256":"2e223bbc1ea9ea4c4fc1532c80f602461b69386e4deb927468f49eb97090946a","sha512":"73b966f39a4230a8900bcea31395c1c2530d2d2f20ca32d70a8f84143f8b89500d28ee94679245d9aba1baf39c6d5967392fdbed98495a31dec49f3287e3391d","ssdeep":"96:9z6ztTJELG62JV19L4q+rCftQnEjHrD0X+a2rBEOAYYP/V5OMCXhtP2MyYzMnjRy:9zYET2z11DSEjfPJiLjOMiPLyYQRfq","tlshash":"4bd17cbe200a33f7eac28d4d591b29e43ff5ce622968904dc8b847fdc428e04d6c5170","first_seen":"2025-08-19T07:40:33.34375Z","last_seen":"2025-08-19T07:40:33.34375Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1083,"timings":{"blocked":372,"dns":1,"connect":122,"send":0,"wait":333,"receive":0,"ssl":252},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=190","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=190 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/0d/f1/11/0df111c9e9b45fe6808f25140878e8de.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /0d/f1/11/0df111c9e9b45fe6808f25140878e8de.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 32392\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 10\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: aded72a53acdc522dfe13b3329240900\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":104639,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"32045db2cd3ee41b67fa0deec2347186","sha1":"5717ad7b491de263832d62e14dc8e671053045f0","sha256":"8115b6946a30a03a29367869de230679a5dbb7fd2232aecf7a64180eed9cc6c1","sha512":"e2a03be98439f3939f11ded7d5c18a5f8741097f1ac343a34ac812e07dea13ae778bd75b70aa654d127654d6467144b64345a9a5c2e0cc21baf5e72cedcac2f8","ssdeep":"1536:SOHjXWbSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXy+IPC+:SJhKfEMRbhJIMuV0DZIPT","tlshash":"c0a3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0bf63e558","first_seen":"2025-08-19T07:40:33.344684Z","last_seen":"2025-08-19T07:40:33.344684Z","times_seen":1,"resource_available":true,"data":null}},"time_used":557,"timings":{"blocked":-1,"dns":2,"connect":103,"send":0,"wait":135,"receive":103,"ssl":211},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/ren.gif?sid=H4sIAAAAAAAC_1RTS4scVRS-NZOdgg_EhSD0IuBzeurVNV1mIYnJyJiYhCSShYtwH1UzN11Vt7y3btdk3ASDEhCk3elGqr_uzGgcRX-AoD3ugoLtasTMxp8gBNxJzwy0nsV5fV_Bd06d-9HQHpAAlu5fflttySyjy52223rxuiyEqk3r4rWW57bdU63rsojCU63NmdP917wgbLsvtd5MeE8t-67nup7rtValTlK1uXyIQpa7sdeO3Xbot71OiE39_9rYBRjqQPQPyNOQYvrEX-m7kHyCIv_ubGJ6lSpfPZfbjFZKoy923il6haoL5PM01Q7SYueYDWWmhHy2AFXsHE8A1R_PJgCTU7Lw7EOwYudYJlj_3pFSliEpwMRjqPsTJNkEkk7A1R1I8RsBuMDFSyjy7YtK1_TWEUpn6JScePQ3ZD0lJx4-gyL_9kwmN1tXVWYrqQqDzbSB3JxArk9Q2j1UWwuQ9R549QGk-JUsP7qAIh9fMpmCFPsnmd9lrONFSy4X0VIoRLBEfddb8rosWkl96qbd9HBFMp2AmkVY48BKBzZ1YEsHudhvhW435B4NojQWfMUNaRiKhLlx13ddGvMVWD7TPkBVDsCzAbj-cGwLbobel6XYqHp9PxpX2ibbs6YfDb1de6PM_GjFDdwoHnrbR6xDDkp9Gz05gLY_wmw0MMKBqQj6okGdENSGoKYEtSSoK4K639wTmfFNsy0yY5l3HP3jGDQjVa0P6T1VrScFAdUDaNGMZfmeuQNeLY62UiNGauYoq-6vLvnRyspS54Y3okw0w_KAPDX7M84XP_2BXrLfCuIo5H4cdTrUc10aiC7nfkw7CWNxKFIOIxtIswBqHGzJKTn_yZ8o5ZS88MpNMLoHk-2ByydB7fOgdQO60WCr-KakvGdkRU2bqxxCNSirE6huOcPsgDx3eByn__kcCX_w-u_BoYHrBqVucFP-TLCe3R1dUTUZX1G1Id9fKiuZyy06O5yrFa2Sxfvnk1u10mLtrBl8dZrPgFm6ey0x1QVaCFmsG_L1GSlEoleV5gn5Yc1cT9hlazbOWF3Y8sLlN1bX8lInxkhVTEDllDjv_wIup-Txt84dPoqTax9D6gm0bZDbB-TYwMvbMOVcu1EEOpvjrHRQ22akfTZvZpIgS-Y1ZQ3Mf2o2z0eazr6mshmau1jXDmh1B0XeoK8b9LMGNBvA2MVRVeq5DJY5I5ZpZ8wynX16tGIj91sdnwVRtxslaSTSQAR-IOKOm8QhjaMwDjuozHRj_PLavwEAAP__P0IM3fIEAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTS4scVRS-NZOdgg_EhSD0IuBzeurVNV1mIYnJyJiYhCSShYtwH1UzN11Vt7y3btdk3ASDEhCk3elGqr_uzGgcRX-AoD3ugoLtasTMxp8gBNxJzwy0nsV5fV_Bd06d-9HQHpAAlu5fflttySyjy52223rxuiyEqk3r4rWW57bdU63rsojCU63NmdP917wgbLsvtd5MeE8t-67nup7rtValTlK1uXyIQpa7sdeO3Xbot71OiE39_9rYBRjqQPQPyNOQYvrEX-m7kHyCIv_ubGJ6lSpfPZfbjFZKoy923il6haoL5PM01Q7SYueYDWWmhHy2AFXsHE8A1R_PJgCTU7Lw7EOwYudYJlj_3pFSliEpwMRjqPsTJNkEkk7A1R1I8RsBuMDFSyjy7YtK1_TWEUpn6JScePQ3ZD0lJx4-gyL_9kwmN1tXVWYrqQqDzbSB3JxArk9Q2j1UWwuQ9R549QGk-JUsP7qAIh9fMpmCFPsnmd9lrONFSy4X0VIoRLBEfddb8rosWkl96qbd9HBFMp2AmkVY48BKBzZ1YEsHudhvhW435B4NojQWfMUNaRiKhLlx13ddGvMVWD7TPkBVDsCzAbj-cGwLbobel6XYqHp9PxpX2ibbs6YfDb1de6PM_GjFDdwoHnrbR6xDDkp9Gz05gLY_wmw0MMKBqQj6okGdENSGoKYEtSSoK4K639wTmfFNsy0yY5l3HP3jGDQjVa0P6T1VrScFAdUDaNGMZfmeuQNeLY62UiNGauYoq-6vLvnRyspS54Y3okw0w_KAPDX7M84XP_2BXrLfCuIo5H4cdTrUc10aiC7nfkw7CWNxKFIOIxtIswBqHGzJKTn_yZ8o5ZS88MpNMLoHk-2ByydB7fOgdQO60WCr-KakvGdkRU2bqxxCNSirE6huOcPsgDx3eByn__kcCX_w-u_BoYHrBqVucFP-TLCe3R1dUTUZX1G1Id9fKiuZyy06O5yrFa2Sxfvnk1u10mLtrBl8dZrPgFm6ey0x1QVaCFmsG_L1GSlEoleV5gn5Yc1cT9hlazbOWF3Y8sLlN1bX8lInxkhVTEDllDjv_wIup-Txt84dPoqTax9D6gm0bZDbB-TYwMvbMOVcu1EEOpvjrHRQ22akfTZvZpIgS-Y1ZQ3Mf2o2z0eazr6mshmau1jXDmh1B0XeoK8b9LMGNBvA2MVRVeq5DJY5I5ZpZ8wynX16tGIj91sdnwVRtxslaSTSQAR-IOKOm8QhjaMwDjuozHRj_PLavwEAAP__P0IM3fIEAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv26=true; uncs26=1; u_pl26703069=1; pdhtkv23=true; uncs23=1; u_pl26637295=1; pdhtkv29=true; uncs29=1; u_pl27181530=1; slec3964c29655a100a3d8cc29a5ebb94dfc=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 1a5a05d89eb9242764eac941494f9c87\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=13e0f72a807bb8091b31314f6e78c2a7\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:12:33 GMT","end":"Mon, 29 Sep 2025 15:12:32 GMT"},"fingerprint":{"sha1":"9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A","sha256":"FB:D4:A2:1D:0F:F1:FB:A8:D9:5E:88:03:1F:BB:94:D2:32:5C:CC:49:11:11:FC:04:7B:C6:43:40:CF:1E:A2:BA"}}},"request":{"raw":"GET /pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=13e0f72a807bb8091b31314f6e78c2a7\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2a22d727313059f227e525f58fa32883\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":855,"timings":{"blocked":363,"dns":0,"connect":117,"send":0,"wait":121,"receive":0,"ssl":244},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":327,"timings":{"blocked":152,"dns":3,"connect":7,"send":0,"wait":21,"receive":3,"ssl":138},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/css/colors/dark.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:50.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/css/colors/dark.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 299\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 12 Aug 2026 12:02:17 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:12 GMT\r\netag: \"3d1-6899a690-f54ccc8bb469076;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 610653\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pnUoWDvIQaAzTSVTMPIFGym46q%2BEHVx3Od%2B5PJm7hNDnfG7wjPFKaDAeCP2SyQa2JSH%2FMZBEyrrdK7gPom0UMix2Kzno65GMQd%2BkqYw%3D\"}]}\r\ncf-ray: 9717ffdb88948bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":977,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"dc7ed9fc02f0b4f6df6b4dfaae5a0443","sha1":"3e1be290f2118147f59d36cbf3cedf00a86afda3","sha256":"4fb3437d50d7f9fb7353c614f83c4d2633808368a3b908fa7d135ec2574ee33f","sha512":"80f3a2621ea67cb0b7c3c31dc02d639a7f5bcc68fb751685b92ffeea0a56d7f76bfe6a5b228f9965043a99052fa2b94c575a0dd35089a9e24bf92bf706281511","ssdeep":"","tlshash":"c9110449c29a68bf557316fe232cdb006a7c30d8991457adfbca902146a56f879abcc0","first_seen":"2024-07-17T00:49:56Z","last_seen":"2026-04-09T19:51:58.124535Z","times_seen":283,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/jquery.smartmenus.bootstrap.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/js/jquery.smartmenus.bootstrap.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1861\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 18 Jul 2026 14:57:43 GMT\r\nlast-modified: Mon, 14 Jul 2025 08:16:31 GMT\r\netag: \"17e4-6874bcdf-edc0ba5a022c0712;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 2760127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7VD8mEsxPC4QjD1iTIJDD%2FVuXyFeUDmjhaGMFocjM4u889EVcsHLOpOjqqovtRiYwz3VEKzq36E8xRPWflT9tc9buId%2FIkYq%2BoCKNto%3D\"}]}\r\ncf-ray: 9717ffdba8de8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":6116,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"1427fe4a30d1b12e19d40bca25948a66","sha1":"5487ad1163c9ff890279de78f3e47dc8667de24b","sha256":"54d577b87649fbb5e3dac61c643a1fe14075c03cabe4f2bd2c269b4df5069f4a","sha512":"98dc61ce175db1b3aa750bd4dbacb41d6304f9d236a8c0d127e98cfbba9724caca510d205e5e966dfb0008f07b06d3ea11869861da79e89cb7b17bfa402a3a7a","ssdeep":"96:Q8X9VopuRtsZg9gpoQ+Ma0IirYrZFhrJ82ulG/Ak:Vuw6f0eYBlh","tlshash":"e5c166c173ae715fc4d7221625bf924aaf6ec1789046407e756b92ac7ed048823b3e3d","first_seen":"2023-03-13T22:18:50Z","last_seen":"2026-04-09T19:51:58.097829Z","times_seen":632,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:55.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423047\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/watch.896527579863.js?dev=e\u0026key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=c83f4cb538588d6581f0fef8e472efc981bb10bdf40b93e36e6aa1fff2c2e6b097aeca9b8d2d187374d35ce7a3249506460e37dd8f9613b0b075efb93fcc7f3b2faf8e9b17d9fd4a3538717e7e3845af7ae43f6294d192c6ec6a34\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:10:41 GMT","end":"Fri, 26 Sep 2025 22:10:40 GMT"},"fingerprint":{"sha1":"C7:75:50:5C:D3:7C:BF:A1:34:3E:61:33:FC:D6:81:21:2E:31:1D:92","sha256":"CB:A9:18:8B:DD:56:71:B4:C1:61:A7:9F:5C:50:7F:22:BB:83:72:BC:0F:B3:14:19:C4:E9:F9:59:6A:0F:95:EC"}}},"request":{"raw":"GET /watch.896527579863.js?dev=e\u0026key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=c83f4cb538588d6581f0fef8e472efc981bb10bdf40b93e36e6aa1fff2c2e6b097aeca9b8d2d187374d35ce7a3249506460e37dd8f9613b0b075efb93fcc7f3b2faf8e9b17d9fd4a3538717e7e3845af7ae43f6294d192c6ec6a34\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1 HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nReferer: https://packsitas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://packsitas.com\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; expires=Tue, 26 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv32=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs32=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nu_pl26637310=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b67b832c9630730dd0c5083d9daa3dda\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4815,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3939)","md5":"1d5fc9f24d50d1764419ce3b41d4bb2a","sha1":"6b02aca0cc09a89773c60b2a5e0914de53d26f08","sha256":"296df2d6b4c014d9ae843138cbb1fcf3084833c55d40d35f4217555e68d9e6b1","sha512":"f2fb7bd99839dfa81fc2e04aa434c6037eadc371c2f5ea605efe1abbc6c362d8bb33aa1b467a829e116a4be374f38bf3c1c995565303c3f0e4e5ab010c62dc77","ssdeep":"96:WozsVoy2PoJzWTXBoYqdo6nmTbbf9aSnM8R2wYQZ84e1/DMCfMEDaH:jz1kWTXWY8MvcSnM8NYQyHbMCkCaH","tlshash":"01a11a769ec70174694371bf271a9288aa62e1072914eec2f89cfe015734d701daead9","first_seen":"2025-08-19T07:40:33.346842Z","last_seen":"2025-08-19T07:40:33.346842Z","times_seen":1,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:11:38 GMT","end":"Mon, 29 Sep 2025 15:11:37 GMT"},"fingerprint":{"sha1":"F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3","sha256":"D8:C9:87:B5:89:5E:D4:F4:8D:FD:98:3C:31:39:42:67:D3:20:27:14:A9:AD:F2:AB:97:A4:48:0F:94:F0:FF:A2"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28254\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3b6e12eefec2152419f9c1b428415ecf\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/impr.gif?sid=H4sIAAAAAAAC_1RTv28dRReddaKv-FJ8HwFRUL0CiV_x8-7O7C9SIEIIRAlJlASlgGZ-2hPv293s7L51XEWJhFIgZBpEhdbnObGAgKChQ0LPdEFIPCpLxA1_AlJKhJ5jyeEW994zZ0Y6d-bMR5vtHqFo-e6l98p1m-d8KRr6g5ev2UKVnRtcuDoI_KF_cnDNFjE7OVibp3r8ekDZ0H9l8I6Wq-VS6Ae-H_jB4IyttSnXlvZZ2OpBFgwzf8jCYRAxrNX_xq714LgHNd4jx2HV7H9_mg9g5RTF6LvT2q02ZXXi7VGb86asMVbb7xerRdkVGB22pvZgiu2D3SjdjJDPF1AW2wcToBxvzSeAsDOy8PwjiGL7QCbE-N4TpSKHLiDUMXTjKXS-A8unkOUdWPUbAaTChYsoRvcvlHXHbz5h-ZydkaOP_4LtZuToo-dQjL49ldu1wZUybxtbFg5rpoddm8IuT1G1O2jWF2C7HcjmNqz6lSw9Po9itHXR5SWs2n2RBolkKtaLLBThIssYW-SpihYjLWVCTRTHRuxfkTVTcLeA1nlorYfWeGgrDyO1O2B-ymTAaWwyJROfccaUFn6Whr7PM5mglXPtG2iqDch8A7K-haq-hVX76Yx4x46jbn-CW9n9QabUMCkimkZpquIoDYxvtEk1S0JtZJYGQgS-UIb5IqOaxjrmPDDGhDLUsfCzhGvJM5GqUAVpQhOmaCR1wmnIssiPWexrmiiVmiwOqPCFn0TaiIwaKRNDRWi4SXUmgkRlRjFOI5omQaITTVMWcZNwzaiJw4ypIAtlrGXMKYNTHlxDMFY9Ok3QOYKOE3SWoGsIunF_T-UudP19lbtWBAc1PKi0n5TN8ia_VzbLuiDg9QZq1W_Z6oa7A9kcmawbpyblPHHR9BMuVL9Z7ZFn5pbwPnN_Y1XvDhg1IlaCB1GoZKLCIDYylL4vAhpQJQSc7WHdArjzsG5n5Nwnf6CyM_LSa9ch-A5cvgNp_w_eDsC7CQ198BVEPtaLbyouV51tuBvKcgRV9qiao2huepv5Hnlh35of_vIFtHxIDgKy7lHVPa7bnwmW87uTy2VHti6XnSPfX6waO7LrfG7bKw1v9H--OqdvdmWtzp52G1--KefEvH1wVbvmPC-ULZYd-fqUVUrXZ8paavLjWXdNi0utWznV1kVbnb_01pmzo6rWztmymILbGfnv3glIOyPP3tjZ_5Ls9sew9RR122PUPqW1ugVXHWJXEtT5IRYVQdf2kzoUh4u5Jcj1Ieaih3sKi8N-UvP5aW77TXcXy7UH3txBMeoxrnuM8x4834Brj0yaqn74xu90PyBybyLymmyJvJ7zdndgqJ4_aprEAU2NDihT0kQpy1TMfUo1Gjdb2Xr13X8CAAD__yWnsQxrBQAA","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:10:41 GMT","end":"Fri, 26 Sep 2025 22:10:40 GMT"},"fingerprint":{"sha1":"C7:75:50:5C:D3:7C:BF:A1:34:3E:61:33:FC:D6:81:21:2E:31:1D:92","sha256":"CB:A9:18:8B:DD:56:71:B4:C1:61:A7:9F:5C:50:7F:22:BB:83:72:BC:0F:B3:14:19:C4:E9:F9:59:6A:0F:95:EC"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTv28dRReddaKv-FJ8HwFRUL0CiV_x8-7O7C9SIEIIRAlJlASlgGZ-2hPv293s7L51XEWJhFIgZBpEhdbnObGAgKChQ0LPdEFIPCpLxA1_AlJKhJ5jyeEW994zZ0Y6d-bMR5vtHqFo-e6l98p1m-d8KRr6g5ev2UKVnRtcuDoI_KF_cnDNFjE7OVibp3r8ekDZ0H9l8I6Wq-VS6Ae-H_jB4IyttSnXlvZZ2OpBFgwzf8jCYRAxrNX_xq714LgHNd4jx2HV7H9_mg9g5RTF6LvT2q02ZXXi7VGb86asMVbb7xerRdkVGB22pvZgiu2D3SjdjJDPF1AW2wcToBxvzSeAsDOy8PwjiGL7QCbE-N4TpSKHLiDUMXTjKXS-A8unkOUdWPUbAaTChYsoRvcvlHXHbz5h-ZydkaOP_4LtZuToo-dQjL49ldu1wZUybxtbFg5rpoddm8IuT1G1O2jWF2C7HcjmNqz6lSw9Po9itHXR5SWs2n2RBolkKtaLLBThIssYW-SpihYjLWVCTRTHRuxfkTVTcLeA1nlorYfWeGgrDyO1O2B-ymTAaWwyJROfccaUFn6Whr7PM5mglXPtG2iqDch8A7K-haq-hVX76Yx4x46jbn-CW9n9QabUMCkimkZpquIoDYxvtEk1S0JtZJYGQgS-UIb5IqOaxjrmPDDGhDLUsfCzhGvJM5GqUAVpQhOmaCR1wmnIssiPWexrmiiVmiwOqPCFn0TaiIwaKRNDRWi4SXUmgkRlRjFOI5omQaITTVMWcZNwzaiJw4ypIAtlrGXMKYNTHlxDMFY9Ok3QOYKOE3SWoGsIunF_T-UudP19lbtWBAc1PKi0n5TN8ia_VzbLuiDg9QZq1W_Z6oa7A9kcmawbpyblPHHR9BMuVL9Z7ZFn5pbwPnN_Y1XvDhg1IlaCB1GoZKLCIDYylL4vAhpQJQSc7WHdArjzsG5n5Nwnf6CyM_LSa9ch-A5cvgNp_w_eDsC7CQ198BVEPtaLbyouV51tuBvKcgRV9qiao2huepv5Hnlh35of_vIFtHxIDgKy7lHVPa7bnwmW87uTy2VHti6XnSPfX6waO7LrfG7bKw1v9H--OqdvdmWtzp52G1--KefEvH1wVbvmPC-ULZYd-fqUVUrXZ8paavLjWXdNi0utWznV1kVbnb_01pmzo6rWztmymILbGfnv3glIOyPP3tjZ_5Ls9sew9RR122PUPqW1ugVXHWJXEtT5IRYVQdf2kzoUh4u5Jcj1Ieaih3sKi8N-UvP5aW77TXcXy7UH3txBMeoxrnuM8x4834Brj0yaqn74xu90PyBybyLymmyJvJ7zdndgqJ4_aprEAU2NDihT0kQpy1TMfUo1Gjdb2Xr13X8CAAD__yWnsQxrBQAA HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; u_pl26637310=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c51bb9aa50df52b576a6b370ed9ee319\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=ac744539d885732140d6b141d5a36226\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:12:33 GMT","end":"Mon, 29 Sep 2025 15:12:32 GMT"},"fingerprint":{"sha1":"9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A","sha256":"FB:D4:A2:1D:0F:F1:FB:A8:D9:5E:88:03:1F:BB:94:D2:32:5C:CC:49:11:11:FC:04:7B:C6:43:40:CF:1E:A2:BA"}}},"request":{"raw":"GET /pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=ac744539d885732140d6b141d5a36226\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b1e5ddf245de1a6affd00d2d4f8c3632\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":842,"timings":{"blocked":357,"dns":0,"connect":119,"send":0,"wait":120,"receive":0,"ssl":241},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/05/packsitas-descargar-packs-only.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:50.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/05/packsitas-descargar-packs-only.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 127494\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 15 Aug 2026 07:55:49 GMT\r\nlast-modified: Thu, 01 May 2025 13:02:32 GMT\r\netag: \"1f206-681370e8-63afd215d5bd9b63;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 366241\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g7ILDV98YxMf6C%2BFqoUFBHPa88ZpaZ4FBZCinJ3t5NuREjHSaaN5jycgwnzjtZtjOlKo3LRqgbzQdTh4v5mvak1uCDv4bCqwucmwBzk%3D\"}]}\r\ncf-ray: 9717ffdb888a8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":127494,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9d29024f83251786bf28a7badc21f8ef","sha1":"42f730803741107daa1335feba9f7f1f6e7ce5fd","sha256":"6ee0d2f84a9dcb4e9cd8350f7c9be87db7b77a15e23e9bc71997dc8be50bfddf","sha512":"e12624498c98dfec8a25d3cd5bd3cf977e2a8288f535e6c9ed667bcaa6438d930378a37ed1678cc7eb7569cf760186b5579c717c878400b2e23097c94bd3810f","ssdeep":"3072:8yGETXf2/l0Nuk8uO0KlwhuLzyfTVs5yaGJB5mDC4:ZzXOtPTuO0bkZcax","tlshash":"7fc312371a70d077d7493378a61336ae6e6667b2ba03f1054454de60bbb738903980fb","first_seen":"2025-08-02T11:30:48.481032Z","last_seen":"2026-03-09T01:54:48.245291Z","times_seen":9,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/watch.400632852932.js?dev=e\u0026key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=5e3aa79a1f1c6cc6eb2a755638fd204e1fcccc047ff4606171cd6c496abeadad05ca633d7a1ae51783e19c6e222be9434cf9ea99e6f091588e4107fdcb9096c30a711091a739943340515aea9a197a513b9be5df2e6866e4e2684f\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /watch.400632852932.js?dev=e\u0026key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=5e3aa79a1f1c6cc6eb2a755638fd204e1fcccc047ff4606171cd6c496abeadad05ca633d7a1ae51783e19c6e222be9434cf9ea99e6f091588e4107fdcb9096c30a711091a739943340515aea9a197a513b9be5df2e6866e4e2684f\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nReferer: https://packsitas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; expires=Tue, 26 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv32=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs32=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nu_pl26637310=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 9\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 96cadaa6c92b717d93975f3b4b7b42b8\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4811,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3935)","md5":"8bb1995f62eadab5dc903f508e481929","sha1":"ef63a78b6bba1db1af37c917cbcfe9c10f7b1fc0","sha256":"75277e8687475931f6223d16e63cf059e53479e514c8c86d76e1834099d1f229","sha512":"bbde4173e4c8012204e4ce345ac1c7148ddf2149089c45827019ef737e26346bb6f5221ecf03459c700c6feb9026c00c08842425767d7ca1d5b3ca3a79eccd7c","ssdeep":"96:WozvMMV/v8t5POcmh6eHK94HgSEs6NjK3jWtSW1G1/DMCfMEDaH:jzvMJ52fHKO9Es6NjQjO16bMCkCaH","tlshash":"a5a119b76d9322793d56a07f153b53acb9a582073904ff82794cf1656bb0ea00f78d88","first_seen":"2025-08-19T07:40:33.348901Z","last_seen":"2025-08-19T07:40:33.348901Z","times_seen":1,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sentry.developzilla.com/api/12/store/","fqdn":"sentry.developzilla.com","domain":"developzilla.com","tld":"com"},"ip":{"addr":"96.46.180.116","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"developzilla.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 07 Jul 2025 20:58:44 GMT","end":"Sun, 05 Oct 2025 20:58:43 GMT"},"fingerprint":{"sha1":"AE:CE:02:AD:6B:2C:68:87:F6:2D:3D:3E:59:10:E2:07:70:C8:3D:C4","sha256":"42:DA:7B:D8:6E:9E:FA:8B:AB:1F:DD:37:A9:07:5E:FD:94:98:AD:35:4F:7B:80:02:89:1F:C7:A2:DA:75:94:E8"}}},"request":{"raw":"POST /api/12/store/ HTTP/1.1\r\nHost: sentry.developzilla.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://packsitas.com/\r\nContent-Type: application/json\r\nX-Sentry-Auth: Sentry sentry_version=7, sentry_key=18eb246192ea9ed123b97c23c9107596\r\nContent-Length: 1876\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.25.5\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after\r\ncross-origin-resource-policy: cross-origin\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload;\r\nx-content-type-options: nosniff\r\nx-robots-tag: none\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fd181bac030561c905a8122c9b6f7cef","sha1":"68f0ac218db723a322075e3cfaf9b1848dbe5777","sha256":"dded2bf2d5c92574438f765fe904d4b9e2a4c7f9bd5026dc52d2813b46a969ae","sha512":"25a22f412880ab55d91ba8e900dcd84bba7919b5bfc8fa660831127ae6198f936a469072bf07164767773409948e879bb9d12686dbfc2ba467978f329d2e6869","ssdeep":"","tlshash":"cc90044150150dc5754c1743441d403545104135744147440541405407147fc77d4117","first_seen":"2025-08-19T07:40:33.34977Z","last_seen":"2025-08-19T07:40:33.34977Z","times_seen":1,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/sbar.json?key=f196f12eba49c74f7aab0889dfff3f05\u0026abt=F-2677-5_0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /sbar.json?key=f196f12eba49c74f7aab0889dfff3f05\u0026abt=F-2677-5_0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv26=true; uncs26=1; u_pl26703069=1; pdhtkv23=true; uncs23=1; u_pl26637295=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; expires=Tue, 26 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nu_pl27181894=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nslecf196f12eba49c74f7aab0889dfff3f05=[3078195]; expires=Tue, 19 Aug 2025 07:39:58 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 214\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 52d7bbe0a9d094a35cf2a6e8a04a33fc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6483,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"a7845e1cc950fd9d95166081a7176ecd","sha1":"ef1929ea231ed33e542b21253f2fc163025cdd93","sha256":"7a7a2dd60ea471dfe8bab47c622669956a15b8ef34eb37ad8eb60b43b3c5fdcb","sha512":"7d541663f4a7db076b9bd276293a516bdb9f217ae3d82e4a87bb938e693074d951cbd38fa03570c96b27eafae2893881d397f8c9906938ab7dbd8447cd20049e","ssdeep":"96:9zbLyevKFJ9pT/cWsqZDqZr+U9s6J5co51O3oHVnqEP84B+ZN/YjZgkLh7z4XHSp:9zKeSFJjT/LbZWRxaMF5cQB6/+Nd8Y","tlshash":"46d19e3f80bd511c16440aa6a98f3da0dd0afc1ec316b58986e7465fc5ec8c04e68067","first_seen":"2025-08-19T07:40:33.350717Z","last_seen":"2025-08-19T07:40:33.350717Z","times_seen":1,"resource_available":false,"data":null}},"time_used":323,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":323,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c90JGdu5EFs0R455wH6HS%2BnQvbtvb9Bh%2FgpPBRLLiONDTBbfwhJZLTUnhnlUb7Uh%2FG5j%2FSxjZO%2Fi0zVHXILmIwQ4K2KJqEBeCRDzJgZiFoE%3D\"}]}\r\ncf-ray: 9717ffeb1b039780-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-10T09:34:35.831084Z","times_seen":10596,"resource_available":false,"data":null}},"time_used":518,"timings":{"blocked":39,"dns":5,"connect":8,"send":0,"wait":437,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/08/niquidoll-onlyfans-2025.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/niquidoll-onlyfans-2025.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 477762\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 19 Aug 2026 13:39:51 GMT\r\nlast-modified: Sat, 02 Aug 2025 17:04:21 GMT\r\netag: \"74a42-688e4515-c7abca75896bb304;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MpF6v9qjZtYlaLwX8rSM8Exs8l8ZJ%2BT65adXuF8b4GMAM7hSPOIf5CB7ZQWgVpECPKM6XAoFm5mHBbMlFig3%2BGmrH0YrZh7peRpIQUc%3D\"}]}\r\ncf-ray: 9717ffdba8e38bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":477762,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9662724a8526e81c9663613d912e3c73","sha1":"4cfef2f0a74e3fd41bb9ed8df7a0bf2617f93478","sha256":"87c2d1293dee710fd83bdb279538c12d1c05d5a95955b7e6ce7c51bafc0a6195","sha512":"872a6be5b41c50a5b8f9a6fbe9b31b380c928b93b83dc270fb31761d1067ca5d1a257af3e06599959caf5d3d661b0fe6ccc51d8ba2bf34d47d4dc398b8c3ecaf","ssdeep":"12288:wb9YD9DCOlvKdr+XGPoL5Nva2jgHqyggApVRffup6KXDrI:2eD1CSvKRgGoN5IPgg2VRXIXXI","tlshash":"f4a423f8d6c029bbc6b75530c07bd54d9aa0f1353469b8a03b2637674a7ae052e5c0bf","first_seen":"2025-08-19T07:40:33.351733Z","last_seen":"2025-08-19T07:40:33.351733Z","times_seen":1,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":90,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/webfonts/fa-solid-900.woff2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/wp-content/themes/blogus/css/all.css?ver=6.8.2\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 156496\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 12 Aug 2026 12:02:17 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:13 GMT\r\netag: \"26350-6899a691-67b2fbebaa264f96;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 610653\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9hPHLp7%2FxCK9R4Uf2aY%2BZ5pGHl%2BSUhTvhEsuJJmKljYQcbTC9JmZtcyrOJhC70sXBdHZWz%2Fu6SvEmd6xYC0nhSUnEXHeKR6hDK0EdNs%3D\"}]}\r\ncf-ray: 9717ffdcedcff9e2-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":156496,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 156496, version 773.768","md5":"6c4eee562650e53cee32496bdfbe534b","sha1":"1aae708e3b94ee981b452a918d28ed037fbb5e18","sha256":"9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2","sha512":"ebcb5a2e2a908228f77ecd03b45491778cad73ddc39fa3a6334b129aaf9fa36c16c0307aeaad74d77f616b5b34aac52d91e9f4816945253dc9a826ddd71f4d12","ssdeep":"3072:OvM6gZMLmY8uGpjVnlooQ+GQs8jic0f/KkMdE:OU65LoP5QSsuic0f/cdE","tlshash":"8ce31200d620498d9978fd5b2a1fa1ffa7a939c95ed210bad3c30cb93257143bbc2556","first_seen":"2023-12-02T04:06:15Z","last_seen":"2026-04-10T09:37:40.450539Z","times_seen":33879,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/watch.1736568672841.js?key=e04e9b072ee6a34b832778e9f9226f9b\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:21:33 GMT","end":"Fri, 26 Sep 2025 22:21:32 GMT"},"fingerprint":{"sha1":"4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97","sha256":"A8:42:B5:4A:20:C8:13:EF:B5:90:0F:54:37:F7:05:60:8D:91:07:E3:A4:0F:7A:22:C9:AF:F1:F5:22:E8:68:C9"}}},"request":{"raw":"GET /watch.1736568672841.js?key=e04e9b072ee6a34b832778e9f9226f9b\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nlocation: https://skinnycrawlinglax.com/watch.1736568672841.js?dev=e\u0026key=e04e9b072ee6a34b832778e9f9226f9b\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=ba4aad2bb37bd646558cf4c0e1d84c50c87b6d2c616467a7dbdea1b4ced17d552333418300a92851a312f89c6a66b9ff7fbcf687a3230f8fb75e3726312e3624807044d7195eca850b10cd8e92c444e0fb31d1258b3c9811f628aa\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI3MywiayI6ImUwNGU5YjA3MmVlNmEzNGI4MzI3NzhlOWY5MjI2ZjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjUsInB0Ijo0LCJwayI6Ims1em1uMmk0IiwiY3BrcyI6eyIyOCI6Ijc0NjVjYjI4OGEyMThkZGJiMTcwZWY4MGYwNzE2MDFiIiwiMjkiOiJmMTk2ZjEyZWJhNDljNzRmN2FhYjA4ODlkZmZmM2YwNSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vcGFja3NpdGFzLmNvbS9uaXF1aWRvbGwvIiwiYXIiOltdfX0.2L91vOjoKZ-1o3qRPSdUC8mCSsNbUkO-ELpDTI_kuDY; expires=Tue, 19 Aug 2025 07:40:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8d064d22a7ed1be66f256bc1e08a5575\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4823,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":779,"timings":{"blocked":339,"dns":20,"connect":102,"send":0,"wait":105,"receive":0,"ssl":210},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/watch.1736568672841.js?dev=e\u0026key=e04e9b072ee6a34b832778e9f9226f9b\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=ba4aad2bb37bd646558cf4c0e1d84c50c87b6d2c616467a7dbdea1b4ced17d552333418300a92851a312f89c6a66b9ff7fbcf687a3230f8fb75e3726312e3624807044d7195eca850b10cd8e92c444e0fb31d1258b3c9811f628aa\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:21:33 GMT","end":"Fri, 26 Sep 2025 22:21:32 GMT"},"fingerprint":{"sha1":"4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97","sha256":"A8:42:B5:4A:20:C8:13:EF:B5:90:0F:54:37:F7:05:60:8D:91:07:E3:A4:0F:7A:22:C9:AF:F1:F5:22:E8:68:C9"}}},"request":{"raw":"GET /watch.1736568672841.js?dev=e\u0026key=e04e9b072ee6a34b832778e9f9226f9b\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=ba4aad2bb37bd646558cf4c0e1d84c50c87b6d2c616467a7dbdea1b4ced17d552333418300a92851a312f89c6a66b9ff7fbcf687a3230f8fb75e3726312e3624807044d7195eca850b10cd8e92c444e0fb31d1258b3c9811f628aa\u0026tz=0\u0026uuid=317c4d6e-42b2-4944-a8d5-5ecc73f566fb%3A2%3A1 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nReferer: https://packsitas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI3MywiayI6ImUwNGU5YjA3MmVlNmEzNGI4MzI3NzhlOWY5MjI2ZjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjUsInB0Ijo0LCJwayI6Ims1em1uMmk0IiwiY3BrcyI6eyIyOCI6Ijc0NjVjYjI4OGEyMThkZGJiMTcwZWY4MGYwNzE2MDFiIiwiMjkiOiJmMTk2ZjEyZWJhNDljNzRmN2FhYjA4ODlkZmZmM2YwNSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vcGFja3NpdGFzLmNvbS9uaXF1aWRvbGwvIiwiYXIiOltdfX0.2L91vOjoKZ-1o3qRPSdUC8mCSsNbUkO-ELpDTI_kuDY\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; expires=Tue, 26 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv25=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs25=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nu_pl26637273=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 8\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9fe73399d68525cfa15198a59d327bec\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4823,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3947)","md5":"7e0aebf4b1df69eebf0fb43d2571de94","sha1":"cbe7276bea8720c19e2603e02ea8da57a6efb679","sha256":"8ec7707bbe9cf9f27ef25c49e409f13aa2ad4cecaa418001c78da7d27b314c17","sha512":"2575fbc3c55d2454164c02e3796c3945d82dcf274cbffbe6926779a62888059aeb8c254a2462bc6b197bafb9d5c143e3b0e7174d59966fbe16863ef510426386","ssdeep":"96:rozbr3rgvG3qnNlRmCuv69CgvG3qnNlRmCuG1/D0CfMEDaH:czb3qnj9uv6c3qnj9u6b0CkCaH","tlshash":"3da12bb12ce2aab56113767f51bdb3293e54c2294a418c81bc9ce2400fa5b318de9f38","first_seen":"2025-08-19T07:40:33.353104Z","last_seen":"2025-08-19T07:40:33.353104Z","times_seen":1,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":118,"dns":1,"connect":22,"send":0,"wait":34,"receive":13,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/age-gate/dist/main.css?ver=3.7.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:50.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/plugins/age-gate/dist/main.css?ver=3.7.1 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 2599\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 08 Aug 2026 18:43:13 GMT\r\nlast-modified: Tue, 08 Jul 2025 23:44:38 GMT\r\netag: \"3252-686dad66-c5338854cc7b6723;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 932197\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jUCK%2BPS3B%2FgEL4m88Ch5Jc3sf%2BLHCca92oFmHAz7ZNJYUUZ8c1WFqaYRNu%2BFyg4ulHROdnNJ26%2B%2BuQwjcApQdqHvM2n%2FLOxj7ihypn8%3D\"}]}\r\ncf-ray: 9717ffdb888f8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":12882,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (9870)","md5":"59347efe4c8555af54ca540697fdeee5","sha1":"6e396f7e20bd23e2a2f516c65d260cbda9190d1d","sha256":"54e04350558c81567c1e74b2de05a53a325614f20e770bfdab89d49cb45369c4","sha512":"2c2f3c4dee2da4b3c28a1f5b393dbf164dad4a7db96a753694f7ce9e812ef85ff7788b207c76ba620285d46e5c0ae6699e4c83892c1930384a48f2d4dc34c632","ssdeep":"192:xU4eVM4jocb/EdF4bimire0fLc50X8uHC4Ia4QfnZcSc0rtK:xUdvZi9K0X8afZc","tlshash":"c0423db51529913c9a77673fb9c6630c631c1901ef3a4e7cbf142a6443ceeb80abe509","first_seen":"2025-07-02T21:35:20.454465Z","last_seen":"2026-04-10T09:31:50.193351Z","times_seen":763,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogza/style.css?ver=1.0","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogza/style.css?ver=1.0 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 2716\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 30 Jul 2026 10:12:37 GMT\r\nlast-modified: Mon, 28 Apr 2025 20:53:02 GMT\r\netag: \"2b7b-680feaae-737fd2640a5eecec;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1740433\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fPI0NbVUNZGImCknZ3TAGYzk1Ex%2BCY0fbZLSCaRn7KF%2FqiMAQKYyCkm%2Beqgia5gDSdcitCW1L8wlJfV7NLaS79%2Fdh3UNXtp3JUJ7q6U%3D\"}]}\r\ncf-ray: 9717ffdb98b28bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11131,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (586), with CRLF line terminators","md5":"931fb5f672f108a38d58f7e56fe14535","sha1":"c71e44f3649578d42fa4c9b541456be697903677","sha256":"91f6d63ed5a3c24fc7a086ab64516d051560ec197c45933c4725c2566718887f","sha512":"be70b189e07b9dd2926a7bc70f87e5c4ecae2b2753a1bf28fe50410f1938d5a6209ad0ecf6a6dc193aa0759fc98f6c0b76112582ddd0c26a6d4b213eec3b8d67","ssdeep":"192:EeWEsrhU/jQUzOgKacSfN5jjP+9Z9MFvnRYO1PidVXmnvJMEMCddUzAd0GMMgdvd:A4CP3WJPidVXmnvJMEMCddUz80GMh6Cl","tlshash":"9e3294a5ee1626489b36daea9bf40744de2b00977b0b00e0ff9d41485f7515c26b3fe8","first_seen":"2025-05-14T05:46:26.80267Z","last_seen":"2026-03-18T14:42:55.409726Z","times_seen":20,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l6%2FXwxw9N46xePROCIMTaIgrsRwr03G%2F7PdW6LPW88rOPdA4CNO6%2BxViG5ENT8LNuKwnTbkcudP1bfH1nXF4k8%2BVhgwpvkZ%2FYQmL3MM4drc%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-3c2\"\r\ncf-ray: 9717fff09831588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":962,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"0013fbb3bd9e7300fa1bc9f62501dcf0","sha1":"447e4a8994979e2e158b9beff79b94e7d1b29508","sha256":"4cf18df81115ddab6967dc82096077ee024223dac3c6ffc9b810bffb7780a20e","sha512":"288a5e82fdbfdadf11f5a15ed40b54b67dd43fd83f0666abf85ebc0f14ef3b6e5e9104c3491fdb85b40e5556b252d933ee8cbe6e381e96e01170e76c60003dc6","ssdeep":"","tlshash":"e7117d37156882f06257f027a15729d6ee32029ee81a5707721c06cd0ec47b913fa6e7","first_seen":"2023-06-25T06:36:24Z","last_seen":"2026-04-10T09:34:35.813821Z","times_seen":2295,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRSuTvam4A_EgyDMYcGfM-lf88s9yK67kbgxibsrOXiQ6qruSe1Ud7VV3dOT8RIMyIIg400v0vlmssF1Ff0DBJ14WxQcT0E3F_8EYcGbTDIw-g7vva--KvjeV-_jg_yUeMjpydbbaiCkpCv1ml15cVskXBWmsnGr4tg1-1JlWyQN_1KlP0u695rj-TX7pcqbIeuqFdd2bNuxncqq0GGk-itnLER6v-3U2nbNd2tO3Udf_x-b3IKhFnjvlDwNwadP_BW9B8EmSOLvroamm6n01WtxLmmmNHr86N2km6giQbxoI20hSo7mt6HMlJDPl6CSo_kEUL3xbAIEYkqWnn2IIDmay0TQOzxXGkiECQL-GIreBKGcQNAJmNqH4L8RgHFsbCKJ724oXdDdc5bO2Cm58OhviGJKLjx8Bkn87RUp-pWbSuaZUIlBPyoh-hOIzgRpfoxssARRHINlH0HwX8nKo3Uk8XjTSAXBTy4GbisI6k6jajPeqPqce1Xq2k7VaQWNZuRSO2pFZxaJaAJqlpEbC7mwkEcW8tRCzE8qvt3ymUO9RtTmrGn71Pd5GNjtlmvbtM2ayNlM-xBZOgSTQzC9h1TvoSuG0PmPMDslDF-GyabEemcPPV6iCAkKQ1BQgkIQFBlB0SsPuTSuKe9yafLAmVd3Xr1ypLLOAT1UWSdMCKgeQvNyLNIPzD5YtjwaRIaP1CzRILu3WnUbzWa1_r4zogEvD9JT8tTMZOvLn_5ANzypUNb0_brX5q1Wvem5jm_zRuD4Dq9Tr-G6DRhRQpglUGNhIKbk-qd_IhVT8sIrtxHQYxh5DCaeBM2fBy1K0J0Sg-SblLKuERk1NaZicFUizS4g27UO5Cl57uyfL__zBUL24PXfvbMA0yVSXeK2-JmgI--MbqiCjG-owpDvN9NMxGJAZztwM6NZuHzverhbKM3XrprhV5fZjJi192-FJlunCRdJx5CvrwjOQ72qNAvJD2tmOwy2crNzJddJnq5vvbG6Fqc6NEaoZAIqpsT68BcwMSWPv3XtbL8vrn0CoSfQeYk4f0DmAZbuwaQL7UYRaLngg9RCkZcj7QaLQykIZLjANChh_oODRT_SdPaaivLA3EFHW6DZPpK4RE-X6MkSVA5h8uVRluqFjEBao0BqaxxILT87t9iIk0rkhS6z7Vaz4XitKHQ8n7Oo3vLbvEFtzwuRmenO-OW1fwMAAP__RAZtLb0EAAA=","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 02 Jul 2025 00:39:20 GMT","end":"Tue, 30 Sep 2025 00:39:19 GMT"},"fingerprint":{"sha1":"2F:53:8D:73:5E:CE:FB:91:B4:FD:2B:4E:F3:E9:80:AA:62:1A:61:CD","sha256":"C1:D4:30:78:23:7C:54:B2:69:C9:DF:D9:A9:CB:93:CF:63:1B:C9:46:05:84:47:B1:70:77:4E:B8:85:DE:85:B8"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRSuTvam4A_EgyDMYcGfM-lf88s9yK67kbgxibsrOXiQ6qruSe1Ud7VV3dOT8RIMyIIg400v0vlmssF1Ff0DBJ14WxQcT0E3F_8EYcGbTDIw-g7vva--KvjeV-_jg_yUeMjpydbbaiCkpCv1ml15cVskXBWmsnGr4tg1-1JlWyQN_1KlP0u695rj-TX7pcqbIeuqFdd2bNuxncqq0GGk-itnLER6v-3U2nbNd2tO3Udf_x-b3IKhFnjvlDwNwadP_BW9B8EmSOLvroamm6n01WtxLmmmNHr86N2km6giQbxoI20hSo7mt6HMlJDPl6CSo_kEUL3xbAIEYkqWnn2IIDmay0TQOzxXGkiECQL-GIreBKGcQNAJmNqH4L8RgHFsbCKJ724oXdDdc5bO2Cm58OhviGJKLjx8Bkn87RUp-pWbSuaZUIlBPyoh-hOIzgRpfoxssARRHINlH0HwX8nKo3Uk8XjTSAXBTy4GbisI6k6jajPeqPqce1Xq2k7VaQWNZuRSO2pFZxaJaAJqlpEbC7mwkEcW8tRCzE8qvt3ymUO9RtTmrGn71Pd5GNjtlmvbtM2ayNlM-xBZOgSTQzC9h1TvoSuG0PmPMDslDF-GyabEemcPPV6iCAkKQ1BQgkIQFBlB0SsPuTSuKe9yafLAmVd3Xr1ypLLOAT1UWSdMCKgeQvNyLNIPzD5YtjwaRIaP1CzRILu3WnUbzWa1_r4zogEvD9JT8tTMZOvLn_5ANzypUNb0_brX5q1Wvem5jm_zRuD4Dq9Tr-G6DRhRQpglUGNhIKbk-qd_IhVT8sIrtxHQYxh5DCaeBM2fBy1K0J0Sg-SblLKuERk1NaZicFUizS4g27UO5Cl57uyfL__zBUL24PXfvbMA0yVSXeK2-JmgI--MbqiCjG-owpDvN9NMxGJAZztwM6NZuHzverhbKM3XrprhV5fZjJi192-FJlunCRdJx5CvrwjOQ72qNAvJD2tmOwy2crNzJddJnq5vvbG6Fqc6NEaoZAIqpsT68BcwMSWPv3XtbL8vrn0CoSfQeYk4f0DmAZbuwaQL7UYRaLngg9RCkZcj7QaLQykIZLjANChh_oODRT_SdPaaivLA3EFHW6DZPpK4RE-X6MkSVA5h8uVRluqFjEBao0BqaxxILT87t9iIk0rkhS6z7Vaz4XitKHQ8n7Oo3vLbvEFtzwuRmenO-OW1fwMAAP__RAZtLb0EAAA= HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[4323737]; u_pl27181549=1; slec13e0f72a807bb8091b31314f6e78c2a7=[4323731]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nSet-Cookie: iprc_l+20f51bbe22bf1066aa0be3cac89ac5f9=4323737; expires=Wed, 20 Aug 2025 07:39:54 GMT; path=/; secure; SameSite=None\niprc_l:4323737=1; expires=Wed, 20 Aug 2025 07:39:54 GMT; path=/; secure; SameSite=None\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9c467c5e9d1869de35f37846d0b89507\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":130,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/dark.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/js/dark.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 355\r\ncache-control: public, max-age=31557600\r\nexpires: Sun, 16 Aug 2026 14:56:31 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:13 GMT\r\netag: \"464-6899a691-61ee2dbd0ce5f85d;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 254599\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6m7bDqZGbrgCszWBmO9PkYKk3GpsHNfGrynUCAt7okPWrns5GPaAYEysq1cmUxpxpLgnFxyPmOPt82t4dfJU3IQ%2FSSVxBFkwCnbzuv0%3D\"}]}\r\ncf-ray: 9717ffdbb9098bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1124,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"f3212f8f45e9eec6cc50cbd8cf857286","sha1":"2b5d518ac01b60e9406cdaab570cdce1d00c40b3","sha256":"fc0de871dbc236f314f4c2ac02021a01ec1e68bf56bd736ca7430e03cc144ac6","sha512":"2d9b58cd4c0ecf9f73068d332cb45d5930670d3a44d4805a105d6c9dc9cadbc9d5519bf2964c706dcd4e30a66d4b5eb6f7e187221d9d220e231a987f703de3ae","ssdeep":"","tlshash":"f221ba8eb42ba1d899b7623d4fbe4410eea408bbd1045e007c5d68a01f780a0496cefa","first_seen":"2024-05-29T13:54:00Z","last_seen":"2026-04-09T19:51:58.085132Z","times_seen":320,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/sbar.json?key=3964c29655a100a3d8cc29a5ebb94dfc\u0026abt=F-2677-5_1\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /sbar.json?key=3964c29655a100a3d8cc29a5ebb94dfc\u0026abt=F-2677-5_1\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; uid_id2=317c4d6e-42b2-4944-a8d5-5ecc73f566fb:2:1; pdhtkv=true; uncs=1; pdhtkv26=true; uncs26=1; u_pl26703069=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; expires=Tue, 26 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nu_pl27181530=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nslec3964c29655a100a3d8cc29a5ebb94dfc=[4323737]; expires=Tue, 19 Aug 2025 07:39:58 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 214\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e1ff0f8c1ece0a513edc8eb7c7430b29\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6364,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"258ae87d2ab96b30cf9195e24ff416ac","sha1":"7a2fc4e1374a0a247a48a6002018f4cb7f925c0b","sha256":"446b7515f909e6b58cef6f97b0ddfc676440e3c67f3cdfe59bc74a785d988196","sha512":"1b9caad98e1c2860187668a643cfd07d857a5a1ee7d23fc128ecdb4f1905c902b601bf1a7943478cc0983ed288f88d1d0083c99bd9bc275f299740f8eb3a32d8","ssdeep":"192:9zE2+N8+JouyLLIZE0oUu/UMkX+UmmIpyYOMf6K:9zmN8+JsLLIeHUu/JbtpOMf6K","tlshash":"bed19dfe222e3472ce928d4461062d7d0de04f2b7e80ba6ef9dc9bfd5455607202d62c","first_seen":"2025-08-19T07:40:33.3563Z","last_seen":"2025-08-19T07:40:33.3563Z","times_seen":1,"resource_available":false,"data":null}},"time_used":320,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":320,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/13/e0/f7/13e0f72a807bb8091b31314f6e78c2a7.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /13/e0/f7/13e0f72a807bb8091b31314f6e78c2a7.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 25616\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: 4b4e7ab587d59b22ad7bcd2439afc363_F-2677-5=0; expires=Tue, 19 Aug 2025 07:39:52 GMT; secure; SameSite=None\r\nx-envoy-upstream-service-time: 14\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c0b7c5d7d6e1c0b838a7fefd56721032\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":72587,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"274b28e7200c4329883dfa44e375e5ad","sha1":"a7d718235c91f36f08f26587b8a141204165ad7b","sha256":"b05dea690ee973dfa4d72d332cc44ad612b53a1184491fb7b87adc33b2cee6ba","sha512":"15e34ac71eda0d9d5fdddfd39f2f1fd11262858c5a0af26f27c4f3f83d612e38d21fac4beeb37f4c0cdde6b19c0bea7b789e5f26771d55165057f2e2ac660eea","ssdeep":"768:Y2bnaMmmjCqw648+QhS8u+Jcj/XcdNjNpmOdY08kUbTehzbcepw4f:Y2bnZp4x5O+jvcVdY0U3fm","tlshash":"a863c7483f91b27802e6b8fa712fa61af0265c0195d8e4d8f503f4deae66719f035f25","first_seen":"2025-08-19T07:40:33.357502Z","last_seen":"2025-08-19T07:40:33.357502Z","times_seen":1,"resource_available":true,"data":null}},"time_used":622,"timings":{"blocked":-1,"dns":1,"connect":119,"send":0,"wait":137,"receive":119,"ssl":246},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:11:38 GMT","end":"Mon, 29 Sep 2025 15:11:37 GMT"},"fingerprint":{"sha1":"F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3","sha256":"D8:C9:87:B5:89:5E:D4:F4:8D:FD:98:3C:31:39:42:67:D3:20:27:14:A9:AD:F2:AB:97:A4:48:0F:94:F0:FF:A2"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28254\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: fa993a01c4f0cc7fae0519a5e18eff22\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mst2t5XCCP2dghbzTwwYoOL4dEr566mi47iIECN6Me%2BAgy2ujXx4Wxojl1rAw79c0sM2ohKUpBkEeZryQXyxzzGZ%2Fij1KPz6cMLt%2BVBtDQk%3D\"}]}\r\ncf-ray: 9717ffee1fa4588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-10T09:34:35.831084Z","times_seen":10596,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/04/cropped-packsitas-icono-2025-192x192.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:55.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/cropped-packsitas-icono-2025-192x192.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=obtrusiveorganizeresponse.com; pp_main_7899179f180892f5e24f28902243b3a5=1; sb_main_3964c29655a100a3d8cc29a5ebb94dfc=1; sb_count_3964c29655a100a3d8cc29a5ebb94dfc=1; sb_main_ac744539d885732140d6b141d5a36226=1; sb_count_ac744539d885732140d6b141d5a36226=3; sb_main_f196f12eba49c74f7aab0889dfff3f05=1; sb_count_f196f12eba49c74f7aab0889dfff3f05=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=wayfarerorthodox.com; sb_main_13e0f72a807bb8091b31314f6e78c2a7=1; sb_count_13e0f72a807bb8091b31314f6e78c2a7=1; sb_main_6e642680db3ecb105b002b772d76b2a8=1; sb_count_6e642680db3ecb105b002b772d76b2a8=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 14360\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=r%2BW9UDRrkSsEzpPD%2BJFIBkkr1M9OkU5CN%2F%2B%2FFRgnyJ309leqPTxK7GT5EsKN5xhk5ruNxTNsaqKyFudWJ%2Bd6%2FjUCZHhviODB0rPvXglnyj%2FkVul3mgtQ5774wrhQSGzH\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\ncf-ray: 9717fff619c7f9e2-ARN\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 08 Aug 2026 18:43:17 GMT\r\nlast-modified: Wed, 30 Apr 2025 17:52:28 GMT\r\netag: \"3818-6812635c-4d68d4e7981975a0;;;\"\r\naccept-ranges: bytes\r\nvary: User-Agent, Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 932197\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=8189\u0026min_rtt=6434\u0026rtt_var=474\u0026sent=531\u0026recv=123\u0026lost=0\u0026retrans=0\u0026sent_bytes=661612\u0026recv_bytes=11304\u0026delivery_rate=24663524\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=0\u0026ss_exit_reason=0\u0026cwnd=527278\u0026unsent_bytes=0\u0026cid=11333fa9d75bb26d\u0026ts=4437\u0026inflight_dur=174\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14360,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f9fbde5925b61192d52663dc6a524f06","sha1":"feb01e38f979c35a17635e09d5e204844f64380c","sha256":"681bd5ecff8889478e3057f47341c0cb6051773f3e15af5a61595fafaed6ce69","sha512":"3a0c9c47f854bd5daafb57474ed11fa96146447d97200b7adcad2b73f961ae325847e798cfc7ec8417c99155dd0444613bd326e0ed5f2c2d98c7ca11cbc51bb2","ssdeep":"384:SwJR7ziSFiOa4rqNNl/0n0Jdroy9WYCZxD89I:SoJFiJD40nrlIYCZxDf","tlshash":"d052d0d908a87ee36d8b8c77f3c23706194f4c8553056bc6e12d89c3e9446b230a2deb","first_seen":"2025-08-02T11:30:48.402593Z","last_seen":"2026-03-09T01:54:48.216905Z","times_seen":9,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/f1/96/f1/f196f12eba49c74f7aab0889dfff3f05.js","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:21:33 GMT","end":"Fri, 26 Sep 2025 22:21:32 GMT"},"fingerprint":{"sha1":"4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97","sha256":"A8:42:B5:4A:20:C8:13:EF:B5:90:0F:54:37:F7:05:60:8D:91:07:E3:A4:0F:7A:22:C9:AF:F1:F5:22:E8:68:C9"}}},"request":{"raw":"GET /f1/96/f1/f196f12eba49c74f7aab0889dfff3f05.js HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 25622\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: 4b4e7ab587d59b22ad7bcd2439afc363_F-2677-5=0; expires=Tue, 19 Aug 2025 07:39:52 GMT; secure; SameSite=None\r\nx-envoy-upstream-service-time: 11\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 247c44cf9c9631304dee78e7772c4913\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":72608,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f6265a485a628e8256e7afb8cab57e65","sha1":"e0f9afdc8334dfa0cdad8057f66f58b77d1172fd","sha256":"90367c67c192f54663c5ce5a8b90323a10706a7633168905356c553f96a3c9b2","sha512":"f67140edb023c4ca4fc0d397cd8b8e47d06c491fba2f7851308e9fb24257e35c37114819e9a57b2667357fac1547fb030e6cfb3680473076faeb5184efc3281d","ssdeep":"768:Y2bnaMmGj9qw648+QhS8u+Jcj/XcdNjNpmOdY08kUbTehzbcepwOf:Y2bn1G4x5O+jvcVdY0U3f4","tlshash":"8f63c7483f91b27802e6b8fa712fa61af0265c0195d8e4d8f503f4ddae66719f036f25","first_seen":"2025-08-19T07:40:33.359524Z","last_seen":"2025-08-19T07:40:33.359524Z","times_seen":1,"resource_available":true,"data":null}},"time_used":560,"timings":{"blocked":-1,"dns":19,"connect":105,"send":0,"wait":119,"receive":103,"ssl":214},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html\u0026l=1325\u0026fd=193","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html\u0026l=1325\u0026fd=193 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/43fb6dba152dc7d216fc2c00b1313dbb/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"offensivefountainrabbit.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 19:39:45 GMT","end":"Sun, 02 Nov 2025 19:39:44 GMT"},"fingerprint":{"sha1":"A7:93:39:18:F1:01:BB:4D:82:C0:BF:90:31:9E:64:25:36:F2:0C:E1","sha256":"A2:CD:CF:2A:E2:3E:21:B9:56:69:56:80:26:AE:D8:89:B0:DD:F4:FA:0B:A6:CB:42:B5:1A:6F:6B:D6:38:25:BB"}}},"request":{"raw":"GET /43fb6dba152dc7d216fc2c00b1313dbb/invoke.js HTTP/1.1\r\nHost: offensivefountainrabbit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:51 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 13043\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: offensivefountainrabbit.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b92fad3e71a0574a150a695433c7bbcc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":33023,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (33023), with no line terminators","md5":"775f18b0af8528210e0073cfb6ee8268","sha1":"e96883408650feaea0fc993471a1b849811a3d73","sha256":"23fbb9f099c60c295ea897589c2fd0606f887c6db2c437974f256fb29df494d3","sha512":"496fdc8118ae57926d4add040501b27bd652571b9ac38827089f965db95d10c5bb37eeb190464760fe8e44b1e402ebc6321602d18ff0a1032130d697969293f8","ssdeep":"384:lznDKyAp9nf1GPXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:5KygfcbULz3KQQmTO5qel+qL0PFcWg","tlshash":"89e208883f70b44d1776303b322f856efab5cd555488d88cd287ac952ab9b1ee437e09","first_seen":"2025-08-19T07:40:33.360905Z","last_seen":"2025-08-19T07:40:33.360905Z","times_seen":1,"resource_available":true,"data":null}},"time_used":772,"timings":{"blocked":310,"dns":46,"connect":101,"send":0,"wait":107,"receive":0,"ssl":206},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"offensivefountainrabbit.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 27 Sep 2021 07:43:24 GMT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lx7HIApRaRyVul3mJNvmOSyME8NyRZ5fdkaqZ5XOCuK0d6pEsjrWybElV%2BPKKWFY6jAF%2BCVtIO%2FqEmsKobNfUkolpbqFI6lWz7hYJ5%2F1DA%3D%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9717ffee8a77c992-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1325,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"f6990569c7ffeac1f4a3f6d9eee5da44","sha1":"e7d5e37acf89a8faee252c36fc2c9d6615501d76","sha256":"cc2a9756c81bd570fff8b32e48a413687c33f8abe9c934e743a0769178b4f690","sha512":"be3ebced9d65b29fef8caab46e95f54f1ca645ea5942331c84c964ec033fb7c78506d14eda131948b7f664f1635deaa8d82a63169f9214f72035b087ea104bda","ssdeep":"","tlshash":"a52105692df9c97311e750947b352f1bed92ea87c80a6e0173bc9d684f9ad84cd23407","first_seen":"2023-06-26T22:59:31Z","last_seen":"2026-04-10T09:34:35.817673Z","times_seen":2393,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/0c/b0/2b/0cb02bf94624ce758e3c4e359ed93f5d/1753377760.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /cti/0c/b0/2b/0cb02bf94624ce758e3c4e359ed93f5d/1753377760.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 31719\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 24 Jul 2025 17:22:41 GMT\r\netag: \"68826be1-7be7\"\r\nexpires: Thu, 21 Aug 2025 07:39:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31719,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:07:24 13:08:42], progressive, precision 8, 320x50, components 3","md5":"a1e685c93ede833a33276d87d07004b9","sha1":"729b2bdf9becf4d8c429f2ba1f475094e4ff796d","sha256":"b08e6a90e6a8ffdd3f748650b20d36e9262a8ed8a9ec0503ea90501313e80c38","sha512":"139b3234d3e7b0e14bab35c5a5c0db791a7fe24babf366c958c71371d66cff4080b136e3364f1fc1b3bea02fccb8a0385bcf70212880cceff02a2f6780d3e0b1","ssdeep":"384:YB8yiitB81nG7F/QB6QpvsC9rYNg7cCotGqPTNRg9Ys/8GfJQQKPsoDE067H+i1:dyil1gcpEkYywS0NRMYs3ebE0ni1","tlshash":"73e2ae276bb9ad23fdd0633092a1c7854352ed699b735109fc8c79427b76b868cc831e","first_seen":"2025-07-24T18:08:00.931592Z","last_seen":"2025-08-31T12:51:04.572688Z","times_seen":74,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/pixel/sbs?c=1","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:10:41 GMT","end":"Fri, 26 Sep 2025 22:10:40 GMT"},"fingerprint":{"sha1":"C7:75:50:5C:D3:7C:BF:A1:34:3E:61:33:FC:D6:81:21:2E:31:1D:92","sha256":"CB:A9:18:8B:DD:56:71:B4:C1:61:A7:9F:5C:50:7F:22:BB:83:72:BC:0F:B3:14:19:C4:E9:F9:59:6A:0F:95:EC"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[4323731]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/ac/74/45/ac744539d885732140d6b141d5a36226.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /ac/74/45/ac744539d885732140d6b141d5a36226.js HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 25599\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: 4b4e7ab587d59b22ad7bcd2439afc363_F-2677-5=0; expires=Tue, 19 Aug 2025 07:39:52 GMT; secure; SameSite=None\r\nx-envoy-upstream-service-time: 4\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2fa445082de3dd5aec9f8395153429a4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":72577,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5d4cab9ff8000376eb9f86b48a78e8c3","sha1":"10b1dc654c60de6ef03c7e40ccba7016ade11390","sha256":"173d3cb9b0eabe2a08767dc6c2580eb411341580140897b85acfd6e3fbafc7da","sha512":"ec967f9f59a26de228f3836d5e0e54aaed80465b1686930de87c5ae497814b6c07ee36da0223f94002a049bfe0062c3af47416df661c376749ea4d0f499b6bf2","ssdeep":"768:Y2bnaMmNjXqw648+QhS8u+Jcj/XcdNjNpmOdY08kUbTehzbcepwPf:Y2bnmU4x5O+jvcVdY0U3fX","tlshash":"9b63c7483f51b27802e6b8fa712fa61af0265c0195d8e4d8f503f4deae66719f036f25","first_seen":"2025-08-19T07:40:33.362803Z","last_seen":"2025-08-19T07:40:33.362803Z","times_seen":1,"resource_available":true,"data":null}},"time_used":832,"timings":{"blocked":311,"dns":1,"connect":103,"send":0,"wait":108,"receive":101,"ssl":204},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:11:38 GMT","end":"Mon, 29 Sep 2025 15:11:37 GMT"},"fingerprint":{"sha1":"F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3","sha256":"D8:C9:87:B5:89:5E:D4:F4:8D:FD:98:3C:31:39:42:67:D3:20:27:14:A9:AD:F2:AB:97:A4:48:0F:94:F0:FF:A2"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28254\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c9fa08dedec198070ab526e96e1ff07e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":55,"dns":0,"connect":0,"send":0,"wait":25,"receive":17,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html\u0026l=1325\u0026fd=193","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html\u0026l=1325\u0026fd=193 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; u_pl26637310=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/niquidoll/","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-19T07:39:50.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /niquidoll/ HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-pingback: https://packsitas.com/xmlrpc.php\r\nlink: \u003chttps://packsitas.com/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://packsitas.com/wp-json/wp/v2/posts/4290\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\", \u003chttps://packsitas.com/?p=4290\u003e; rel=shortlink\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-litespeed-cache: hit\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C6%2BxNbYWt9dzudyGqqFYchoNua0VVl7JzAxZOI9Gvrty%2BMMNbvD1UgOA6tvdlN5zXUrnncBgnR0Tcbk2liXIMZt74zW2Eogh34lTZhk%3D\"}]}\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9717ffd9cdc28bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Age Gate:3.7.1","description":"A plugin to check the age of a visitor for Wordpress.","website":"https://wordpress.org/plugins/age-gate","common_platform_enumeration":"","icon":"Age Gate.png","categories":["WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"WordPress:6.8.2","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]}],"data":{"size":162060,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8856), with CRLF, LF line terminators","md5":"f8d0cdc9b4aeeda7b35f1fc8cb1443d8","sha1":"ac6bdd6a78103a9bf345a027aba7b55b907811ef","sha256":"c69a5ab9fd8c9b921cdbe48f4a6295211b0ed703f81d2f33ddcb90d9bf583ec6","sha512":"136093ad3c37c0a1d25736637d778b4666820e5dabe3d58ce7a6286219fd64d5cd36a6edfd19ca04a1df5d55d627c7b2251aec85dc6c1e0dbb4676fc69efe04a","ssdeep":"3072:Ucd87Q9oK5aRzIGPeNEfrYQLOQ4fM/5+JDD44OqCf2ifqippxZfrXF3ft72297Ci:3OP5YeGDD44ofF5ppxZTXF3ft17CKgs5","tlshash":"64f35ef2a97508372ebb5394a02f374af1b9c527ca4d41a1f1acc4b85fd8de610a3748","first_seen":"2025-08-19T07:40:33.363797Z","last_seen":"2025-08-19T07:40:33.363797Z","times_seen":1,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":39,"dns":1,"connect":8,"send":0,"wait":110,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/39/cd/60/39cd60aea51a57d4d8f6ba7061da8ba4/1723680004.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/39/cd/60/39cd60aea51a57d4d8f6ba7061da8ba4/1723680004.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 21151\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 15 Aug 2024 00:00:05 GMT\r\netag: \"66bd4505-529f\"\r\nexpires: Thu, 21 Aug 2025 07:39:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21151,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3","md5":"b312b07679c37478b2be46280bd8966f","sha1":"c5d1b6d62319dec8d2127dbe5074b6aeec16de72","sha256":"7e8eb92872d20ea1ecd58aa4a8763a7e0a6399479429f831210f5ec41b44b445","sha512":"a2e03751df319f4ae3fa0a279a0640518681c7cadfb2fa46bf289896bbf9887726f5e2dee96eb3e0f69dcfdc18cacabb1c8031778c04812888211272b7c261e9","ssdeep":"384:9wsXzKGBFxfDkV52agZgpRdVYj+hn3PZyrsijBbl48HPzXnbAYgvbJiwQ3fh94os:CsjDvrEhES3PIxBBDnbAYcdQz6","tlshash":"c092d171973f956cfd398934f42c5e46b99ffb4c9203ca4e835ad8c922424047e7ca51","first_seen":"2024-08-21T10:19:04.164949Z","last_seen":"2025-09-22T09:24:17.520636Z","times_seen":377,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Findex.html\u0026l=1545\u0026fd=137","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.102Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Findex.html\u0026l=1545\u0026fd=137 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=7899179f180892f5e24f28902243b3a5\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:12:33 GMT","end":"Mon, 29 Sep 2025 15:12:32 GMT"},"fingerprint":{"sha1":"9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A","sha256":"FB:D4:A2:1D:0F:F1:FB:A8:D9:5E:88:03:1F:BB:94:D2:32:5C:CC:49:11:11:FC:04:7B:C6:43:40:CF:1E:A2:BA"}}},"request":{"raw":"GET /pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=7899179f180892f5e24f28902243b3a5\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0f5d359a1ae86f432984259dbe1169b2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":842,"timings":{"blocked":355,"dns":0,"connect":115,"send":0,"wait":127,"receive":0,"ssl":242},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=96SHREBB9rwY6LACe8NSlm6gmd%2F9wT75UbgdmHfTGGqI6ohXBqjslyxBmAj6vDxFUoiwyXYv%2FkjAAKmZSd2hR7%2FniOhuiqkDBgOtzi59dhg%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 885900\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-1499c\"\r\ncf-ray: 9717ffee3fc4588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84380,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T09:34:35.836032Z","times_seen":16148,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/ren.gif?sid=H4sIAAAAAAAC_1RTzYsc1Rd9NRP4LX4QPxCFgNALwc_pqa-u7jYLMcaRITGJSSQLF-FVvaqZl35Vr3wfXZNZBYOSlbQ7V1J9ujOjMYr-AaL2uJGAkHY1aGbjPyCIwaX0TEvrW7x7zzl14dxb930wtAckgKX7F96U21wIutpquo3nrvCCyUo3zl1ueG7TPdm4wosoPNnYml2q_7IXhE33-cYbadKTq77rua7neo01rtJMbq0equDl3a7X7LrN0G96rRBb6r9Y2yVo6oD1D8jj4Gz6yG_ZO-DJBEX-1elU94wsX3o9t4IaqdBnu28XvUJWBfJFmikHWbE7_xpSTwn5eAmy2J13ANkfzzpAzKdk6ckHiIvduU3E_dtHTmOBtEDM_o-qP0EqJuB0gkTeBGf3CZAwnDuPIt85J1VFrx-pdKZOybGHf4BXU3LswRMo8i9PCb7VuCSFNVwWGltZDb41Ad-YoLR7MNtL4NUeEvMeOPuJrD48iyIfn9dCgrP9Z2K_E8ctL1pxExathIwFK9R3vRWvE0ftzKdu1skOR8SzCahehtUOLHdgMwe2dJCz_UbodsLEo0GUdVnSdkMahiyN3W7Hd13aTdqwycz7AKYcIBEDJOr9nZJtml5_bJRNx7ZI9ND79IgK_ENyZ0YG_tC7a6-Wwo-ioB147tBDqW6gxwdQ9jvozRqaLUObKXHeuoE-q1GlBJUmqChBxQkqQ1D169tMaF_XO0xoG3vz6M9jUI-k2RjS29JspAUBVQMoVo95-a6-icQsj7YzzUZydtHY3Flb8aN2e6V11R3RmNXD8oA8Nvs7ziff_4Jeut-gSTsMW0GXdTqtduB7ocui2As91qJB5PsRNK_B9RKodrDNp-TMh7-i5FPy7IvXENM9aLGHhD8Kap8GrWrQzRrbxRclTXqaG6qbiczBZI3SHIO57gzFATlxuCDNvwKkyT0yP0hUjVLVuMZ_INgQt0YXZUXGF2WlydfnS8Nzvk1ny3PJUJM6d86k1yup2PppPfjs1WQmzNK7l1NtztKC8WJDk89PccZStSZVkpJv1vWVNL5g9eYpqwpbnr3w2tp6XqpUay6LCSi_f_w4Ej4l__vxz8Nn8dTBCXA1gbI1cvsvp-UN6HKBtSRQYoHj0kFl65Hy4wUpOIFIF5jGNXR679vf_yla5CNFZ9WU10N9CxvKATU3UeQ1-qpGX9SgYgBtl0emVPde-Tk4PIiFM4qFcsaxUOKjowFrvt9o-XEQdTpRmkUsC1jgB6zbctNuSLtR2A1bMHq6OX5h_e8AAAD__2mcsoX0BAAA","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTzYsc1Rd9NRP4LX4QPxCFgNALwc_pqa-u7jYLMcaRITGJSSQLF-FVvaqZl35Vr3wfXZNZBYOSlbQ7V1J9ujOjMYr-AaL2uJGAkHY1aGbjPyCIwaX0TEvrW7x7zzl14dxb930wtAckgKX7F96U21wIutpquo3nrvCCyUo3zl1ueG7TPdm4wosoPNnYml2q_7IXhE33-cYbadKTq77rua7neo01rtJMbq0equDl3a7X7LrN0G96rRBb6r9Y2yVo6oD1D8jj4Gz6yG_ZO-DJBEX-1elU94wsX3o9t4IaqdBnu28XvUJWBfJFmikHWbE7_xpSTwn5eAmy2J13ANkfzzpAzKdk6ckHiIvduU3E_dtHTmOBtEDM_o-qP0EqJuB0gkTeBGf3CZAwnDuPIt85J1VFrx-pdKZOybGHf4BXU3LswRMo8i9PCb7VuCSFNVwWGltZDb41Ad-YoLR7MNtL4NUeEvMeOPuJrD48iyIfn9dCgrP9Z2K_E8ctL1pxExathIwFK9R3vRWvE0ftzKdu1skOR8SzCahehtUOLHdgMwe2dJCz_UbodsLEo0GUdVnSdkMahiyN3W7Hd13aTdqwycz7AKYcIBEDJOr9nZJtml5_bJRNx7ZI9ND79IgK_ENyZ0YG_tC7a6-Wwo-ioB147tBDqW6gxwdQ9jvozRqaLUObKXHeuoE-q1GlBJUmqChBxQkqQ1D169tMaF_XO0xoG3vz6M9jUI-k2RjS29JspAUBVQMoVo95-a6-icQsj7YzzUZydtHY3Flb8aN2e6V11R3RmNXD8oA8Nvs7ziff_4Jeut-gSTsMW0GXdTqtduB7ocui2As91qJB5PsRNK_B9RKodrDNp-TMh7-i5FPy7IvXENM9aLGHhD8Kap8GrWrQzRrbxRclTXqaG6qbiczBZI3SHIO57gzFATlxuCDNvwKkyT0yP0hUjVLVuMZ_INgQt0YXZUXGF2WlydfnS8Nzvk1ny3PJUJM6d86k1yup2PppPfjs1WQmzNK7l1NtztKC8WJDk89PccZStSZVkpJv1vWVNL5g9eYpqwpbnr3w2tp6XqpUay6LCSi_f_w4Ej4l__vxz8Nn8dTBCXA1gbI1cvsvp-UN6HKBtSRQYoHj0kFl65Hy4wUpOIFIF5jGNXR679vf_yla5CNFZ9WU10N9CxvKATU3UeQ1-qpGX9SgYgBtl0emVPde-Tk4PIiFM4qFcsaxUOKjowFrvt9o-XEQdTpRmkUsC1jgB6zbctNuSLtR2A1bMHq6OX5h_e8AAAD__2mcsoX0BAAA HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 7\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: dc421013d5f50f45de68f9dd2164fbde\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/img/sale3.jpg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/img/sale3.jpg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 64642\r\nlast-modified: Fri, 19 Jan 2024 14:21:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa8566-fc82\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 867356\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wx8g03tYH9iH2OId7IU7oHXd0YGewm1BQ4VmTSnIzZ0N%2Bbgh7HmouZkptxR27OMS8ZQJOODUAgEqUuQ2nsjFvBWDHml5xvn%2FxVLWi7%2BbfnA%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9717ffedbf93588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64642,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=242, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=364], progressive, precision 8, 364x242, components 3","md5":"61f7b1fa1698507638df7882e2bdfcaf","sha1":"89134af9a734f4c30d0db01ea36c86895e46b7e3","sha256":"bc0a583f7e3c834e53d5263ecc90d279b27460ea2e9bce56b7ac6b129eb5849c","sha512":"359d9aab944bc2fe6dd5751a385cb4088b39539606e8f460f923ce597823dcfc0472f8ab9662a8808acaff4ed6fe6e5514e98418a9387e718061293b067708c5","ssdeep":"1536:7BNUdceBNUdcVApV4vIfhczULHmQ88PbzaRKg:VzczCLRLrb+RKg","tlshash":"1b53d016cb625c03edc8123a148cc286b2b3afc58b534387b99c7493bfb8a955c65793","first_seen":"2023-04-14T17:39:35Z","last_seen":"2026-04-09T09:03:23.851743Z","times_seen":575,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/sticksy.min.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/js/sticksy.min.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1756\r\ncache-control: public, max-age=31557600\r\nexpires: Sun, 16 Aug 2026 14:56:31 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:13 GMT\r\netag: \"165f-6899a691-847ba27bde134e0e;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 254599\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fkiXjEapflm9wNSh9u7KPuolVi9bSROD30xKsahKzFYJZnkpp2Mz5v4%2FuGmm6w37d2vSquGNCsHNo0atRDEqLtldlBLr%2F4U6MVbjaEY%3D\"}]}\r\ncf-ray: 9717ffdba8d58bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":5727,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5727), with no line terminators","md5":"c8f1751e0f2b662caaa1d91afaea1637","sha1":"96286ad38080c821e4aeffd26f3f688650403fbe","sha256":"1fab90f3bf3f8f2b7ac35a013612fab34d6201f5b1002ad6bd55c206366cac63","sha512":"972b33d5c5d6761703546a140f3e21b27fba96f016f9d50bb317fed5867e7983ed8d4eded5023e28a1097ce3a98aedf329ea991e105ef8eee8878f0d80337d5f","ssdeep":"96:Vh9vD08cLp94YEKZ5oSpwe8wf5eWyjyl1FxQQyXzZG/oO:JmCY9Z5H3f5eWyjyl1Fx/ysoO","tlshash":"f3c1750873a1342a458b95d6473fa90b7572546c9146847c3d6cc4f29cf1b8e27bbebc","first_seen":"2023-03-13T01:30:43Z","last_seen":"2026-04-09T19:51:58.139037Z","times_seen":618,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/2a7e536f7cb7956aa0a8fcb944318de8/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"offensivefountainrabbit.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 19:39:45 GMT","end":"Sun, 02 Nov 2025 19:39:44 GMT"},"fingerprint":{"sha1":"A7:93:39:18:F1:01:BB:4D:82:C0:BF:90:31:9E:64:25:36:F2:0C:E1","sha256":"A2:CD:CF:2A:E2:3E:21:B9:56:69:56:80:26:AE:D8:89:B0:DD:F4:FA:0B:A6:CB:42:B5:1A:6F:6B:D6:38:25:BB"}}},"request":{"raw":"GET /2a7e536f7cb7956aa0a8fcb944318de8/invoke.js HTTP/1.1\r\nHost: offensivefountainrabbit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:51 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 11155\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 8\r\nHost: offensivefountainrabbit.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: fcfa30112847a4326b470dca47f6364c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31134,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31132), with no line terminators","md5":"6c0dd36a2a10aa409cd29b9920c79382","sha1":"02c0d7bc161ad5340a4353398bb99199e96a8bd2","sha256":"026011082e52b4b68db75a53942b2572b3a8ecbd505f89898bcb2504d685b09d","sha512":"5ec88dc9e09dd40c67f7bd8d9e96ebed387850777d358f33c8c86f1d39b823f723c75670af65e2f532a167ff25065abfd152764f8312ae8173570cdceb9c1727","ssdeep":"768:5dqJfLHR9oVJde/57cznGq3/LrnJEOlhPmOdA:kLHRZabDHK","tlshash":"a6e2d7eb7f10b37d129b9473263f440ae3391c02f5c8c75dd976d6952e8c30a896a6e8","first_seen":"2025-08-19T07:40:33.367146Z","last_seen":"2025-08-19T07:40:33.367146Z","times_seen":1,"resource_available":true,"data":null}},"time_used":833,"timings":{"blocked":332,"dns":45,"connect":104,"send":0,"wait":118,"receive":1,"ssl":227},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"offensivefountainrabbit.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\nexpires: Tue, 19 Aug 2025 08:27:50 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JUwTnICrAC9WnfCMOymaKh6wFg7VeJdjYZq6LXxLoG1lUSG7czZdwYxjZU5i2Be%2BpQ0W3NWp%2BZKTZpwoOSOhmfV4CzOWMCfcYr23iA0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9717ffdba8ea8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-10T09:55:29.743535Z","times_seen":298332,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:18:37 GMT","end":"Mon, 29 Sep 2025 15:18:36 GMT"},"fingerprint":{"sha1":"1A:27:71:C0:8E:44:D4:6B:F5:AA:49:F0:F1:AF:E5:5F:30:23:A4:D4","sha256":"84:6C:2E:D6:ED:8A:2F:33:05:CC:E9:F2:24:E5:5C:E0:80:C2:04:2D:C3:21:06:64:E1:0D:14:81:A1:9A:00:1B"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6debc4805fbbaa8058d22082d31d4213\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":59,"dns":0,"connect":17,"send":0,"wait":18,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css\u0026l=3355\u0026fd=485","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.960Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css\u0026l=3355\u0026fd=485 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css\u0026l=3355\u0026fd=485","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css\u0026l=3355\u0026fd=485 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js\u0026l=962\u0026fd=507","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js\u0026l=962\u0026fd=507 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/08/niquidoll-onlyfans-2025-.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/niquidoll-onlyfans-2025-.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 294100\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 19 Aug 2026 13:39:51 GMT\r\nlast-modified: Sat, 02 Aug 2025 17:04:50 GMT\r\netag: \"47cd4-688e4532-c6e34f19226feb4e;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BB%2F%2BACRdOszSsI%2Bd0ybRspKxRtp3k3%2FoK5JFydM3LoyBuhMRC2xF5iWu%2BLziZdOaIRAtfDwnNW22MOFQsUj%2Fop6sAAh%2FBfo3hwu%2Fr6Q%3D\"}]}\r\ncf-ray: 9717ffdba8e48bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":294100,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"21381cc73d29849855a3d7e572be0e42","sha1":"396aa07539841e25bcd6bc197069ec0796f06934","sha256":"22f68115011666f421e4cd90e20a5a67b7b51a3bbb19a1718c50b55bc8547638","sha512":"e6dc318b416d8dd8d444c804092b00ff4849cfbe8e0847864d3b3850f1fdea2f7925c435761e299e390d25be0f727796c41edd601a370f370d7ac47234ebf33a","ssdeep":"6144:xBtdqkULxOxN3EZWjsjSFb3EGTOCK3ZYM65sJsy/zm5cWYnvBd5J:v7Uq6WjJFb3EGqCKJOWZnpdv","tlshash":"7b54235c6418d153c3147cf83439e59af9ab1e7c9781e66583b32e188ee82c19b58f6c","first_seen":"2025-08-19T07:40:33.368566Z","last_seen":"2025-08-19T07:40:33.368566Z","times_seen":1,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":66,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/sbar.json?key=6e642680db3ecb105b002b772d76b2a8\u0026abt=F-2677-5_1\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /sbar.json?key=6e642680db3ecb105b002b772d76b2a8\u0026abt=F-2677-5_1\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; u_pl26637310=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://packsitas.com\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; expires=Tue, 26 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nu_pl27181537=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nslec6e642680db3ecb105b002b772d76b2a8=[4323737]; expires=Tue, 19 Aug 2025 07:39:58 GMT; path=/; secure; SameSite=None\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2604421b60b308ccd4b845bdb16511f8\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6396,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"ac6e25ffae656a71fc9bbef27879e02e","sha1":"0a924194afe9c4c94ced189cc6a4bc4313a4a014","sha256":"f639d58cb210e2b632d05873b5a514e5fa69267901f0ffc298b86fed3597224a","sha512":"fde4e54df97e0dd3a1587aaf155f9cc0683f56d192ddf78afe8b4e2fbb66a39280680119a9881873a5fb9363ba8654a215c471c3203e19ce9bb794869c6078f9","ssdeep":"96:9z2sD8CzRIsNUsJJuBgo6H5N0WEIiq/8eCWGrpJaDe6yYsRzL6K:9zgYWsWsSBr6H5N1pij6Q7IyYYf6K","tlshash":"e6d16a7f010167854b5a9d0c434bce3c3b7a879f7dca8a9dc01f86fe185a2911a4d93c","first_seen":"2025-08-19T07:40:33.369542Z","last_seen":"2025-08-19T07:40:33.369542Z","times_seen":1,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":351,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/ren.gif?sid=H4sIAAAAAAAC_1RTzYscxRuu3s3t9wM_EA-CMIeAnzvbX9MzYw6SmKysiUlMIjl4CNVd3buVqe5q62N6s16CIZKTjHjxJD3PTHY1rqJ_gKCz3oKC42nR7MU_QQh4k9kdGH0P78fzVMHzvvXWR0N7SAJYenD5bbnNhaCrrabbePE6L5isdOPitYbnNt1Tjeu8iMJTja2ZU_3XvCBsui813kyTnlz1Xc91PddrrHGVZnJr9YgFL_e6XrPrNkO_6bVCbKn_1touQVMHrH9IngZn0yf-zN4DTyYo8m_PprpnZPnqudwKaqRCn-2-W_QKWRXIF2mmHGTF7vw0pJ4S8tkSZLE77wCyP551gJhPydKzjxAXu3OZiPv3j5XGAmmBmP0PVX-CVEzA6QSJvAPOfiVAwnDxEop856JUFb11zNIZOyUnHv8FXk3JiUfPoMi_OSP4VuOqFNZwWWhsZTX41gR8Y4LS7sNsL4FX-0jMh-DsF7L6-AKKfHxJCwnODk7GfieOW1604iYsWgkZC1ao73orXieO2plP3ayTHY2IZxNQvQyrHVjuwGYObOkgZweN0O2EiUeDKOuypO2GNAxZGrvdju-6tJu0YZOZ9gFMOUAiBkjU3Z2SbZpef2yUTce2SPTQ--IYCvwjcGcGBv7Q27M3SuFHUdAOPHfooVS30eMDKPsD9GYNzZagzZQ479xGn9WoUoJKE1SUoOIElSGo-vV9JrSv6x0mtI29efTnMahH0mwM6X1pNtKCgKoBFKvHvHxf30FilkfbmWYjOXM0Ng_WVvyo3V5p3fBGNGb1sDwkT81ex_n8x9_RSw8aNGmHYSvosk6n1Q58L3RZFHuhx1o0iHw_guY1uF4C1Q62-ZSc__gPlHxKXnjlJmK6Dy32kfAnQe3zoFUNullju_i6pElPc0N1M5E5mKxRmhMwt5yhOCTPHS3I6b8_RZo8fP234MiQqBqlqnGT_0SwIe6NrsiKjK_ISpPvLpWG53ybzpbnqqEmXX5wPr1VScXWz-rBl6eTGTFL966l2lygBePFhiZfneGMpWpNqiQl36_r62l82erNM1YVtrxw-Y219bxUqdZcFhNQPiXOBz8j4VPy_7fOHX2Mk-t3wdUEytbI7UMyNyTlbehyoV1LAiUWfFw6qGw9Un68AAUnEOmipnEN_a86XuQjRWe3Ka-H-h42lANq7qDIa_RVjb6oQcUA2i6PTKkWMmLhjGKhnHEslPjkeMSaHzRafhxEnU6UZhHLAhb4Aeu23LQb0m4UdsMWjJ5ujl9e_ycAAP__IqJkJ_YEAAA=","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:10:41 GMT","end":"Fri, 26 Sep 2025 22:10:40 GMT"},"fingerprint":{"sha1":"C7:75:50:5C:D3:7C:BF:A1:34:3E:61:33:FC:D6:81:21:2E:31:1D:92","sha256":"CB:A9:18:8B:DD:56:71:B4:C1:61:A7:9F:5C:50:7F:22:BB:83:72:BC:0F:B3:14:19:C4:E9:F9:59:6A:0F:95:EC"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTzYscxRuu3s3t9wM_EA-CMIeAnzvbX9MzYw6SmKysiUlMIjl4CNVd3buVqe5q62N6s16CIZKTjHjxJD3PTHY1rqJ_gKCz3oKC42nR7MU_QQh4k9kdGH0P78fzVMHzvvXWR0N7SAJYenD5bbnNhaCrrabbePE6L5isdOPitYbnNt1Tjeu8iMJTja2ZU_3XvCBsui813kyTnlz1Xc91PddrrHGVZnJr9YgFL_e6XrPrNkO_6bVCbKn_1touQVMHrH9IngZn0yf-zN4DTyYo8m_PprpnZPnqudwKaqRCn-2-W_QKWRXIF2mmHGTF7vw0pJ4S8tkSZLE77wCyP551gJhPydKzjxAXu3OZiPv3j5XGAmmBmP0PVX-CVEzA6QSJvAPOfiVAwnDxEop856JUFb11zNIZOyUnHv8FXk3JiUfPoMi_OSP4VuOqFNZwWWhsZTX41gR8Y4LS7sNsL4FX-0jMh-DsF7L6-AKKfHxJCwnODk7GfieOW1604iYsWgkZC1ao73orXieO2plP3ayTHY2IZxNQvQyrHVjuwGYObOkgZweN0O2EiUeDKOuypO2GNAxZGrvdju-6tJu0YZOZ9gFMOUAiBkjU3Z2SbZpef2yUTce2SPTQ--IYCvwjcGcGBv7Q27M3SuFHUdAOPHfooVS30eMDKPsD9GYNzZagzZQ479xGn9WoUoJKE1SUoOIElSGo-vV9JrSv6x0mtI29efTnMahH0mwM6X1pNtKCgKoBFKvHvHxf30FilkfbmWYjOXM0Ng_WVvyo3V5p3fBGNGb1sDwkT81ex_n8x9_RSw8aNGmHYSvosk6n1Q58L3RZFHuhx1o0iHw_guY1uF4C1Q62-ZSc__gPlHxKXnjlJmK6Dy32kfAnQe3zoFUNullju_i6pElPc0N1M5E5mKxRmhMwt5yhOCTPHS3I6b8_RZo8fP234MiQqBqlqnGT_0SwIe6NrsiKjK_ISpPvLpWG53ybzpbnqqEmXX5wPr1VScXWz-rBl6eTGTFL966l2lygBePFhiZfneGMpWpNqiQl36_r62l82erNM1YVtrxw-Y219bxUqdZcFhNQPiXOBz8j4VPy_7fOHX2Mk-t3wdUEytbI7UMyNyTlbehyoV1LAiUWfFw6qGw9Un68AAUnEOmipnEN_a86XuQjRWe3Ka-H-h42lANq7qDIa_RVjb6oQcUA2i6PTKkWMmLhjGKhnHEslPjkeMSaHzRafhxEnU6UZhHLAhb4Aeu23LQb0m4UdsMWjJ5ujl9e_ycAAP__IqJkJ_YEAAA= HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[4323731]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7d7f78bcf856b7754140b9d661abc93c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 591\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa84fe-24f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 714105\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5WRoUDCyS960KsUGSFwluTXvDrnhapVTrXOsrZggJY7KmLDbK7oT9VHAxx%2FtExw7wWId4UM3R16hFqDdEM2Af61zTB5xnZlHguQTuTAkaGc%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9717ffeeeff1588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced","md5":"9fd5bcb6103d86e317bd1eb019bcbe71","sha1":"6b5a52ea669dcb74946f2bed4bdd7ec985026113","sha256":"0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae","sha512":"e244a8842c009fa83e8d9d1088ec5b76ca2a42660568b7886e01724977b9ebd4e43690e0c651e25287c64dcc4826391b34cae6a106e2148139450dd05fc5a562","ssdeep":"","tlshash":"b0f0414e7c5903a1874caf3b18dd00119c27898077c82e0db689eed20e008e215471da","first_seen":"2023-04-11T11:09:41Z","last_seen":"2026-04-10T09:34:35.833505Z","times_seen":4732,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-d1b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AqZL9Sl0JkYFry3l%2BqAid5dXScIjl4EdQSIyPgFJV8whm7w9GIdWHNyWRNtAj%2FULN0TKR%2BGZR8nzuEM0YsUD4JBL2G9P%2F70bMuyVyzwm7xM%3D\"}]}\r\ncf-ray: 9717fff06826588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3355,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"039a6734d79ed9aa51cf81c52479c5fe","sha1":"9cf29c4ea1a3880681d50c7228374f8073b7778b","sha256":"a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1","sha512":"879f067d02f582c2ff8f9c0308cbb44b24964136c4d8074f1a1b200169b520bb49fdd2b290772dfbc3ca432fba2ce9d5b1a398eb14746613cc942dd7567fa1d9","ssdeep":"","tlshash":"3a61ba966b670a04b51ad0ab3f667b4723084007995fed757fc8620ccfc92a8d6d378e","first_seen":"2024-02-12T03:25:01Z","last_seen":"2026-04-10T09:34:35.833065Z","times_seen":2194,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/impr.gif?sid=H4sIAAAAAAAC_1RSzYscRRSv3s1NwQ_EgyDMIeDnzFZ_7HyYgyQmK2tiEpNIDh6kPrpnK9Pd1VZ1T0_Gy-Ki5CQjXjxJ729msxij6B8g6Ky3oOB4WjB78exJCHiT2R0YfYf33q9-VfB7v3qf7BZHxEfBDq--rYcqjtnaeoPWXrypUqlLW7t8o-bSBj1Tu6nSZnCmNpgn03_N9YMGfan2Zih6es2jLqUudWsbyoSRHqwds1DZ_Y7b6NBG4DXc9QAD839sCweWOZD9I_I0lJw98Wf0HpSYIk2-Ox_aXq6zVy8kRcxybdCX---mvVSXKZJlGxkHUbq_uA1tZ4R8sQKd7i8mgO5P5hOAqxlZefYheLq_kAne3ztRymOEKbh8DGV_ijCeQrEphN6Bkr8RQEhcvoI0uXtZm5LdPmHZnJ2RU4_-hipn5NTDZ5Am356L1aB2XcdFrnRqMYgqqMEUqjtFVhwgH65AlQcQ-UdQ8ley9ugS0mRyxcYaSh6e5l6b83W3WadCNuuBlH6dedStu23ebEUeo1E7OrZIRVMwu4rCOiiUgyJyUGQOEnlYC2g7EC7zm1FHihYNWBDIkNNO26OUdUQLhZhrHyHPRhDxCMJsIzPb6KkRTPEj7FYFK1dh8xlx3tlGX1YoQ4LSEpSMoFQEZU5Q9qs9GVvPVndlbAvuLqq3qH411nl3l-3pvBumBMyMYGQ1UdkHdgciXx0PIyvHep4Yz-9t1L1mq1Vff5-OGZfVbnZEnpqb7Hz501_ohYc11w9p1PJYm7Y4b9OOy33Xd4OoGbbawmMtWFVB2RUw62CoZuTip38gUzPywiu3wNkBbHwAoZ4EK54HKyuwrQrD9JuMiZ5VObMNoRNIXSHLTyG_7ezGR-S5438--8_nCMWD13_3jwPCVMhMhVvqZ4JufGd8TZdkck2Xlnx_JctVooZsvgPXc5aHq_cuhrdLbeTmeTv66qyYE_P2_o3Q5pdYKlXateTrc0rK0GxoI0Lyw6a9GfKrhd06V5i0yC5dfWNjM8lMaK3S6RRMzYjz4S8QakYef-vC8X6f3vwYykxhigpJ8YAsAiLbhs2W2q0mMPGS55mDsqjGxuPLw1gRxOESM17B_gfzZT82bP6aqWrX3kHXOGD5DtKkQt9U6McVWDyCLVbHeWaWMnjsjHlsnAmPTfzZicVWHdYiP_QEpe1W0_XbUej6gRTRejvoyCajvh8it7Otycub_wYAAP__nx-BUL0EAAA=","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 02 Jul 2025 00:39:20 GMT","end":"Tue, 30 Sep 2025 00:39:19 GMT"},"fingerprint":{"sha1":"2F:53:8D:73:5E:CE:FB:91:B4:FD:2B:4E:F3:E9:80:AA:62:1A:61:CD","sha256":"C1:D4:30:78:23:7C:54:B2:69:C9:DF:D9:A9:CB:93:CF:63:1B:C9:46:05:84:47:B1:70:77:4E:B8:85:DE:85:B8"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSzYscRRSv3s1NwQ_EgyDMIeDnzFZ_7HyYgyQmK2tiEpNIDh6kPrpnK9Pd1VZ1T0_Gy-Ki5CQjXjxJ729msxij6B8g6Ky3oOB4WjB78exJCHiT2R0YfYf33q9-VfB7v3qf7BZHxEfBDq--rYcqjtnaeoPWXrypUqlLW7t8o-bSBj1Tu6nSZnCmNpgn03_N9YMGfan2Zih6es2jLqUudWsbyoSRHqwds1DZ_Y7b6NBG4DXc9QAD839sCweWOZD9I_I0lJw98Wf0HpSYIk2-Ox_aXq6zVy8kRcxybdCX---mvVSXKZJlGxkHUbq_uA1tZ4R8sQKd7i8mgO5P5hOAqxlZefYheLq_kAne3ztRymOEKbh8DGV_ijCeQrEphN6Bkr8RQEhcvoI0uXtZm5LdPmHZnJ2RU4_-hipn5NTDZ5Am356L1aB2XcdFrnRqMYgqqMEUqjtFVhwgH65AlQcQ-UdQ8ley9ugS0mRyxcYaSh6e5l6b83W3WadCNuuBlH6dedStu23ebEUeo1E7OrZIRVMwu4rCOiiUgyJyUGQOEnlYC2g7EC7zm1FHihYNWBDIkNNO26OUdUQLhZhrHyHPRhDxCMJsIzPb6KkRTPEj7FYFK1dh8xlx3tlGX1YoQ4LSEpSMoFQEZU5Q9qs9GVvPVndlbAvuLqq3qH411nl3l-3pvBumBMyMYGQ1UdkHdgciXx0PIyvHep4Yz-9t1L1mq1Vff5-OGZfVbnZEnpqb7Hz501_ohYc11w9p1PJYm7Y4b9OOy33Xd4OoGbbawmMtWFVB2RUw62CoZuTip38gUzPywiu3wNkBbHwAoZ4EK54HKyuwrQrD9JuMiZ5VObMNoRNIXSHLTyG_7ezGR-S5438--8_nCMWD13_3jwPCVMhMhVvqZ4JufGd8TZdkck2Xlnx_JctVooZsvgPXc5aHq_cuhrdLbeTmeTv66qyYE_P2_o3Q5pdYKlXateTrc0rK0GxoI0Lyw6a9GfKrhd06V5i0yC5dfWNjM8lMaK3S6RRMzYjz4S8QakYef-vC8X6f3vwYykxhigpJ8YAsAiLbhs2W2q0mMPGS55mDsqjGxuPLw1gRxOESM17B_gfzZT82bP6aqWrX3kHXOGD5DtKkQt9U6McVWDyCLVbHeWaWMnjsjHlsnAmPTfzZicVWHdYiP_QEpe1W0_XbUej6gRTRejvoyCajvh8it7Otycub_wYAAP__nx-BUL0EAAA= HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[4323737]; u_pl27181549=1; slec13e0f72a807bb8091b31314f6e78c2a7=[4323731]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nSet-Cookie: iprc_l+673684ba81bfe086ff7291f77a7327e0=4323731; expires=Wed, 20 Aug 2025 07:39:54 GMT; path=/; secure; SameSite=None\niprc_l:4323731=1; expires=Wed, 20 Aug 2025 07:39:54 GMT; path=/; secure; SameSite=None\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 246c8dcded84b08010a6ebbe25458cd3\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 4678\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 06 Aug 2026 15:05:39 GMT\r\nlast-modified: Fri, 09 Jun 2023 03:49:24 GMT\r\netag: \"3509-6482a144-c43bf6998560803;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1118051\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U7rQCjmqS4CmFAdf%2BQ61H6RXDNs4HUzbWKzb9sIFJx%2FJHNFiF344CS%2BubWLoEyp43yUVJrdPW5cRcYZxED3mK%2Btr6HkWlgda6DjG%2Fdc%3D\"}]}\r\ncf-ray: 9717ffdb98c28bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-10T09:55:48.818925Z","times_seen":652098,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=6e642680db3ecb105b002b772d76b2a8\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:12:33 GMT","end":"Mon, 29 Sep 2025 15:12:32 GMT"},"fingerprint":{"sha1":"9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A","sha256":"FB:D4:A2:1D:0F:F1:FB:A8:D9:5E:88:03:1F:BB:94:D2:32:5C:CC:49:11:11:FC:04:7B:C6:43:40:CF:1E:A2:BA"}}},"request":{"raw":"GET /pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=6e642680db3ecb105b002b772d76b2a8\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: cd4ed997eb8c00452a9d213870aa2eec\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":935,"timings":{"blocked":394,"dns":0,"connect":131,"send":0,"wait":137,"receive":0,"ssl":269},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/39/64/c2/3964c29655a100a3d8cc29a5ebb94dfc.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /39/64/c2/3964c29655a100a3d8cc29a5ebb94dfc.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 25914\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: 4b4e7ab587d59b22ad7bcd2439afc363_F-2677-5=1; expires=Tue, 19 Aug 2025 07:39:52 GMT; secure; SameSite=None\r\nx-envoy-upstream-service-time: 3\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 37471bcf64eaa498ad3dc06f40e8cd83\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73453,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"16570ad1e0c4553d1392e34d1cd9a214","sha1":"2bc0960e10cdcbda6cad95b10b709c0049ddec89","sha256":"698bd1f7dfc9da1b5894e804fa4d467a1a66a4cae5560c1d492b3f19d48a6d83","sha512":"82e3dcd5554132cc37a9f1a956ab5e41df409514848cccfa3a280c7a3130bb772f59dcd481bbc8cb9919501a2c210e3db042bf22659797c73ad7055a25384019","ssdeep":"1536:gFMvR03G4SjfXSLWyJR8QxUmDhe9caAJwabHDg1I/:I3caW+yQO9caAiu","tlshash":"e473eb887f71b06f23a524b3223f5547f19a5c06545cf4b8f117f8596bac31af0baa28","first_seen":"2025-08-19T07:40:33.370923Z","last_seen":"2025-08-19T07:40:33.370923Z","times_seen":1,"resource_available":true,"data":null}},"time_used":927,"timings":{"blocked":351,"dns":27,"connect":108,"send":0,"wait":113,"receive":108,"ssl":218},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PTdkVrumAyrzO3YUPigAC3cyPLBSAVwNjPMoF9VHu47hRBDBIGSwwGlEEUWQ4XBgvd58ff2h7tDvnrUnvpOAmVHM8ZUs6w4YnghE1h3xp6A%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 885899\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-1499c\"\r\ncf-ray: 9717ffedaf91588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84380,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T09:34:35.836032Z","times_seen":16148,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/90a43dc0a7ac9c4f7c3ad622f2bfdf80/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"offensivefountainrabbit.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 19:39:45 GMT","end":"Sun, 02 Nov 2025 19:39:44 GMT"},"fingerprint":{"sha1":"A7:93:39:18:F1:01:BB:4D:82:C0:BF:90:31:9E:64:25:36:F2:0C:E1","sha256":"A2:CD:CF:2A:E2:3E:21:B9:56:69:56:80:26:AE:D8:89:B0:DD:F4:FA:0B:A6:CB:42:B5:1A:6F:6B:D6:38:25:BB"}}},"request":{"raw":"GET /90a43dc0a7ac9c4f7c3ad622f2bfdf80/invoke.js HTTP/1.1\r\nHost: offensivefountainrabbit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:51 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 13048\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: offensivefountainrabbit.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8672659d7d77ad974ba2b5a0f47687d2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33053,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (33053), with no line terminators","md5":"5a5d3564bbc3df9e9b12f357bccf5ea7","sha1":"9fbe488aab467ee25c3853d238bdd38eefa542db","sha256":"5eb60a01d7679103935578f1d9be0f3acad153c8fd887fa0fb44a03b8023dc8e","sha512":"44992a0411e0b108a98e5b4657908314e5975d13b88203701e1294f127b8470e8b1008da9077829a083ca18ec1a4ed4b86791971b505355c48943f49436ef05b","ssdeep":"384:lznDJ4p9df1PPXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:BJefHbULz3KQQmTO5qel+qL0PFcWg","tlshash":"dbe208883f70b44d1776303b322f856ef9b5cd555488d88cd287ac952ab9b1ee437e09","first_seen":"2025-08-19T07:40:33.371854Z","last_seen":"2025-08-19T07:40:33.371854Z","times_seen":1,"resource_available":true,"data":null}},"time_used":854,"timings":{"blocked":339,"dns":50,"connect":113,"send":0,"wait":120,"receive":0,"ssl":230},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"offensivefountainrabbit.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/age-gate/dist/all.js?ver=3.7.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/plugins/age-gate/dist/all.js?ver=3.7.1 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1247\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 23 Jul 2026 16:42:32 GMT\r\nlast-modified: Tue, 08 Jul 2025 23:44:38 GMT\r\netag: \"bcf-686dad66-14755db9dc0c1efa;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 2321838\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SEpAU1DZDzMXxH2tljm1Wv6BWWWUaXU9QHPLOdOYkeeDrGSnENOA5foBdjlDMtyYjkDesekynz%2FRY0A8OB%2B9GQYUkrhMkSPTX4RnbdY%3D\"}]}\r\ncf-ray: 9717ffdbb8ff8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3023,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2962)","md5":"aba2e182a6e18a260866682e92fbc931","sha1":"f966035d4b21cad17c051aa80fbdfd339f3b062f","sha256":"c930264229cb6d811028b73bc84570680b3f941ee56964c30a56a34f290c48e9","sha512":"c839d449d39435d959bd81ba48fdc362048a162f35927bb4a6c33b4afabf804f167bb9d1c05841d3af59dee5bfbc0a9d85ac67b63c84844797500b29c691858b","ssdeep":"","tlshash":"cd5175c57b86f4a803f6913fa12f570e7a7a8524181ed440e24ad9e47c30cbb4327d6e","first_seen":"2024-08-26T13:39:55Z","last_seen":"2026-04-10T09:31:50.172542Z","times_seen":1047,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=3964c29655a100a3d8cc29a5ebb94dfc\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:12:33 GMT","end":"Mon, 29 Sep 2025 15:12:32 GMT"},"fingerprint":{"sha1":"9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A","sha256":"FB:D4:A2:1D:0F:F1:FB:A8:D9:5E:88:03:1F:BB:94:D2:32:5C:CC:49:11:11:FC:04:7B:C6:43:40:CF:1E:A2:BA"}}},"request":{"raw":"GET /pxf.gif?uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=3964c29655a100a3d8cc29a5ebb94dfc\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9c8cbd12332396e78216c75840e39806\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":871,"timings":{"blocked":364,"dns":1,"connect":122,"send":0,"wait":132,"receive":0,"ssl":249},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.842381889882.js?dev=e\u0026key=1ee95c2f94aeca082917050c7a7cb7a9\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=5574c1629987f3071105ad33be12216bcd2318a45beac30c225a6ce54f64854c7d41dcb571fb7882214f6a675cad2c641163362dfb78f13c68f5e56b79bb605a2086052827b3877424715dc449e2153b098fcfb2bd1edfcb16e22f\u0026tz=0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /watch.842381889882.js?dev=e\u0026key=1ee95c2f94aeca082917050c7a7cb7a9\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=5574c1629987f3071105ad33be12216bcd2318a45beac30c225a6ce54f64854c7d41dcb571fb7882214f6a675cad2c641163362dfb78f13c68f5e56b79bb605a2086052827b3877424715dc449e2153b098fcfb2bd1edfcb16e22f\u0026tz=0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nReferer: https://packsitas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; expires=Tue, 26 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\npdhtkv23=true; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nuncs23=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\nu_pl26637295=1; expires=Wed, 20 Aug 2025 07:39:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 103\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c7b1993a8ec526f14ab84dc627e3f4cf\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4830,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3954)","md5":"235f0c9e12001f3d564456a63564ef24","sha1":"97aab9bbf78f562ddb61bb43e0cba7263eae21d7","sha256":"cd08f350e25029c4f3db1da03a7e07603961a2dd63f6a5467dd3ff0f6daf65d3","sha512":"3cb3375d473ced6b2e2e07d02151f16e9ce2e5413ea683acef29646908c78c9eb23f99348305faabbddd9950ce28e3f0175d1f4248aed223b995c15dc83ab284","ssdeep":"96:iozxsu9Nbg/O9/jTEn3jG/tEkY5d81/D4CfMEDaH:/ze4FTwjG/CkEdkb4CkCaH","tlshash":"2ba12b7a1dc2b17c38d7b07f11beaa283e21d2163504cd467d5cf25167252702abaeec","first_seen":"2025-08-19T07:40:33.376989Z","last_seen":"2025-08-19T07:40:33.376989Z","times_seen":1,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/1f/12/d2/1f12d2b1f773d780933bdff467c1212f/1753952093.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /cti/1f/12/d2/1f12d2b1f773d780933bdff467c1212f/1753952093.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 59361\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 31 Jul 2025 08:54:53 GMT\r\netag: \"688b2f5d-e7e1\"\r\nexpires: Thu, 21 Aug 2025 07:39:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59361,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:07:30 11:57:46], progressive, precision 8, 160x600, components 3","md5":"74e0b3ab97c64f95134053f8049109d4","sha1":"9b0715b22f91da2cb5ee815ae617bcd042dbf4c5","sha256":"f249b55eb618260ea57046967e4fa6afd4ca192d76ea37999cf3be5a3a7c4d13","sha512":"fe4a6c33e4aac5038bad611b65faa3e215e853c9403b453994e7a142faa58ada0daa2fe105382836bc46183c56f8dd0a745d9348e9b0c592620cfe03e39c0d9e","ssdeep":"1536:gytipEk0Q6a757qFfjNYB8D3UNT6WbBFd:gyW0QT50fxYB8D+P7d","tlshash":"2643e131abac1d12fdd632b4d9e4d2a18b57fab02b1713563c8c1805bb70ad1589f28b","first_seen":"2025-08-01T08:14:43.799616Z","last_seen":"2025-09-02T01:59:57.425282Z","times_seen":54,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/e7/1b/13/e71b13312082539e211f40b180b929f1/1680663431.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/e7/1b/13/e71b13312082539e211f40b180b929f1/1680663431.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 70608\r\nserver: nginx/1.21.6\r\nlast-modified: Wed, 05 Apr 2023 02:57:19 GMT\r\netag: \"642ce38f-113d0\"\r\nexpires: Thu, 21 Aug 2025 07:39:53 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70608,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"61b6bebe0cb42acfc8731bdca04aa71a","sha1":"d396876682997f10b3bf721df1204677e3b5b0be","sha256":"3bebac68fde7ea059ec5422cb3162c3765ff43c7263e9be6e6b324b73ad0e6f2","sha512":"6883904fb678ea57cbedbd3753c93f5e8f73a79b8abf79fefed3ca2ea0d3eb635c9843419cfda66a561addaed6c68d67151ed51270d31ed3e597e67215173e5a","ssdeep":"1536:xK57wBBmhOG4aC7NV3fwtbCj9Q4tsd8aB0oqaoPHmqrfTwHMX:xK1wBgNZaNV34Cj9Q4Sd5aosPd/wsX","tlshash":"0c63010ed38967b86ec02b9fb3097f408b2473acc719c0d768b059b7a346c1961b7d5a","first_seen":"2023-06-24T15:48:47Z","last_seen":"2026-04-09T21:33:03.47401Z","times_seen":846,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wJhVgRziuhW6VsjgNp%2B7RWWp73lz%2FwBZtV113ZQpmI3jKzWMtIWY9FHbeNSw65fodeYSOyQ4XE9u4PrweNaoiqly75Oa83OVKkbmKpTVdWY%3D\"}]}\r\ncf-ray: 9717fff06825588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-10T09:34:35.831084Z","times_seen":10596,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=190","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=190 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.313Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC","sha256":"A2:57:20:B6:AE:46:89:B9:39:C7:57:9B:1E:43:96:E3:5A:BC:7E:3F:1D:18:10:34:CC:53:3D:DB:78:4E:5C:21"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 19 Aug 2025 07:39:54 GMT\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"e9d2e14beb088f37fae98294940a9dcd","sha1":"1dafc3c55550249c8c2d782d5616c7b445c8e005","sha256":"f2e491cc46d3fcba81f729065d622bd722751d4a2e7f80b479aa64a92c17b5c7","sha512":"64025ea9b660d5e1d45a593a27345e152ba6b5ef95daceee5e43201319a555eb5457cfe1ecdcc725202063a22c5f406f3ba4607863d5b714c378f144bcdea5f7","ssdeep":"384:pjf5jgjPjrjyUj/qY4+j4jYjpjfMj1jWj6jyhj/qY4XjNjtj4jfdjkjDj3jyQj/E:p90DXOU/R08toBy+Oh/EBpcZwPLOQ/VK","tlshash":"e5722291041740009b835ce223cebf35fe1f92117152d0b5abfd9b6badcbc66526939d","first_seen":"2025-06-02T17:27:24.212334Z","last_seen":"2026-01-19T16:22:17.33804Z","times_seen":5482,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/04/luznithbolivar-onlyfans-gratis-1-1-768x432.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/luznithbolivar-onlyfans-gratis-1-1-768x432.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 31522\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 19 Aug 2026 01:44:37 GMT\r\nlast-modified: Wed, 30 Apr 2025 17:49:34 GMT\r\netag: \"7b22-681262ae-4a2eceafb80d0b4f;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 42914\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dj9Vmd%2BeYrwDg6gqHxfEDriDV%2BeLAeRBcw1g8LTjlQGky4RpmPRUYGJIFdGUOua4huVjMf2Ze9AWG9795ZSvZiRVgMnAPnOIrXvEL9c%3D\"}]}\r\ncf-ray: 9717ffe16e93f9e2-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":31522,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 768x432, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ba9601044e12979ed9ab21aefa3573c5","sha1":"faa6c751a23ce98af37fc60a8132950bcc109f38","sha256":"d60807b22b5e9aaa1d35514b1f648f671f8bb7558e723eeb3d7519ffda804737","sha512":"87892d4163b5be2e51f15775fd65daa02004ea7f0ad6bc9b18dff4d413b08f2bf9cfda9bff7ee6ca45f32a551a38718a53b2f5542dacb30926bacf76b0d6d267","ssdeep":"768:nnRJQT5TmjBxPZLSFzZfmNt8dOa+IhfncXif:nnRJQ0B5ob08o6fnWif","tlshash":"afe2e1e0a487cc80ef55b123e724964221b6352733d4482b097ec5f1ee8fb96577b2e2","first_seen":"2025-08-02T11:30:48.587659Z","last_seen":"2025-10-16T23:53:34.377335Z","times_seen":5,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sentry.developzilla.com/api/12/store/","fqdn":"sentry.developzilla.com","domain":"developzilla.com","tld":"com"},"ip":{"addr":"96.46.180.116","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"developzilla.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 07 Jul 2025 20:58:44 GMT","end":"Sun, 05 Oct 2025 20:58:43 GMT"},"fingerprint":{"sha1":"AE:CE:02:AD:6B:2C:68:87:F6:2D:3D:3E:59:10:E2:07:70:C8:3D:C4","sha256":"42:DA:7B:D8:6E:9E:FA:8B:AB:1F:DD:37:A9:07:5E:FD:94:98:AD:35:4F:7B:80:02:89:1F:C7:A2:DA:75:94:E8"}}},"request":{"raw":"OPTIONS /api/12/store/ HTTP/1.1\r\nHost: sentry.developzilla.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-sentry-auth\r\nReferer: https://packsitas.com/\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.25.5\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: x-sentry-auth,x-requested-with,x-forwarded-for,origin,referer,accept,content-type,authentication,authorization,content-encoding,transfer-encoding\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\nallow: POST,GET,HEAD\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload;\r\nx-content-type-options: nosniff\r\nx-robots-tag: none\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":19,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/impr.gif?sid=H4sIAAAAAAAC_1RTvW8cRRSfdSIKUgABUVBdgcRXfJ6Z_bolBcKEQJSQWElQCpDQm4-1J7e3u8zs3joWRUQESoVMg1LuvbvYfAQEDR0SOtNFQuKoLBE3_AcgpYzQ2ZYcXvHe-73fG-n3Zt58Pqr3iI817K68V2yYLIOlsEs7L18zuSoa17l4tcNol57uXDN5FJzurM-dHb7O_KBLX-m8o2W_WOKUUcoo65w1VqfF-tI-i6a8l7BuQrsB77IwwHX7f-xqDx14qIZ75CQaNXvq7_QDNHKK-eDHM9r1q6I89fagzqAqLA7V9vt5Py-aHAdHaWo9TPPtw24s3IyQOwtY5NuHE2AxnMwnQGFmZOH5Byjy7UOZKIZ3D5SKDHWOQp3AZjhFne2ggSnK4hYa9QdBlAovXsJ8sHWxsA3cOGBhzs7I8Yf_omlm5PiD5zAf_LCcmfXOlSKrK1PkDtfTFs36FM3qFMt6B6uNBTTNDsrqUzTqd7L08ALmg8kllxVo1O6LgveECFm0SKWKFgOl_EXglC2ynojilANNe-n-FZl0iuCOYe08rI2HdephXXo4ULudgPYCycCP0kTJmAYQBEoLmvQ4pZDIGGs5176JVbmJMttEaT_bqnPpfD5i9-qPyoxHkR_7jI7YVqnWqv5wUtlaT-Y9I_b1Qcnn-0Us7U3smy9nxDtxEm39K7q13Z8DCNIk0WEYAwefxqDjIAhiDswXIox4JH1IaMJo1ONcpZpGgvkxRFr20iihwGIWSRqriAZKJExQJgUVCYtVHMcSGBdAIyZCToFrneg40HGkQAhGWahCrXmYggyk4rGMQia07HFIYx3piKWRTpRKoeeHidA8iAOtAhYBD9EpD11FcKhabDTBxhFsgGBjCDYVwWbY3lWZ467dUpmrBTuM_DD67bioVkdwt6hWdU4Q7CZa1U5M-bG7hbI6Nt5InRoXcweiascgVDsq98gz813yvnKPsK93O4GfikgJYCFXMlacRankklLBfOYrIdCZFo1bQHAebpgZOf_FX1iaGXnptesoYAddtoPSPI1QdxCasc8pwhqGFDfy70uQfWcqcF1ZDFAVLZbVcaxueKNsj7ywv9Mf_rOCWt4nh4bStljaFq-b3wiuZrfHl4uGTC4XjSM_XSorMzAbMN_3KxVU-olvz-sbTWHVuTNu85s35ZyYp_eualddgFyZfNWR75aNUtqeLazU5Jdz7poWK7VbW65tXpcXVt46e25QWu2cKfIpgpmRJ_dOoTQz8uwny_t_ObjzCI2doq1bHNSPaS1voiuPsCsI2uwIi5JgU7djy8VRMTMEM32EQbToHsPiKB9bmJ8G047cbVy1HkJ1C_NBi0Pb4jBrEbJNdPWxcVXa-2_86e8biswbi8ySicjsnDe7ndTX80ftxRHze6lmfqBkGvaCREVAfV9j5WZrk1ff_S8AAP__dUBIOKQFAAA=","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTvW8cRRSfdSIKUgABUVBdgcRXfJ6Z_bolBcKEQJSQWElQCpDQm4-1J7e3u8zs3joWRUQESoVMg1LuvbvYfAQEDR0SOtNFQuKoLBE3_AcgpYzQ2ZYcXvHe-73fG-n3Zt58Pqr3iI817K68V2yYLIOlsEs7L18zuSoa17l4tcNol57uXDN5FJzurM-dHb7O_KBLX-m8o2W_WOKUUcoo65w1VqfF-tI-i6a8l7BuQrsB77IwwHX7f-xqDx14qIZ75CQaNXvq7_QDNHKK-eDHM9r1q6I89fagzqAqLA7V9vt5Py-aHAdHaWo9TPPtw24s3IyQOwtY5NuHE2AxnMwnQGFmZOH5Byjy7UOZKIZ3D5SKDHWOQp3AZjhFne2ggSnK4hYa9QdBlAovXsJ8sHWxsA3cOGBhzs7I8Yf_omlm5PiD5zAf_LCcmfXOlSKrK1PkDtfTFs36FM3qFMt6B6uNBTTNDsrqUzTqd7L08ALmg8kllxVo1O6LgveECFm0SKWKFgOl_EXglC2ynojilANNe-n-FZl0iuCOYe08rI2HdephXXo4ULudgPYCycCP0kTJmAYQBEoLmvQ4pZDIGGs5176JVbmJMttEaT_bqnPpfD5i9-qPyoxHkR_7jI7YVqnWqv5wUtlaT-Y9I_b1Qcnn-0Us7U3smy9nxDtxEm39K7q13Z8DCNIk0WEYAwefxqDjIAhiDswXIox4JH1IaMJo1ONcpZpGgvkxRFr20iihwGIWSRqriAZKJExQJgUVCYtVHMcSGBdAIyZCToFrneg40HGkQAhGWahCrXmYggyk4rGMQia07HFIYx3piKWRTpRKoeeHidA8iAOtAhYBD9EpD11FcKhabDTBxhFsgGBjCDYVwWbY3lWZ467dUpmrBTuM_DD67bioVkdwt6hWdU4Q7CZa1U5M-bG7hbI6Nt5InRoXcweiascgVDsq98gz813yvnKPsK93O4GfikgJYCFXMlacRankklLBfOYrIdCZFo1bQHAebpgZOf_FX1iaGXnptesoYAddtoPSPI1QdxCasc8pwhqGFDfy70uQfWcqcF1ZDFAVLZbVcaxueKNsj7ywv9Mf_rOCWt4nh4bStljaFq-b3wiuZrfHl4uGTC4XjSM_XSorMzAbMN_3KxVU-olvz-sbTWHVuTNu85s35ZyYp_eualddgFyZfNWR75aNUtqeLazU5Jdz7poWK7VbW65tXpcXVt46e25QWu2cKfIpgpmRJ_dOoTQz8uwny_t_ObjzCI2doq1bHNSPaS1voiuPsCsI2uwIi5JgU7djy8VRMTMEM32EQbToHsPiKB9bmJ8G047cbVy1HkJ1C_NBi0Pb4jBrEbJNdPWxcVXa-2_86e8biswbi8ySicjsnDe7ndTX80ftxRHze6lmfqBkGvaCREVAfV9j5WZrk1ff_S8AAP__dUBIOKQFAAA= HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv32=true; uncs32=1; u_pl26637310=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c83f4d309d414a3cf4a5cb9c5016da3f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/related-posts-thumbnails/assets/js/lazy-load.js?ver=4.3.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/plugins/related-posts-thumbnails/assets/js/lazy-load.js?ver=4.3.1 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 468\r\ncache-control: public, max-age=31557600\r\nexpires: Sun, 16 Aug 2026 14:56:31 GMT\r\nlast-modified: Wed, 06 Aug 2025 20:32:21 GMT\r\netag: \"5ca-6893bbd5-2a957eb17df2ba23;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 254599\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0ry%2FlQMuCG0rgy%2Bs0AtpwgUG7xwPfEdjwQtL6pF6iWyOIkhKRpxXf2Pyk9IQlFNBUQ%2FtV5%2Bwku4NB1b8hJupFn386ebmFGlMDBpyd6I%3D\"}]}\r\ncf-ray: 9717ffdb98ca8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":1482,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"6ac6d573d88d4c9f5e2707c876b986c7","sha1":"01f5d2cffe836c2ae50d1616f3bc7fc215aad447","sha256":"93bbd63f5a9277ff3ffeca2b9c5de102146ba4cce4b4f713971b9da7a505bfac","sha512":"f8f1ed80dfa7fe981ca8d213acaa935e96b62e76badda63c58ef229f38c0b637daaf3c02bd6acdb1fb226bfe36239b82ae076286cce52fe5c3cdf070f69e8c4b","ssdeep":"","tlshash":"5931e1c478e3a1bfa867292b63bf029d37e850870448cb127e5d42554fb4da932b1fe4","first_seen":"2025-08-16T23:50:24.312687Z","last_seen":"2026-04-10T05:24:59.922987Z","times_seen":241,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/age-gate/dist/age-gate.js?ver=3.7.1","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/plugins/age-gate/dist/age-gate.js?ver=3.7.1 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 28962\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 30 Jul 2026 10:12:38 GMT\r\nlast-modified: Tue, 08 Jul 2025 23:44:38 GMT\r\netag: \"13db5-686dad66-b975fb0adf875ae0;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1740432\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PXtRU91lx%2BvSnTXnKc2K7nqd4oR%2FToIY%2BTAor7KEvEhhIItYKzLOvlIhSEU79Z0IIEGxi8q5DU8rmVuAOavn7ljxIHCmPL2vz73fXjA%3D\"}]}\r\ncf-ray: 9717ffdbb9048bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":81333,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65470)","md5":"5c59b999bbc9a0a21bfda49b7e9a421b","sha1":"b8276550f0c140a8f114d3ccb6467cf7e97b310e","sha256":"ab1902984fdbcf3a3fa876b7df1b32e6140c784229bc2685a0094e2dfe845cff","sha512":"1ff8041726e8c12a15c3fd02402b751a5f9eb1740a1f3767d06b3d3d011a837c03880c40e3b0921b94eb4a849a423208e7b8df2408ff5d13711921f4b2fcac5f","ssdeep":"1536:gFDppw9hMfRboy6hGkRq+8t/45AWUxx4wBpp/bj9l:gFDpp+OfRbojdRq+8t/45A9xxxpp/bZl","tlshash":"aa8329d8b2a5f43a43a721e890bf280af27c5515b90c4864f355e4f524b8d4ea27bf7c","first_seen":"2025-02-27T08:12:09.272948Z","last_seen":"2026-04-09T19:06:57.745081Z","times_seen":745,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/impr.gif?sid=H4sIAAAAAAAC_1RTzYscxRuu3g38Dj-IH4hCQJiD4OfO9tf0zJiDGOPKkpjEJJKDh1Bd1b1bmZqutj6mN3sKBiUnGW-epOeZya7GKPoHiDrrRQJCxtOi2Yv_gCAGjzK7K6t1qPd9nqdfeN633_pg5PZIBEd3L7ypNoWUdLnV9BvPXREFV5VpnLvcCPymf7JxRRRJfLKxMb_04OUgipv-8403MtZTy6Ef-H7gB40VobNcbSzvqxDl3W7Q7PrNOGwGrRgb-r_YuAUY6oEP9sjjEHz2yG_5OxBsiqL_1enM9KwqX3q97yS1SmPAt98ueoWqCvSP0lx7yIvtw6-hzIyQjxegiu3DDqAGk3kHSMWMLDz5AGmxfWgT6eD2gdNUIiuQ8v-jGkyRySkEnYKpmxD8PgEYx7nzKPpb55Su6PUDlc7VGTn28A-IakaOPXgCRf_LU1JsNC4p6axQhcFGXkNsTCHWpijdDuzmAkS1A2bfg-A_keWHZ1H0J-eNVBB895k07KRpK0iWfMaTpZjzaImGfrAUdNKknYfUzzv5_ohEPgU1i3DGgxMeXO7BlR76fLcR-52YBTRK8i5nbT-mccyz1O92Qt-nXdaGY3PvQ9hyCCaHYPr9rZKv295gYrXLJq5gZhR8ekBF4T65NSejcBTcdVdLGSZJ1I4CfxSg1DfQE0No9x3Meg3DF2HsjHhv3cCA16gygsoQVJSgEgSVJagG9W0uTWjqLS6NS4PDGB7GqB4ruzait5VdywoCqofQvJ6I8l1zE8wujjdzw8dqftHU3llZCpN2e6l11R_TlNejco88Nv873iff_4JettugrB3HrajLO51WOwqD2OdJGsQBb9EoCcMERtQQZgHUeNgUM3Lmw19Rihl59sVrSOkOjNwBE4-CuqdBqxp0vcZm8UVJWc8IS02TqT64qlHaY7DXvZHcIyf2F6T5V4SM3SOHB0zXKHWNa-IHgjV5a3xRVWRyUVWGfH2-tKIvNul8eS5ZajPvzpnseqU0Xz1thp-9yubCPL17OTP2LC24KNYM-fyU4DzTK0qzjHyzaq5k6QVn1k85Xbjy7IXXVlb7pc6MEaqYgor7x4-DiRn5349_7j-Lp_ZOQOgptKvRd_9yWt6AKY-wUQRaHuG09FC5eqzD9IiUgkBmR5imNUx279vf_yk6yseazqupqEfmFta0B2pvoujXGOgaA1mDyiGMWxzbUt975edo_yCV3jiV2pukUsuPDgZsxG4jj7KQ-X6nnQRRJ8-CKOYsb3XiLk-oH0UZrJmtT15Y_TsAAP__lfQiW_QEAAA=","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTzYscxRuu3g38Dj-IH4hCQJiD4OfO9tf0zJiDGOPKkpjEJJKDh1Bd1b1bmZqutj6mN3sKBiUnGW-epOeZya7GKPoHiDrrRQJCxtOi2Yv_gCAGjzK7K6t1qPd9nqdfeN633_pg5PZIBEd3L7ypNoWUdLnV9BvPXREFV5VpnLvcCPymf7JxRRRJfLKxMb_04OUgipv-8403MtZTy6Ef-H7gB40VobNcbSzvqxDl3W7Q7PrNOGwGrRgb-r_YuAUY6oEP9sjjEHz2yG_5OxBsiqL_1enM9KwqX3q97yS1SmPAt98ueoWqCvSP0lx7yIvtw6-hzIyQjxegiu3DDqAGk3kHSMWMLDz5AGmxfWgT6eD2gdNUIiuQ8v-jGkyRySkEnYKpmxD8PgEYx7nzKPpb55Su6PUDlc7VGTn28A-IakaOPXgCRf_LU1JsNC4p6axQhcFGXkNsTCHWpijdDuzmAkS1A2bfg-A_keWHZ1H0J-eNVBB895k07KRpK0iWfMaTpZjzaImGfrAUdNKknYfUzzv5_ohEPgU1i3DGgxMeXO7BlR76fLcR-52YBTRK8i5nbT-mccyz1O92Qt-nXdaGY3PvQ9hyCCaHYPr9rZKv295gYrXLJq5gZhR8ekBF4T65NSejcBTcdVdLGSZJ1I4CfxSg1DfQE0No9x3Meg3DF2HsjHhv3cCA16gygsoQVJSgEgSVJagG9W0uTWjqLS6NS4PDGB7GqB4ruzait5VdywoCqofQvJ6I8l1zE8wujjdzw8dqftHU3llZCpN2e6l11R_TlNejco88Nv873iff_4JettugrB3HrajLO51WOwqD2OdJGsQBb9EoCcMERtQQZgHUeNgUM3Lmw19Rihl59sVrSOkOjNwBE4-CuqdBqxp0vcZm8UVJWc8IS02TqT64qlHaY7DXvZHcIyf2F6T5V4SM3SOHB0zXKHWNa-IHgjV5a3xRVWRyUVWGfH2-tKIvNul8eS5ZajPvzpnseqU0Xz1thp-9yubCPL17OTP2LC24KNYM-fyU4DzTK0qzjHyzaq5k6QVn1k85Xbjy7IXXVlb7pc6MEaqYgor7x4-DiRn5349_7j-Lp_ZOQOgptKvRd_9yWt6AKY-wUQRaHuG09FC5eqzD9IiUgkBmR5imNUx279vf_yk6yseazqupqEfmFta0B2pvoujXGOgaA1mDyiGMWxzbUt975edo_yCV3jiV2pukUsuPDgZsxG4jj7KQ-X6nnQRRJ8-CKOYsb3XiLk-oH0UZrJmtT15Y_TsAAP__lfQiW_QEAAA= HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+bd8c85ceda51526c29df1c6070b5ce73=3078195; expires=Wed, 20 Aug 2025 07:39:54 GMT; path=/; secure; SameSite=None\niprc_l:3078195=1; expires=Wed, 20 Aug 2025 07:39:54 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 5\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 698dd8cd6b527381280e0dcfdaf23128\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbs?c=1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv26=true; uncs26=1; u_pl26703069=1; pdhtkv23=true; uncs23=1; u_pl26637295=1; pdhtkv29=true; uncs29=1; u_pl27181530=1; slec3964c29655a100a3d8cc29a5ebb94dfc=[4323737]; u_pl27181894=1; slecf196f12eba49c74f7aab0889dfff3f05=[3078195]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/43fb6dba152dc7d216fc2c00b1313dbb/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"offensivefountainrabbit.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 19:39:45 GMT","end":"Sun, 02 Nov 2025 19:39:44 GMT"},"fingerprint":{"sha1":"A7:93:39:18:F1:01:BB:4D:82:C0:BF:90:31:9E:64:25:36:F2:0C:E1","sha256":"A2:CD:CF:2A:E2:3E:21:B9:56:69:56:80:26:AE:D8:89:B0:DD:F4:FA:0B:A6:CB:42:B5:1A:6F:6B:D6:38:25:BB"}}},"request":{"raw":"GET /43fb6dba152dc7d216fc2c00b1313dbb/invoke.js HTTP/1.1\r\nHost: offensivefountainrabbit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:51 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 13028\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: offensivefountainrabbit.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: af63ad881d49bbeb42f38ba545e5b365\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33029,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (33029), with no line terminators","md5":"0efa6f4184e2d6e72f8eb6efba0522f9","sha1":"e8cdaf86f78ff273b5458d542784c9eef33e6544","sha256":"c9fb4870ede1a9178ecec5ea304b02c1f6d32c434fafa6716094f1685f2540d6","sha512":"c1edf214c9e3c3bf1c5b81ef7d80837695af79036e05fbd4fc31fc38eef5c50ed7688d5d4d30316ca2f6d6df2ecd0381b1d649a0052cece02e1611d7fdc49007","ssdeep":"384:lrnDKyAp9nf1+PXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:BKygfUbULz3KQQmTO5qel+qL0PFcWg","tlshash":"70e208883f70b44d1776303b322f856efab5cd555488d88cd287ac952ab9b1ee437e09","first_seen":"2025-08-19T07:40:33.384963Z","last_seen":"2025-08-19T07:40:33.384963Z","times_seen":1,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"offensivefountainrabbit.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RTv28dxRaedaJXJMV7L--JItUtkPgVX8_uzv4iBcKEQJSQRElQCmjO_LIn3ruzzOzedSyKiEgoFTIVKdfnOrGAgKChQ0LXdJGQuFSWiBv-A5BSo-tYcjjFOd-33470ndE3n261-yTGFvauvmc3TFnCUjKkg5dvmkrazg8u3xiEdEjPDm6aKmVnB-vz5savhzEb0lcG7yixZpciGlIa0nBw3jil7frSgYqmflSEw4IOWTQME4br7p_ctwF6CFCO98kpNHL27z_0B2jEFKvRd-eUX2tsfebtUVtCYx2O5c771VpluwpHR1C7AHW1c_g3Wj8j5P4C2mrncAO04-35BsjNjCy88AR5tXNoE_n4wTOnvERVIZcnsRtPUZW7aGCKwt5FI38liELi5StYjR5etq6D289UmKszcvzpX2i6GTn-5P9Yjb5dLs364Lot28bYyuO67tGsT9GsTLFud7HZWEDT7aJoPkEjfyFLTy9hNdq-4kuLRu69GIeZYDJViyzi0SIrGFuEXCaLiRIii3WSppofXJHRUwS_gK0PsDUBtjrAtg5wJPcGjOZMhBCnupAiowwYk4rTIo8ohUJk2Iq5901s6k0U5SYKdwdrdwfXzOczEpw8ha79Cf3q3g8sFlTlkBZ5EidxqFNeZBAJkeSK5qAUCxUFliitONOKxsBBSRrmWZrrLFcZS_NCaCXiSEcFKwpJVSRZmIgMeJzkISie61BRCpGmVLBYxQnNWK55HPKwCMM0gpgnKhJCZ1kR5yqCCDTjknMJUQSgi4QlaURzymVBkyRVOkEvA_QNwbHssVMEO0-wA4KdIdg1BLtx_0CWPvL9Q1n6loeHMzqccT-xzcoWPLDNiqoIgttEJ_ttU3_k76Jojk02tJcTO2_Am34CXPZb9T757zwSwRfNE1xTe4OCAouloJCBKATTmYhBplGkI66lzil606PxCwg-wA0zIxc_-x1rMyMvvXYLOeyiL3dRmP8gtKcRukmYUoTVSUwpblTf1CDWvGnAD4UdobQ91s1xbG4HW-U-OX2QzQ__PIFKPCaHhcL1WLseb5mfCa6U9ybXbEe2r9nOk--v1I0ZmQ2Y5_Z6A43611cX1e3OOnnhnN_88k0xF-bw0Q3lm0tQSVOtePL1spFSufPWCUV-vOBvKn619avLrava-tLVt85fGNVOeW9sNUUwM3Ji_wwKMyP_-3j54E2y-yUaN0XX9jhqn_Na30FfH3FvCbryiPOaYNf2Exfxo4-lIViqIw68R_8c50d44mB-Gky_5e_higsQmrtYjXocux7HZY9QbqJvj02a2j1-47f4oJCXwYSXjmzz0s11szfQsYoEpXmWhnGuVRgzKXSSs0KmQONYYeNnq9uvvvt3AAAA__-RMEbibAUAAA==","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTv28dxRaedaJXJMV7L--JItUtkPgVX8_uzv4iBcKEQJSQRElQCmjO_LIn3ruzzOzedSyKiEgoFTIVKdfnOrGAgKChQ0LXdJGQuFSWiBv-A5BSo-tYcjjFOd-33470ndE3n261-yTGFvauvmc3TFnCUjKkg5dvmkrazg8u3xiEdEjPDm6aKmVnB-vz5savhzEb0lcG7yixZpciGlIa0nBw3jil7frSgYqmflSEw4IOWTQME4br7p_ctwF6CFCO98kpNHL27z_0B2jEFKvRd-eUX2tsfebtUVtCYx2O5c771VpluwpHR1C7AHW1c_g3Wj8j5P4C2mrncAO04-35BsjNjCy88AR5tXNoE_n4wTOnvERVIZcnsRtPUZW7aGCKwt5FI38liELi5StYjR5etq6D289UmKszcvzpX2i6GTn-5P9Yjb5dLs364Lot28bYyuO67tGsT9GsTLFud7HZWEDT7aJoPkEjfyFLTy9hNdq-4kuLRu69GIeZYDJViyzi0SIrGFuEXCaLiRIii3WSppofXJHRUwS_gK0PsDUBtjrAtg5wJPcGjOZMhBCnupAiowwYk4rTIo8ohUJk2Iq5901s6k0U5SYKdwdrdwfXzOczEpw8ha79Cf3q3g8sFlTlkBZ5EidxqFNeZBAJkeSK5qAUCxUFliitONOKxsBBSRrmWZrrLFcZS_NCaCXiSEcFKwpJVSRZmIgMeJzkISie61BRCpGmVLBYxQnNWK55HPKwCMM0gpgnKhJCZ1kR5yqCCDTjknMJUQSgi4QlaURzymVBkyRVOkEvA_QNwbHssVMEO0-wA4KdIdg1BLtx_0CWPvL9Q1n6loeHMzqccT-xzcoWPLDNiqoIgttEJ_ttU3_k76Jojk02tJcTO2_Am34CXPZb9T757zwSwRfNE1xTe4OCAouloJCBKATTmYhBplGkI66lzil606PxCwg-wA0zIxc_-x1rMyMvvXYLOeyiL3dRmP8gtKcRukmYUoTVSUwpblTf1CDWvGnAD4UdobQ91s1xbG4HW-U-OX2QzQ__PIFKPCaHhcL1WLseb5mfCa6U9ybXbEe2r9nOk--v1I0ZmQ2Y5_Z6A43611cX1e3OOnnhnN_88k0xF-bw0Q3lm0tQSVOtePL1spFSufPWCUV-vOBvKn619avLrava-tLVt85fGNVOeW9sNUUwM3Ji_wwKMyP_-3j54E2y-yUaN0XX9jhqn_Na30FfH3FvCbryiPOaYNf2Exfxo4-lIViqIw68R_8c50d44mB-Gky_5e_higsQmrtYjXocux7HZY9QbqJvj02a2j1-47f4oJCXwYSXjmzz0s11szfQsYoEpXmWhnGuVRgzKXSSs0KmQONYYeNnq9uvvvt3AAAA__-RMEbibAUAAA== HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=1; pdhtkv26=true; uncs26=1; u_pl26703069=1; pdhtkv23=true; uncs23=1; u_pl26637295=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 7\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 96f70d22814136200dd71f2f3f906b3d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 27 Sep 2021 07:43:24 GMT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yPJokxQgk8wzzypyCubIUTtvDxKJ94wrEn3gG%2BoQh4F4cG4vIdN%2FO3LOgANs9M11M080hCxOvlJB8x3z2DZGg63hqKg1lxp57Kl6TE%2B5oA%3D%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9717ffec2a28c992-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1325,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"f6990569c7ffeac1f4a3f6d9eee5da44","sha1":"e7d5e37acf89a8faee252c36fc2c9d6615501d76","sha256":"cc2a9756c81bd570fff8b32e48a413687c33f8abe9c934e743a0769178b4f690","sha512":"be3ebced9d65b29fef8caab46e95f54f1ca645ea5942331c84c964ec033fb7c78506d14eda131948b7f664f1635deaa8d82a63169f9214f72035b087ea104bda","ssdeep":"","tlshash":"a52105692df9c97311e750947b352f1bed92ea87c80a6e0173bc9d684f9ad84cd23407","first_seen":"2023-06-26T22:59:31Z","last_seen":"2026-04-10T09:34:35.817673Z","times_seen":2393,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NAnYV40h%2BBiv%2Bgc%2FGy8zcH%2F8QZQRoarmuI5r%2BFAEhWzCE9r2SSjF0B52a2IIjfp2V%2B8jNOP5OsxdU2UyviufT5YYsK3GQIeWgx6VkxiwzNs%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-3c2\"\r\ncf-ray: 9717ffef7809588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":962,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"0013fbb3bd9e7300fa1bc9f62501dcf0","sha1":"447e4a8994979e2e158b9beff79b94e7d1b29508","sha256":"4cf18df81115ddab6967dc82096077ee024223dac3c6ffc9b810bffb7780a20e","sha512":"288a5e82fdbfdadf11f5a15ed40b54b67dd43fd83f0666abf85ebc0f14ef3b6e5e9104c3491fdb85b40e5556b252d933ee8cbe6e381e96e01170e76c60003dc6","ssdeep":"","tlshash":"e7117d37156882f06257f027a15729d6ee32029ee81a5707721c06cd0ec47b913fa6e7","first_seen":"2023-06-25T06:36:24Z","last_seen":"2026-04-10T09:34:35.813821Z","times_seen":2295,"resource_available":false,"data":null}},"time_used":429,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":429,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":106,"dns":1,"connect":20,"send":0,"wait":21,"receive":27,"ssl":83},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/b3/8b/54/b38b544016f6c2b5a803fc2b46617418/1753954124.gif","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /cti/b3/8b/54/b38b544016f6c2b5a803fc2b46617418/1753954124.gif HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:52 GMT\r\ncontent-type: image/gif\r\ncontent-length: 19653\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 31 Jul 2025 09:28:45 GMT\r\netag: \"688b374d-4cc5\"\r\nexpires: Thu, 21 Aug 2025 07:39:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19653,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 320 x 50","md5":"81cc5fd6ac28cc00e894295f13144992","sha1":"f63acf49d3e0fcdc3474c0e3a4577775924dc50d","sha256":"bee07f5ba4024123543b4682da48a0f429a3f62cd9c991f55812b84530ec7656","sha512":"bd8694ac6fa9108b9d701c73bce68f808b10915063df175827e708e689689615a044e777890447bb18814fe588fff4c9464fa94cf2c186856b71dae27ddaac8e","ssdeep":"384:2FQbDfPeJgLHo78UtooPja1CYM4SI0md7f7+6hbq6ikztwGoHhtXgda30n:2FQbDf2uL4t5jhYM4SIfdPTbwctXoXYX","tlshash":"cd92bfafe19c5e8de25a2be47f1a5b1315b115c0caf4ffb910b2af2649611ef41085c3","first_seen":"2025-07-31T16:14:14.111984Z","last_seen":"2025-09-02T19:18:23.897785Z","times_seen":71,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:21:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa8566-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Vwo%2BZpKW3OGqDilT5pueBbh9UtFdkCc1HJttuoYkkSB%2FD1KB5gymF1wVPYhPmmRUcdSECg874pLKFr5uKxqyzrzZH7krbTGO9fdRwQLUrps%3D\"}]}\r\ncf-ray: 9717ffec0d5e9780-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-10T09:34:35.831084Z","times_seen":10596,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/05/immirandaa-onlyfans-pack-768x432.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/05/immirandaa-onlyfans-pack-768x432.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 51548\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 19 Aug 2026 01:44:37 GMT\r\nlast-modified: Mon, 19 May 2025 19:19:17 GMT\r\netag: \"c95c-682b8435-27b8322d25ad86db;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 42914\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hXHsI1qNBdpIz5dfkDEjaHUGQP%2FZl2rSf5J84CHYNg4Pn3e%2FzVeCy9UCBd5IE0D50DjkMfxKZj%2BPBFPmSuyEMYxlhXjHuWpvBCJSg2Y%3D\"}]}\r\ncf-ray: 9717ffe16e91f9e2-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":51548,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 768x432, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fd3b104902abba3b27a6b68db3ea32ba","sha1":"d65ecdf3d90dc7ed31a120d5adbb54cc2b863b31","sha256":"0123a9dbdbf45b94e50ac040c179024ee63865659d2e7069aa944194a31ec8ae","sha512":"c5abecc4ad798dc3e822241eaacfe5a66e305cfc3bb33efa19bb499cc383c09f1e347fd3c63d829dadad8493ef4991da435cf135384c7a86e80db64948c344b2","ssdeep":"1536:SRTEYSpX6xy+rGETo4ZG/oXATiV+zksBCMNA42jh:MEYShcy+rlToAXMjBCkAt","tlshash":"c33302bb9868df4e1a7b1479647207b0ce0a8899cc2e7a981742f37c417c576f6eb058","first_seen":"2025-08-02T11:30:48.422169Z","last_seen":"2025-12-29T00:27:52.085951Z","times_seen":7,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/0a/67/08/0a67081e2c5d3f72c11a28fc03c4c471/1723680010.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/0a/67/08/0a67081e2c5d3f72c11a28fc03c4c471/1723680010.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 25396\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 15 Aug 2024 00:00:12 GMT\r\netag: \"66bd450c-6334\"\r\nexpires: Thu, 21 Aug 2025 07:39:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25396,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3","md5":"cb663b173ae83d945499f983bb3820dc","sha1":"b3bcb164ed70b4993016361e3b3eff95c677d053","sha256":"eb831e37802a503e1b79704ab2dd8bf5cf480583cb2fd1ad973b865102358926","sha512":"2c22afc52c82f27ad5d56cb883003affe981e608481e2cccbd364d8554833517e143d1d1021497e4dbb3db3a0ffdb9b2c597c764fe206e6687a2b27f25ef1a8a","ssdeep":"768:CVpz6Yqb5nt56YY//kEwMeNSvP5dpKVXUZ:Spz65t51K/Lw3khdIFUZ","tlshash":"e0b2e127c0fa06f0e38d7ef9d0201988964319f57a47ced7f3a4f8a58e224969c96958","first_seen":"2024-12-20T22:45:31.367911Z","last_seen":"2025-09-22T09:24:17.738587Z","times_seen":351,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/e3/fe/5d/e3fe5d9c947fc63c4f611ff952cc0c27/1723680007.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/e3/fe/5d/e3fe5d9c947fc63c4f611ff952cc0c27/1723680007.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 148047\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 15 Aug 2024 00:00:09 GMT\r\netag: \"66bd4509-2424f\"\r\nexpires: Thu, 21 Aug 2025 07:39:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":148047,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced","md5":"9e78e667e70a61f520b72b037ab6c574","sha1":"be19430b97835edc1778bfdf4856342eb75837b2","sha256":"ff12f12c7e8bab231a396118ec50a7aad9d176d0b776929554af094f5a4d1546","sha512":"2a22b06b1a9f1ce04c452a92bddcba5553d528152133e3ab7cd4d00cf52173545022080ce598bda86413ad2162af254e7a659dd54359761f1220c3b5550b27b6","ssdeep":"3072:OM0DJlnyu84z0G5Amgn+W0dZoz8lrEQneF8yE1DYwM+eA+GXPwPo3N1SgCXYPHmE:gDjyu8eAtyZqQQ4JvXPMKggXPm81","tlshash":"e0e312b62a730775a40a92ed96a6c03b019f1fe10860541fc7409e572dfef8b516efb2","first_seen":"2024-08-21T10:19:04.46524Z","last_seen":"2025-09-22T08:44:52.84854Z","times_seen":286,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/img/sale3.jpg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/img/sale3.jpg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 64642\r\nlast-modified: Fri, 19 Jan 2024 14:21:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa8566-fc82\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 867356\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fLIvcmtFLGkZDg5QvfpVPQAb0h412QG0EJccHCuSWKX%2Fe89EHvHhjfC6Vg1u5Fw5xdj3SvavqyNVmWALoDrf8w7RG7HFuqCN7lszNzkRHwE%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9717fff06829588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64642,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=242, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=364], progressive, precision 8, 364x242, components 3","md5":"61f7b1fa1698507638df7882e2bdfcaf","sha1":"89134af9a734f4c30d0db01ea36c86895e46b7e3","sha256":"bc0a583f7e3c834e53d5263ecc90d279b27460ea2e9bce56b7ac6b129eb5849c","sha512":"359d9aab944bc2fe6dd5751a385cb4088b39539606e8f460f923ce597823dcfc0472f8ab9662a8808acaff4ed6fe6e5514e98418a9387e718061293b067708c5","ssdeep":"1536:7BNUdceBNUdcVApV4vIfhczULHmQ88PbzaRKg:VzczCLRLrb+RKg","tlshash":"1b53d016cb625c03edc8123a148cc286b2b3afc58b534387b99c7493bfb8a955c65793","first_seen":"2023-04-14T17:39:35Z","last_seen":"2026-04-09T09:03:23.851743Z","times_seen":575,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/css/jquery.smartmenus.bootstrap.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/css/jquery.smartmenus.bootstrap.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 1391\r\ncache-control: public, max-age=31557600\r\nexpires: Sun, 02 Aug 2026 13:25:54 GMT\r\nlast-modified: Mon, 28 Jul 2025 08:15:19 GMT\r\netag: \"15c0-68873197-ce677c00e2f17264;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1469636\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7gVKtS%2B9ZTQzGUaIyTpjUeMI96A5c0p99DzLj4c5%2FgqK4jWCXXtMKrAJsoRprngqtH5TrA56h8RJ%2BDG9uz1klAy%2FE9N83zUWfIXOgF0%3D\"}]}\r\ncf-ray: 9717ffdb98998bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5568,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"efde01f2fc13addf2e0ebabda8471d2d","sha1":"d613ec953bb254973abc3eb06d734281af9810d7","sha256":"24779011fd21ab61fb8898a46a1a7a5e40f5f0ce3d0f2c205cd1fe1358ac7a5d","sha512":"bbf6cfaa8ed0409faf5a09bdf34548ea09aa78885d005fead35d595254de429af868e9b59c0f82231142a2f635f2d41c1e0b1295ed5e62ac5edfd064030bd7b2","ssdeep":"96:AwGni8vqBqeUPTNDO8GJB8BAw81GZqKiduOvOFkM3AgD1vyjFuqBsG:IipBqlpwJ6BvGWqKiduJ2M3AgZ2","tlshash":"e2b185bc75a0300003b46b78a7f59b54fe8f9176ae0e885bfd73228987455883a75e74","first_seen":"2023-04-09T10:25:11Z","last_seen":"2026-04-09T19:51:58.15443Z","times_seen":471,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"18.198.116.222","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://packsitas.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; expires=Fri, 17 Aug 2035 07:39:51 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"6d781b8612e6fbb97fa6c980fe79f50f","sha1":"7d3b2265c301f7fe6627032daac64944a5e9e434","sha256":"5311a84d23bebc01af75a9ad117caf258c65166b3ff9bcb7bcaa409d66c38c9f","sha512":"9d0d10a1d3bf6a8ca4e16c4877ac7bb9e0e9582915590cdd278603b0d1f4f54d9bc1ce63d834bb9d478ae13051fdb3126fd688cbc4800cfbcb78fd0b39497487","ssdeep":"","tlshash":"239004047443ccf47fd00001cf1011c4304054775c15043c5c77517f0713c5d450105f","first_seen":"2025-08-19T07:40:33.390062Z","last_seen":"2025-08-19T07:40:33.390062Z","times_seen":1,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":84,"dns":8,"connect":22,"send":0,"wait":21,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogza/css/colors/dark.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogza/css/colors/dark.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 153\r\ncache-control: public, max-age=31557600\r\nexpires: Fri, 31 Jul 2026 22:52:38 GMT\r\nlast-modified: Mon, 28 Apr 2025 20:53:02 GMT\r\netag: \"164-680feaae-e4a0d0a7c6d329e6;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1608432\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=furYvVaT5vJry44bLS%2FxbANfDH4PVXf2AG2CiHmQEPREHmN64CUdPW%2FaudOLiZPFzhQmAejVZGX6%2Fu3mCaJSwR3JpkPsxIkDiLh544k%3D\"}]}\r\ncf-ray: 9717ffdb98b78bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":356,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"6740c02453f48d35480a7f9d8a768aa7","sha1":"c4dcba219816f749e6ef5de63d3ef9f95f5629dd","sha256":"aced0a50c03c3b3e49636dc15240b6537be441d32d7a588b4073f1fb53292b58","sha512":"232f837eb1d2850fcf327a37cafa1d136c17a7ef0f55f8c5134d011a86a9eeed6a71524351cdcfa98fb30c7926340647f98ddd7b6aecf821d364263ee727f774","ssdeep":"","tlshash":"d4e08615d348585e213707ff7b2ce6511b7830d0c06157697ee85162a0cd7547dbddc1","first_seen":"2024-10-23T09:42:29.408358Z","last_seen":"2026-03-27T09:48:25.400657Z","times_seen":24,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sentry.developzilla.com/api/12/store/","fqdn":"sentry.developzilla.com","domain":"developzilla.com","tld":"com"},"ip":{"addr":"96.46.180.116","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"developzilla.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 07 Jul 2025 20:58:44 GMT","end":"Sun, 05 Oct 2025 20:58:43 GMT"},"fingerprint":{"sha1":"AE:CE:02:AD:6B:2C:68:87:F6:2D:3D:3E:59:10:E2:07:70:C8:3D:C4","sha256":"42:DA:7B:D8:6E:9E:FA:8B:AB:1F:DD:37:A9:07:5E:FD:94:98:AD:35:4F:7B:80:02:89:1F:C7:A2:DA:75:94:E8"}}},"request":{"raw":"OPTIONS /api/12/store/ HTTP/1.1\r\nHost: sentry.developzilla.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-sentry-auth\r\nReferer: https://packsitas.com/\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.25.5\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: x-sentry-auth,x-requested-with,x-forwarded-for,origin,referer,accept,content-type,authentication,authorization,content-encoding,transfer-encoding\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\nallow: POST,GET,HEAD\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload;\r\nx-content-type-options: nosniff\r\nx-robots-tag: none\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 27 Sep 2021 07:43:24 GMT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dvjhSoBLvgTVmc5tuEoY9cY0rGHBeO1c5bhs9POWV%2B7pOXzq1PjvHAcE1R%2F5JJVGZkMBI8bJaDy8e17r03ZLNtbw4JDUhRnfjmuOomUtmA%3D%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9717ffed1a42c992-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1325,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"f6990569c7ffeac1f4a3f6d9eee5da44","sha1":"e7d5e37acf89a8faee252c36fc2c9d6615501d76","sha256":"cc2a9756c81bd570fff8b32e48a413687c33f8abe9c934e743a0769178b4f690","sha512":"be3ebced9d65b29fef8caab46e95f54f1ca645ea5942331c84c964ec033fb7c78506d14eda131948b7f664f1635deaa8d82a63169f9214f72035b087ea104bda","ssdeep":"","tlshash":"a52105692df9c97311e750947b352f1bed92ea87c80a6e0173bc9d684f9ad84cd23407","first_seen":"2023-06-26T22:59:31Z","last_seen":"2026-04-10T09:34:35.817673Z","times_seen":2393,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RTTYscRRiu3s1NwQ_EgyDMIeDnzvbX9MyYgyQmK2tiEpJIDh5CdVX3bmW6u9r6mN6sl2BQAoKMN71IzzOTXY2r6A8QdNZbUHA8rZi9-BOEgDeZ3YHR9_B-PE8VPO9bb300tIckgKUHl9-W2yLL6Gqr6TZevC4KLivduHit4blN91Tjuiii8FRja-ZU_zUvCJvuS403E9aTq77rua7neo01oZJUbq0esRDlXtdrdt1m6De9Vogt9f9a2yVo6oD3D8nTEHz6xF_puxBsgiL_7myie0aWr57LbUaNVOjz3XeKXiGrAvkiTZWDtNidn4bUU0I-W4IsducdQPbHsw4QiylZevYh4mJ3LhNx_96x0jhDUiDmj6HqT5BkEwg6AZN3IPhvBGAcFy-hyHcuSlXRW8csnbFTcuLR3xDVlJx4-AyK_NszmdhqXJWZNUIWGltpDbE1gdiYoLT7MNtLENU-mPkAgv9KVh9dQJGPL-lMQvCDk7HfieOWF624jEcrIefBCvVdb8XrxFE79ambdtKjEYl0AqqXYbUDKxzY1IEtHeT8oBG6nZB5NIjSLmdtN6RhyJPY7XZ816Vd1oZlM-0DmHIAlg3A1Ic7Jd80vf7YKJuMbcH00PvyGPKjI3BnBvrR0NuzN8rMj9pu4EbdoYdS3UZPDKDsj9CbNTR3oA1Bn9eoEoJKE1SUoBIElSGo-vU9nmlf1zs80zb25tGfx6AeSbMxpPek2UgKAqoGULwei_I9fQfMLI-2U81HcuZobO6vrfhRu73SuuGNaMzrYXlInpq9jPPFT3-glxw0gm4UMr8btVrUc10a8A5jfpe2kjjuhjxl0KKG0Eug2sG2mJLzn_yJUkzJC6_cREz3obN9MPEkqH0etKpBN2tsF9-UlPW0MFQ3mczBZY3SnIC55QyzQ_Lc0XKc_udzJOzB678HRwamapSqxk3xM8FGdnd0RVZkfEVWmnx_qTQiF9t0tjhXDTXJ8v3zya1KKr5-Vg--Os1mxCzdu5Zoc4EWXBQbmnx9RnCeqDWpWEJ-WNfXk_iy1ZtnrCpseeHyG2vreakSrYUsJqBiSpz3fwETU_L4W-eOPsXJ9Y8h1ATK1sjtAzI3sPI2dLnQriWByhZ8XDqobD1SfrwAM0GQJYuaxjX0f-p4kY8Und2moh7qu9hQDqi5gyKv0Vc1-lkNmg2g7fLIlGohI86cUZwpZxxnKvv0eMRaHDTSIPGZ63bakRd00sQLQs7SVifs8oi6QZDA6Onm-OX1fwMAAP__FLY09vIEAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTTYscRRiu3s1NwQ_EgyDMIeDnzvbX9MyYgyQmK2tiEpJIDh5CdVX3bmW6u9r6mN6sl2BQAoKMN71IzzOTXY2r6A8QdNZbUHA8rZi9-BOEgDeZ3YHR9_B-PE8VPO9bb300tIckgKUHl9-W2yLL6Gqr6TZevC4KLivduHit4blN91Tjuiii8FRja-ZU_zUvCJvuS403E9aTq77rua7neo01oZJUbq0esRDlXtdrdt1m6De9Vogt9f9a2yVo6oD3D8nTEHz6xF_puxBsgiL_7myie0aWr57LbUaNVOjz3XeKXiGrAvkiTZWDtNidn4bUU0I-W4IsducdQPbHsw4QiylZevYh4mJ3LhNx_96x0jhDUiDmj6HqT5BkEwg6AZN3IPhvBGAcFy-hyHcuSlXRW8csnbFTcuLR3xDVlJx4-AyK_NszmdhqXJWZNUIWGltpDbE1gdiYoLT7MNtLENU-mPkAgv9KVh9dQJGPL-lMQvCDk7HfieOWF624jEcrIefBCvVdb8XrxFE79ambdtKjEYl0AqqXYbUDKxzY1IEtHeT8oBG6nZB5NIjSLmdtN6RhyJPY7XZ816Vd1oZlM-0DmHIAlg3A1Ic7Jd80vf7YKJuMbcH00PvyGPKjI3BnBvrR0NuzN8rMj9pu4EbdoYdS3UZPDKDsj9CbNTR3oA1Bn9eoEoJKE1SUoBIElSGo-vU9nmlf1zs80zb25tGfx6AeSbMxpPek2UgKAqoGULwei_I9fQfMLI-2U81HcuZobO6vrfhRu73SuuGNaMzrYXlInpq9jPPFT3-glxw0gm4UMr8btVrUc10a8A5jfpe2kjjuhjxl0KKG0Eug2sG2mJLzn_yJUkzJC6_cREz3obN9MPEkqH0etKpBN2tsF9-UlPW0MFQ3mczBZY3SnIC55QyzQ_Lc0XKc_udzJOzB678HRwamapSqxk3xM8FGdnd0RVZkfEVWmnx_qTQiF9t0tjhXDTXJ8v3zya1KKr5-Vg--Os1mxCzdu5Zoc4EWXBQbmnx9RnCeqDWpWEJ-WNfXk_iy1ZtnrCpseeHyG2vreakSrYUsJqBiSpz3fwETU_L4W-eOPsXJ9Y8h1ATK1sjtAzI3sPI2dLnQriWByhZ8XDqobD1SfrwAM0GQJYuaxjX0f-p4kY8Und2moh7qu9hQDqi5gyKv0Vc1-lkNmg2g7fLIlGohI86cUZwpZxxnKvv0eMRaHDTSIPGZ63bakRd00sQLQs7SVifs8oi6QZDA6Onm-OX1fwMAAP__FLY09vIEAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv26=true; uncs26=1; u_pl26703069=1; pdhtkv23=true; uncs23=1; u_pl26637295=1; pdhtkv29=true; uncs29=1; u_pl27181530=1; slec3964c29655a100a3d8cc29a5ebb94dfc=[4323737]; u_pl27181894=1; slecf196f12eba49c74f7aab0889dfff3f05=[3078195]; iprc_l+bd8c85ceda51526c29df1c6070b5ce73=3078195; iprc_l:3078195=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:55 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+e4b5b9f52112f0a72d844984c3940636=4323737; expires=Wed, 20 Aug 2025 07:39:55 GMT; path=/; secure; SameSite=None\niprc_l:4323737=1; expires=Wed, 20 Aug 2025 07:39:55 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 7\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 1d10344376c319df98a9779dbfe90d60\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":119,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/css/animate.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/css/animate.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 4156\r\ncache-control: public, max-age=31557600\r\nexpires: Fri, 07 Aug 2026 15:27:55 GMT\r\nlast-modified: Mon, 04 Aug 2025 08:15:36 GMT\r\netag: \"e9bf-68906c28-f882ae11d10fec15;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1030315\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ayyqo7Olr%2B1oVZQYFPjRgSoqyN1MaKdpaMCgcqk112SObjdITeVyh7x1xbdF1i6Ue%2B%2BLTLxhzTlr2n2l2UWyoMQeymQmvS%2FuDkIeCIM%3D\"}]}\r\ncf-ray: 9717ffdb989d8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":59839,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (460), with CRLF line terminators","md5":"fcb641a126ce1c2ea8fbb3efec7c347a","sha1":"c800c155b0092c11bf6087661db805037a3c52c1","sha256":"81cdaee2dedfc313ccf35708edb03491d4c79b5c7fb97563cd2400778fd04ee9","sha512":"91b86e738e884dd0d52404313b78a713386b46b97e8425546e13315de6970ddb10db6253f2d2dcdc71f6bd0519808bbdb4ecaba59c1a2c2042520bf8888a3113","ssdeep":"192:FDvQHnvHQvFpjIBz+a+pjxm7YfPZBWgQc95YKm/0kLyJgprWXhOX8yRTeVSqwMbO:FbWq7M","tlshash":"ff43ea662c91114457720b25d7de8f6ceb3ca17318226efab3c2548b8f61bac13cda57","first_seen":"2023-04-07T13:37:00Z","last_seen":"2026-04-09T19:51:58.091485Z","times_seen":1163,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/78/99/17/7899179f180892f5e24f28902243b3a5.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /78/99/17/7899179f180892f5e24f28902243b3a5.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 32394\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3ddf20ed1e641f2681c2cb5f19a142fd\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104640,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fd3617319bc3abe41bfdee871debad5b","sha1":"979c86dfa1ed413f61caebc4984f54b70b58069b","sha256":"18b7e3baa55bb76cece906b5a9b9ed97ef93de09b74425df11c1c7f4b692789d","sha512":"cd17639184a5cdb2f6a20b87a75beba5015d6c11de44cca5ce0b871b8b511c5ec6e907b970170ebd86b6475c5801f66910a6cf8690af17485f7cd3a3f7e777f2","ssdeep":"1536:SOOjqWBSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXT+IPC+:AJhKfEMRbhJIMuV0DyIPT","tlshash":"26a3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0ef63e558","first_seen":"2025-08-19T07:40:33.392808Z","last_seen":"2025-08-19T07:40:33.392808Z","times_seen":1,"resource_available":true,"data":null}},"time_used":902,"timings":{"blocked":339,"dns":28,"connect":103,"send":0,"wait":114,"receive":105,"ssl":210},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/04/cropped-packsitas-icono-2025-32x32.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:55.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/cropped-packsitas-icono-2025-32x32.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=obtrusiveorganizeresponse.com; pp_main_7899179f180892f5e24f28902243b3a5=1; sb_main_3964c29655a100a3d8cc29a5ebb94dfc=1; sb_count_3964c29655a100a3d8cc29a5ebb94dfc=1; sb_main_ac744539d885732140d6b141d5a36226=1; sb_count_ac744539d885732140d6b141d5a36226=3; sb_main_f196f12eba49c74f7aab0889dfff3f05=1; sb_count_f196f12eba49c74f7aab0889dfff3f05=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=wayfarerorthodox.com; sb_main_13e0f72a807bb8091b31314f6e78c2a7=1; sb_count_13e0f72a807bb8091b31314f6e78c2a7=1; sb_main_6e642680db3ecb105b002b772d76b2a8=1; sb_count_6e642680db3ecb105b002b772d76b2a8=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 936\r\ncache-control: public, max-age=31557600\r\nexpires: Fri, 14 Aug 2026 20:42:24 GMT\r\nlast-modified: Wed, 30 Apr 2025 17:52:28 GMT\r\netag: \"3a8-6812635c-668c4f78c6401c8c;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 406651\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NKIcayf3DCJ9oKQc83TfvX5K%2FASBJg6qAZ59ytlBEJrtrysOsnK7h12XtHYF0nLDB4y1tFf4plpgHDJ1GDZz8iWPNyrLMYcE%2BpW%2F2zY%3D\"}]}\r\ncf-ray: 9717fff629c8f9e2-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":936,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"be79ab4f67d0c96ec2390eafb3d9c19a","sha1":"fa4c2581e93ae2f7df9f6ad9317a1049ae78877e","sha256":"3f1b2e482dfbc6c99979f602428ef809680967d871cc63b092b71a88f27e1ddf","sha512":"87ce7e89a8388491cc2a432731fe6a251567e443f4ad8212512fa18c1cfb4d0301be4fd7249fdcd6722b23f1f662b7c81f934679fd4a8c1528242d95a05e8cd4","ssdeep":"","tlshash":"f311c4005e3f6430fe2e082243d8eb1e82df754a3917d50a2314028cd809eb0ea3fc28","first_seen":"2025-08-02T11:30:48.490845Z","last_seen":"2026-03-09T01:54:48.170072Z","times_seen":9,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/js/bootstrap.js?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/js/bootstrap.js?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 26777\r\ncache-control: public, max-age=31557600\r\nexpires: Sun, 16 Aug 2026 14:56:31 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:13 GMT\r\netag: \"256a0-6899a691-dbdf030573d1d3ab;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 254599\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2UmUgEtGbdL%2BSfVuGH8hvuGQT65MvOXXTWKK1tzqdyRCaqeEKY2t50a%2BnobUnVawIjCtuM9qbhIBwlVKxfEfQXq21CR%2F9E%2FUxo%2BIqD0%3D\"}]}\r\ncf-ray: 9717ffdb98cd8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":153248,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (620), with CRLF line terminators","md5":"b38ad66233d951b97b32d03cb8d042dd","sha1":"d1caf0e2cd63daa44b6821b5c4abb2dc45671119","sha256":"62512d1879bf167a7101baf82aa8b9a2df5f391d6201087fa8aed120cfccf7a9","sha512":"958bf35d52094f1f0573793cb1b6d33d6a5e8feacff7960a49ad563a4805996d5890ed34f61a6b548dfa2a356c2e334fab56604af38e29f5ab36123e88e410e2","ssdeep":"1536:6P1jVdO9VK+afC5Ds5SwLcJIpnLzLzoCQTUK92DbP3DF0dc/q8Ovq:yyY5z4CQTLIzF0GjOvq","tlshash":"4fe356493d9a2473493be77e9f63411efb2201ab610691987dac0a8c1fb546051eeffc","first_seen":"2023-03-13T22:18:49Z","last_seen":"2026-04-09T19:51:58.09703Z","times_seen":630,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/43fb6dba152dc7d216fc2c00b1313dbb/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"offensivefountainrabbit.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 19:39:45 GMT","end":"Sun, 02 Nov 2025 19:39:44 GMT"},"fingerprint":{"sha1":"A7:93:39:18:F1:01:BB:4D:82:C0:BF:90:31:9E:64:25:36:F2:0C:E1","sha256":"A2:CD:CF:2A:E2:3E:21:B9:56:69:56:80:26:AE:D8:89:B0:DD:F4:FA:0B:A6:CB:42:B5:1A:6F:6B:D6:38:25:BB"}}},"request":{"raw":"GET /43fb6dba152dc7d216fc2c00b1313dbb/invoke.js HTTP/1.1\r\nHost: offensivefountainrabbit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:51 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 13043\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: offensivefountainrabbit.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7879fd0b4702c407f8a6e53ee5c88c79\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33023,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (33023), with no line terminators","md5":"775f18b0af8528210e0073cfb6ee8268","sha1":"e96883408650feaea0fc993471a1b849811a3d73","sha256":"23fbb9f099c60c295ea897589c2fd0606f887c6db2c437974f256fb29df494d3","sha512":"496fdc8118ae57926d4add040501b27bd652571b9ac38827089f965db95d10c5bb37eeb190464760fe8e44b1e402ebc6321602d18ff0a1032130d697969293f8","ssdeep":"384:lznDKyAp9nf1GPXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:5KygfcbULz3KQQmTO5qel+qL0PFcWg","tlshash":"89e208883f70b44d1776303b322f856efab5cd555488d88cd287ac952ab9b1ee437e09","first_seen":"2025-08-19T07:40:33.360905Z","last_seen":"2025-08-19T07:40:33.360905Z","times_seen":1,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"offensivefountainrabbit.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-d1b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NIyRPfH%2FiqxuPDDAyDmdyD6Pl7VucIb6p5wm5HJwjs72G2cFzeLj5WoM5CBuGdXVfirDk1gIlD4PJEk4VEe%2BQw1m1yMjN%2FcmZONTCKZX0Vc%3D\"}]}\r\ncf-ray: 9717ffed4ff39780-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3355,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"039a6734d79ed9aa51cf81c52479c5fe","sha1":"9cf29c4ea1a3880681d50c7228374f8073b7778b","sha256":"a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1","sha512":"879f067d02f582c2ff8f9c0308cbb44b24964136c4d8074f1a1b200169b520bb49fdd2b290772dfbc3ca432fba2ce9d5b1a398eb14746613cc942dd7567fa1d9","ssdeep":"","tlshash":"3a61ba966b670a04b51ad0ab3f667b4723084007995fed757fc8620ccfc92a8d6d378e","first_seen":"2024-02-12T03:25:01Z","last_seen":"2026-04-10T09:34:35.833065Z","times_seen":2194,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/webfonts/fa-solid-900.woff2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/wp-content/themes/blogus/css/all.css?ver=6.8.2\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 156496\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 12 Aug 2026 12:02:17 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:13 GMT\r\netag: \"26350-6899a691-67b2fbebaa264f96;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 610653\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a6486yiJTuFZwI2XMKmWCWUgt3m8Zg7aFHkpKStviqDZWov4GXCzGNd2paTwzpXytn%2BZcqNfmylUMeuH0JgSju9iWiYtMiCSUbJdDSo%3D\"}]}\r\ncf-ray: 9717ffdf8e58f9e2-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":156496,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 156496, version 773.768","md5":"6c4eee562650e53cee32496bdfbe534b","sha1":"1aae708e3b94ee981b452a918d28ed037fbb5e18","sha256":"9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2","sha512":"ebcb5a2e2a908228f77ecd03b45491778cad73ddc39fa3a6334b129aaf9fa36c16c0307aeaad74d77f616b5b34aac52d91e9f4816945253dc9a826ddd71f4d12","ssdeep":"3072:OvM6gZMLmY8uGpjVnlooQ+GQs8jic0f/KkMdE:OU65LoP5QSsuic0f/cdE","tlshash":"8ce31200d620498d9978fd5b2a1fa1ffa7a939c95ed210bad3c30cb93257143bbc2556","first_seen":"2023-12-02T04:06:15Z","last_seen":"2026-04-10T09:37:40.450539Z","times_seen":33879,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/sbar.json?key=ac744539d885732140d6b141d5a36226\u0026abt=F-2677-5_1\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 02 Jul 2025 00:39:20 GMT","end":"Tue, 30 Sep 2025 00:39:19 GMT"},"fingerprint":{"sha1":"2F:53:8D:73:5E:CE:FB:91:B4:FD:2B:4E:F3:E9:80:AA:62:1A:61:CD","sha256":"C1:D4:30:78:23:7C:54:B2:69:C9:DF:D9:A9:CB:93:CF:63:1B:C9:46:05:84:47:B1:70:77:4E:B8:85:DE:85:B8"}}},"request":{"raw":"GET /sbar.json?key=ac744539d885732140d6b141d5a36226\u0026abt=F-2677-5_1\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://packsitas.com\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; expires=Tue, 26 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nu_pl27181531=1; expires=Wed, 20 Aug 2025 07:39:53 GMT; path=/; secure; SameSite=None\nslecac744539d885732140d6b141d5a36226=[4323737]; expires=Tue, 19 Aug 2025 07:39:58 GMT; path=/; secure; SameSite=None\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: cebddeb66639c35cd5eab4c07dc793d5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6172,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"d40a16deb5782ee47f588dff572133cb","sha1":"1f00c7261247b6444179e2a000f5580e6e31203e","sha256":"09db7adf5ccf5b78943078018c9d707aaac5343e8f1039c57ece691ba89040be","sha512":"4a8322db5896603c2c43807cf8f16bf0e456e9e61f3b32ff23e9870ff857104de7e0a3ff74be0fd0bf7d1f83dbb95e4d9c91be82ae2460c759f8556b371cab88","ssdeep":"96:9zzk6QffEp3wIJHtfIc1JwIEpwWUYbiqDYyx+491eAK4Zok6QffEp3wIJHO4yYSl:9zQ6DJvbwD/3WqdAp4Z76D/yYSBf6K","tlshash":"ebd16ebe251bb5e7f94a4658d413df962e87c60a3c84412de6d287ffc65e254c01d138","first_seen":"2025-08-19T07:40:33.396487Z","last_seen":"2025-08-19T07:40:33.396487Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1139,"timings":{"blocked":394,"dns":1,"connect":129,"send":0,"wait":348,"receive":0,"ssl":265},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Mon, 27 Sep 2021 07:43:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yTPoLA8qQTZwaNe3Y6HH2hDoNzTTyHz8uNSHIfS4GW%2F24mBGvmo26CUsddSzAsEE51Ex4Mu5ndxlPSBR6VYtOSerEBVFfiGanzYYiqQjnw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9717ffeaceffbb02-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1325,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"f6990569c7ffeac1f4a3f6d9eee5da44","sha1":"e7d5e37acf89a8faee252c36fc2c9d6615501d76","sha256":"cc2a9756c81bd570fff8b32e48a413687c33f8abe9c934e743a0769178b4f690","sha512":"be3ebced9d65b29fef8caab46e95f54f1ca645ea5942331c84c964ec033fb7c78506d14eda131948b7f664f1635deaa8d82a63169f9214f72035b087ea104bda","ssdeep":"","tlshash":"a52105692df9c97311e750947b352f1bed92ea87c80a6e0173bc9d684f9ad84cd23407","first_seen":"2023-06-26T22:59:31Z","last_seen":"2026-04-10T09:34:35.817673Z","times_seen":2393,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":459,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KE06JwfFzFIbd2gNZs2W8RsCympDs%2FhWjLcPtJ3y1fdm3QN3PGlkgMHckzDAAD5gOSHBlTHZHcgfvJwbkqsbissaUz%2B%2Fw0OJ20npkJTm0NY%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 885900\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-1499c\"\r\ncf-ray: 9717ffeefff3588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84380,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T09:34:35.836032Z","times_seen":16148,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogza/style.css?ver=6.8.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:50.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogza/style.css?ver=6.8.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 2716\r\ncache-control: public, max-age=31557600\r\nexpires: Fri, 31 Jul 2026 22:52:38 GMT\r\nlast-modified: Mon, 28 Apr 2025 20:53:02 GMT\r\netag: \"2b7b-680feaae-737fd2640a5eecec;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1608432\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u3pVC611495LdlTUfQzSBGo9n9p3dpuvKppHgBqN6F4cTXyNAl%2F7w9OdA%2FGI3oPA%2FkuCFG2ZYuYSegLcK8DVvOF784ZFXWL7Zf0Z2u4%3D\"}]}\r\ncf-ray: 9717ffdb88928bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":11131,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (586), with CRLF line terminators","md5":"931fb5f672f108a38d58f7e56fe14535","sha1":"c71e44f3649578d42fa4c9b541456be697903677","sha256":"91f6d63ed5a3c24fc7a086ab64516d051560ec197c45933c4725c2566718887f","sha512":"be70b189e07b9dd2926a7bc70f87e5c4ecae2b2753a1bf28fe50410f1938d5a6209ad0ecf6a6dc193aa0759fc98f6c0b76112582ddd0c26a6d4b213eec3b8d67","ssdeep":"192:EeWEsrhU/jQUzOgKacSfN5jjP+9Z9MFvnRYO1PidVXmnvJMEMCddUzAd0GMMgdvd:A4CP3WJPidVXmnvJMEMCddUz80GMh6Cl","tlshash":"9e3294a5ee1626489b36daea9bf40744de2b00977b0b00e0ff9d41485f7515c26b3fe8","first_seen":"2025-05-14T05:46:26.80267Z","last_seen":"2026-03-18T14:42:55.409726Z","times_seen":20,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/ac/74/45/ac744539d885732140d6b141d5a36226.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /ac/74/45/ac744539d885732140d6b141d5a36226.js HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 25919\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nSet-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_F-2677-5=1; expires=Tue, 19 Aug 2025 07:39:52 GMT; secure; SameSite=None\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f2fa6fa9bcfe2e2a67212538e9d5816a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73413,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b59c15588995ae7577a431858386aa48","sha1":"962c8ba8c2fc0f19f756bb590276d88c6536b027","sha256":"082dd36781af26835e924e3a1014e6e9826d5594577559acb237633462041486","sha512":"43a74e9cd4664bd5ff39508381f23ebcecf200e4d1a7d9922490d39d379453509ce31b544f92c04e990f7d361dd0ed9b6a7e2ecd9b86fb844df576dc0b4be6c9","ssdeep":"1536:gFMvR03G4SjfXSKWyJR8QxUmDhe9caAJwabHDXvI/:I3crW+yQO9caAiz","tlshash":"ee73eb887f71b06f23a524b3223f5547f19a5c06545cf4b8f117f8596bac31af0baa28","first_seen":"2025-08-19T07:40:33.407641Z","last_seen":"2025-08-19T07:40:33.407641Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1067,"timings":{"blocked":399,"dns":14,"connect":128,"send":0,"wait":136,"receive":127,"ssl":261},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sentry.developzilla.com/api/12/store/","fqdn":"sentry.developzilla.com","domain":"developzilla.com","tld":"com"},"ip":{"addr":"96.46.180.116","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"developzilla.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 07 Jul 2025 20:58:44 GMT","end":"Sun, 05 Oct 2025 20:58:43 GMT"},"fingerprint":{"sha1":"AE:CE:02:AD:6B:2C:68:87:F6:2D:3D:3E:59:10:E2:07:70:C8:3D:C4","sha256":"42:DA:7B:D8:6E:9E:FA:8B:AB:1F:DD:37:A9:07:5E:FD:94:98:AD:35:4F:7B:80:02:89:1F:C7:A2:DA:75:94:E8"}}},"request":{"raw":"POST /api/12/store/ HTTP/1.1\r\nHost: sentry.developzilla.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://packsitas.com/\r\nContent-Type: application/json\r\nX-Sentry-Auth: Sentry sentry_version=7, sentry_key=18eb246192ea9ed123b97c23c9107596\r\nContent-Length: 1820\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.25.5\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after\r\ncross-origin-resource-policy: cross-origin\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload;\r\nx-content-type-options: nosniff\r\nx-robots-tag: none\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5bc184d07944be2c42a9d7ce2f993ed9","sha1":"5e8b3b8ef95ba1575df389912208cd02a61bb22a","sha256":"bb113453d6a0df7e3bfe15101e228b7277f181b569d8f8d06c04cab3725519ee","sha512":"325c8c788c8ed2be6b0ae6e6aab23de7b9cf4642170bb225f2543d9834824f85bd131df88715d8b353ef0ae3eb104270920f70fc057760eda9c21e1d2218b229","ssdeep":"","tlshash":"d8900002a08e0338a22e820a2820002aa8220082aac20a8a088822283008820832a03a","first_seen":"2025-08-19T07:40:33.408655Z","last_seen":"2025-08-19T07:40:33.408655Z","times_seen":1,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/60/7c/68/607c689d3260386859937413d64d5150/1753952037.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /cti/60/7c/68/607c689d3260386859937413d64d5150/1753952037.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 51230\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 31 Jul 2025 08:53:57 GMT\r\netag: \"688b2f25-c81e\"\r\nexpires: Thu, 21 Aug 2025 07:39:52 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51230,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:07:30 12:03:17], progressive, precision 8, 160x300, components 3","md5":"73b3cb71a563dc8fbc83da4621fe33b2","sha1":"fa53a6d1caffbdb2bc2cebf16165d77aab36e07c","sha256":"37456c16de82f244e875a48792ae0cd103de377c6b173e8e95e6c851b4ab3ed5","sha512":"66890dbd0ca8c217bdd55458ea0b00ddaf3013fe7aef1465fb63434219e8857e1417c05e5c20b80be61318bd1c8ec6f912011989c2c7e325ca70dd6da49b2150","ssdeep":"768:n9ggYb0rki39ggYb0rfgpEkYyav2hg3E3AaGkHuQNU3UkuuFriAwE:2gYyWgYyfgpEkNhgUUkOQyluE2DE","tlshash":"c033d118bbabae12f9d652304db2d3c27b23f9a893535246f86c59163b743c1cd4da07","first_seen":"2025-08-01T08:14:43.847176Z","last_seen":"2025-09-02T07:11:36.670995Z","times_seen":41,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/2e/d3/f2/2ed3f234fd2556487d8f89335e2685ff/1753955328.gif","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /cti/2e/d3/f2/2ed3f234fd2556487d8f89335e2685ff/1753955328.gif HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: image/gif\r\ncontent-length: 31930\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 31 Jul 2025 09:48:48 GMT\r\netag: \"688b3c00-7cba\"\r\nexpires: Thu, 21 Aug 2025 07:39:53 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31930,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 728 x 90","md5":"9ba0e2103d72a0104a698e31850f4cb4","sha1":"2f59078e9122da461a463202b4c7186278634803","sha256":"6090ab8a539ce5e5dfc60aa60b08850fa3f087fc49168f5669871fb564ab9ec8","sha512":"d32459934e7b223a8a06156b9048df982c2c121106c78e0328b345146da7f32f4696fd2c40d99aa856b0fb9869168fc23c057b97fe130d4a5450cd235494f523","ssdeep":"768:AkOfU8QOgmLLpoWdmc/mjKYfA0BrGl+aReJxDsXn8CJ4XQxAY:AkOdjgk1n8jKYo0NQ4goA","tlshash":"6be2e0ef9d648c24112608203ef3696c2663865649a4fd36b594fe029fc943f24b6f93","first_seen":"2025-07-31T12:09:33.274652Z","last_seen":"2025-09-02T18:27:26.54447Z","times_seen":149,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/themes/blogus/inc/ansar/customize/css/customizer.css?ver=1.0","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/themes/blogus/inc/ansar/customize/css/customizer.css?ver=1.0 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 3158\r\ncache-control: public, max-age=31557600\r\nexpires: Fri, 14 Aug 2026 07:03:23 GMT\r\nlast-modified: Mon, 11 Aug 2025 08:15:12 GMT\r\netag: \"876b-6899a690-292f12cb8adaf838;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 455787\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NZl%2BxMdjgW%2BPAhdr5tMVZxSyfKWzCusMKpYpvuNGf%2Bilno358vyRJqu2FNQt%2BUGsHOx7Am6TTIsv5L0jsy0rEVGOcnZsTMAVRs4q3gQ%3D\"}]}\r\ncf-ray: 9717ffdb98ae8bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":34667,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with CRLF line terminators","md5":"087ed7ffa2ab059a2a9546a2c00d13e2","sha1":"66060d0ad9c2a9504748bc5fc9791125ab05e7da","sha256":"6710ca1850f10b6dd08c40839a49cad71505cfb573bfcd8ee6b84a45012805bf","sha512":"b9d8fe0ea7359e43b49f2edbe3fb3f6d5ba9fcb2917a39a2b6b4838bbcf9670b4c4cb8b90ab3214c8c5643716188d0da9ce9628d1c9b5a5e92bd1f5d8c9b50e8","ssdeep":"192:IAqXxJQ0ZU0TrSMJfCPWTVAHc1rSn1rxY1BSz1Bx0Zcfd4YQxWdMbAwC5UpJbfSN:eXRrZc2pJbfRJzpVcDJ","tlshash":"62f28c3af5a161f860764a8ee17bf6bd6c7bc214d31648fa75c076298bc27df1013292","first_seen":"2024-07-17T00:49:56Z","last_seen":"2026-04-06T14:47:44.219064Z","times_seen":165,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423046\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:21:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa8566-e50\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kdhHqZLmL5omkTW7V43hMdMkQ3a7oyuPyPLXs%2BLdKpGmBBU8vp1cqkmLL95xVWzTuUzRda1uzixSScfJ7WdIZG8KLaTuI%2FHiY1RjmMFqYlA%3D\"}]}\r\ncf-ray: 9717ffec0d669780-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3664,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"da91945ede579f34a99cde40a98ce5a4","sha1":"cfbf9b6c295766437a906f7fd6f46a0302240c9a","sha256":"9b9d07bcd50263ebd848d3f60889a594727d925ee4488df503eac791023d57b1","sha512":"764d388d8e0d63feaf440cdb92de9ef3f1eb76152b4f1ac1ad0d1fc7b30c110f24628b0e0c34bf5a9cbb1918aa8dc2fc466386f07ec0fda75ea7ec1cf9befae4","ssdeep":"","tlshash":"3071ee961b372604b40bd49a2f652717132540078a4bed183fca774c8fc66a8c6e3bdf","first_seen":"2024-01-21T07:50:10Z","last_seen":"2026-04-09T09:03:23.813058Z","times_seen":391,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":445,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jan 2024 14:21:26 GMT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa8566-e50\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mpuP1dwDXPHb%2B1r375uwB198mGmL0kQEcASnei26B2ic4V7N%2FxlKUweMMXKcGzfhYCIaNTP8yYnF5MJtI3qkJisbPgILRB4VjoX7KAI8KFk%3D\"}]}\r\ncf-ray: 9717ffef2ff8588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3664,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"da91945ede579f34a99cde40a98ce5a4","sha1":"cfbf9b6c295766437a906f7fd6f46a0302240c9a","sha256":"9b9d07bcd50263ebd848d3f60889a594727d925ee4488df503eac791023d57b1","sha512":"764d388d8e0d63feaf440cdb92de9ef3f1eb76152b4f1ac1ad0d1fc7b30c110f24628b0e0c34bf5a9cbb1918aa8dc2fc466386f07ec0fda75ea7ec1cf9befae4","ssdeep":"","tlshash":"3071ee961b372604b40bd49a2f652717132540078a4bed183fca774c8fc66a8c6e3bdf","first_seen":"2024-01-21T07:50:10Z","last_seen":"2026-04-09T09:03:23.813058Z","times_seen":391,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RTzYscxRuu3gR-hx_ED0QhIMxB8HNnqz-mZ8YcxBhXlsQkJpEcPITqqu7dynR3tVVd05s9BQOSk4w3T9LzzGRXYxT9A0SZ9SIBIeNpwezFf0AQg0eZ2dHROlS9z_s8Lzzv229_OLSHxIdlBxffVjsyTdlaq0kbL1yVuVCVaZy_0nBpk55qXJV5GJxqbM8u3X_V9YMmfbHxVsx7as2jLqUudRvrUseJ2l6bs5DFva7b7NJm4DXdVoBt_V9s7AoMcyD6h-RJSDF97NfkPUg-QZ59fSY2vVIVr7yZ2ZSVSqMv9t7Ne7mqcmTLMNEOknxvoYYyU0I-WYHK9xYdQPXHsw4QySlZefohonxvYRNR_86R0yhFnCMS_0fVnyBOJ5BsAq5uQYoHBOAC5y8gz3bPK12xG0csm7FTcvzR75DVlBx_-BTy7KvTqdxuXFapLaXKDbaTGnJ7Ark5QWH3Ue6sQFb74OUHkOInsvboHPJsfMGkClIcPBd5nShqueEq5SJcDYTwV5lH3VW3E4XtxGM06STzEclkAmaOwRoHVjqwiQNbOMjEQSOgnYC7zA-TruBtGrAgEHFEux2PUtblbVg-8z5AWQzA0wG4vr1rc268cOjes9eK1Avb1Kdhd-h-Voitstf3_HGpbXyk8v9RhX7b67aG7u6Raq4ZzzTLwnCeRKFvoicH0PZ7mK0aRqzAlFPivHMTfVGjigkqQ1AxgkoSVCVB1a_viNR4pt4VqbGRu3i9xevXI1VuDtkdVW7GOQHTA2hRj2XxvrkFXh4b7SRGjNTsYlF5d33VC9vt1dY1OmKRqIfFIXli9g2dT_fX0YsPGonbDRPXiyMWdHk7SNqMRbTT6YokSfyEtmBkDWlWwIyDHTklZz_6BYWckudfvo6I7cOk--DycTD7LFhVg23V2Mm_LBjvGVky0-Qqg1A1ivI4yhvOMD0kJ-dr1PzTR8zvk8UB1zUKXeO6_IFgM709uqQqMr6kKkO-uVCUMpM7bLZil0tWxs7ds_GNSmmxccYMPn-dz4hZeO9KbMpzLBcy3zTki9NSiFivK81j8u2GuRpHF63ZOm11botzF99Y38gKHRsjVT4Bkw9OnACXU_K_H_-Y_zzPHJ6E1BNoWyOz_3Ja3IQpltgoAp0ucVQ4qGw90l60TKaSII2XmEU1THz_u9_-LlrGI81m1UzWQ3Mbm9oBK28hz2r0dY1-WoOlAxh7bFQW-v5rP_vzgyh1RlGqnXGU6vTjowEbedBI_NjjlHbaoet3ktj1A8GTVifoipBR349RmunW-KWNvwIAAP__vaYCUBoFAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 21:49:55 GMT","end":"Fri, 26 Sep 2025 21:49:54 GMT"},"fingerprint":{"sha1":"38:55:0E:5D:7C:E7:08:BA:9A:77:8D:79:E7:3A:6B:27:F8:97:E4:89","sha256":"3A:54:48:30:C3:83:C3:F6:C2:3E:B3:7D:81:B3:37:9D:16:0C:B9:AE:C5:C3:56:8C:33:5D:AD:24:2B:B7:35:AF"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTzYscxRuu3gR-hx_ED0QhIMxB8HNnqz-mZ8YcxBhXlsQkJpEcPITqqu7dynR3tVVd05s9BQOSk4w3T9LzzGRXYxT9A0SZ9SIBIeNpwezFf0AQg0eZ2dHROlS9z_s8Lzzv229_OLSHxIdlBxffVjsyTdlaq0kbL1yVuVCVaZy_0nBpk55qXJV5GJxqbM8u3X_V9YMmfbHxVsx7as2jLqUudRvrUseJ2l6bs5DFva7b7NJm4DXdVoBt_V9s7AoMcyD6h-RJSDF97NfkPUg-QZ59fSY2vVIVr7yZ2ZSVSqMv9t7Ne7mqcmTLMNEOknxvoYYyU0I-WYHK9xYdQPXHsw4QySlZefohonxvYRNR_86R0yhFnCMS_0fVnyBOJ5BsAq5uQYoHBOAC5y8gz3bPK12xG0csm7FTcvzR75DVlBx_-BTy7KvTqdxuXFapLaXKDbaTGnJ7Ark5QWH3Ue6sQFb74OUHkOInsvboHPJsfMGkClIcPBd5nShqueEq5SJcDYTwV5lH3VW3E4XtxGM06STzEclkAmaOwRoHVjqwiQNbOMjEQSOgnYC7zA-TruBtGrAgEHFEux2PUtblbVg-8z5AWQzA0wG4vr1rc268cOjes9eK1Avb1Kdhd-h-Voitstf3_HGpbXyk8v9RhX7b67aG7u6Raq4ZzzTLwnCeRKFvoicH0PZ7mK0aRqzAlFPivHMTfVGjigkqQ1AxgkoSVCVB1a_viNR4pt4VqbGRu3i9xevXI1VuDtkdVW7GOQHTA2hRj2XxvrkFXh4b7SRGjNTsYlF5d33VC9vt1dY1OmKRqIfFIXli9g2dT_fX0YsPGonbDRPXiyMWdHk7SNqMRbTT6YokSfyEtmBkDWlWwIyDHTklZz_6BYWckudfvo6I7cOk--DycTD7LFhVg23V2Mm_LBjvGVky0-Qqg1A1ivI4yhvOMD0kJ-dr1PzTR8zvk8UB1zUKXeO6_IFgM709uqQqMr6kKkO-uVCUMpM7bLZil0tWxs7ds_GNSmmxccYMPn-dz4hZeO9KbMpzLBcy3zTki9NSiFivK81j8u2GuRpHF63ZOm11botzF99Y38gKHRsjVT4Bkw9OnACXU_K_H_-Y_zzPHJ6E1BNoWyOz_3Ja3IQpltgoAp0ucVQ4qGw90l60TKaSII2XmEU1THz_u9_-LlrGI81m1UzWQ3Mbm9oBK28hz2r0dY1-WoOlAxh7bFQW-v5rP_vzgyh1RlGqnXGU6vTjowEbedBI_NjjlHbaoet3ktj1A8GTVifoipBR349RmunW-KWNvwIAAP__vaYCUBoFAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzI5NSwiayI6IjFlZTk1YzJmOTRhZWNhMDgyOTE3MDUwYzdhN2NiN2E5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpkM3l1NGJjeHkiLCJjcGtzIjp7IjI4IjoiNzg5OTE3OWYxODA4OTJmNWUyNGYyODkwMjI0M2IzYTUiLCIyOSI6IjM5NjRjMjk2NTVhMTAwYTNkOGNjMjlhNWViYjk0ZGZjIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.1VmV4qJNWLVRMuhiMee78zUhWRcFWxHCS9HEZ9j93iM; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv26=true; uncs26=1; u_pl26703069=1; pdhtkv23=true; uncs23=1; u_pl26637295=1; pdhtkv29=true; uncs29=1; u_pl27181530=1; slec3964c29655a100a3d8cc29a5ebb94dfc=[4323737]; u_pl27181894=1; slecf196f12eba49c74f7aab0889dfff3f05=[3078195]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+bd8c85ceda51526c29df1c6070b5ce73=3078195; expires=Wed, 20 Aug 2025 07:39:54 GMT; path=/; secure; SameSite=None\niprc_l:3078195=1; expires=Wed, 20 Aug 2025 07:39:54 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 5\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b1112eeabf016b9c8042f9f42ce171cd\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"offensivefountainrabbit.com/1ee95c2f94aeca082917050c7a7cb7a9/invoke.js","fqdn":"offensivefountainrabbit.com","domain":"offensivefountainrabbit.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"offensivefountainrabbit.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 19:39:45 GMT","end":"Sun, 02 Nov 2025 19:39:44 GMT"},"fingerprint":{"sha1":"A7:93:39:18:F1:01:BB:4D:82:C0:BF:90:31:9E:64:25:36:F2:0C:E1","sha256":"A2:CD:CF:2A:E2:3E:21:B9:56:69:56:80:26:AE:D8:89:B0:DD:F4:FA:0B:A6:CB:42:B5:1A:6F:6B:D6:38:25:BB"}}},"request":{"raw":"GET /1ee95c2f94aeca082917050c7a7cb7a9/invoke.js HTTP/1.1\r\nHost: offensivefountainrabbit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:51 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 13050\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: offensivefountainrabbit.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7a2e0d94670f46583d86c71c8b165f1a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33053,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (33053), with no line terminators","md5":"ad15b262a2fe943c7d381dc97bf566a1","sha1":"76aeb6ea95508ce2107bcf6898dc819731eabd23","sha256":"7b6ced14c19f4fbeb9e2e4d98b42b584c5ff8d9076a3c5998cb80a8349ead13a","sha512":"a18993cc8481021b5f4df3a3222224e07314be602fb8a581706f9927685254fb005e134fb44734ae326c059f1ec25f7701e512abbc8ebf5b98c0242cb79aaaf4","ssdeep":"384:lznDSbp9Qf1PPXm2bBdMLlAwH3KQsjmTOlXqel+rn2NrL0uAfdtiOmuBc8Fg:BSYfHbULz3KQQmTO5qel+qL0PFcWg","tlshash":"56e208883f60b04d1776303b322f856ef9b5cd555488d89cd287ac952ab9b1ee437e09","first_seen":"2025-08-19T07:40:33.411756Z","last_seen":"2025-08-19T07:40:33.411756Z","times_seen":1,"resource_available":true,"data":null}},"time_used":782,"timings":{"blocked":314,"dns":49,"connect":104,"send":0,"wait":105,"receive":0,"ssl":206},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"offensivefountainrabbit.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sentry.developzilla.com/api/12/store/","fqdn":"sentry.developzilla.com","domain":"developzilla.com","tld":"com"},"ip":{"addr":"96.46.180.116","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"developzilla.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 07 Jul 2025 20:58:44 GMT","end":"Sun, 05 Oct 2025 20:58:43 GMT"},"fingerprint":{"sha1":"AE:CE:02:AD:6B:2C:68:87:F6:2D:3D:3E:59:10:E2:07:70:C8:3D:C4","sha256":"42:DA:7B:D8:6E:9E:FA:8B:AB:1F:DD:37:A9:07:5E:FD:94:98:AD:35:4F:7B:80:02:89:1F:C7:A2:DA:75:94:E8"}}},"request":{"raw":"POST /api/12/store/ HTTP/1.1\r\nHost: sentry.developzilla.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://packsitas.com/\r\nContent-Type: application/json\r\nX-Sentry-Auth: Sentry sentry_version=7, sentry_key=18eb246192ea9ed123b97c23c9107596\r\nContent-Length: 1806\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.25.5\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after\r\ncross-origin-resource-policy: cross-origin\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload;\r\nx-content-type-options: nosniff\r\nx-robots-tag: none\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e74beaede4a9212513a176cb63abedfc","sha1":"a0b4de0b610d76d1fe9dcc0d08306fa5451285b0","sha256":"ca00cd8f1aa5355a49f8d23afce52ad511ba9fdfe0f89c02557cb38343a2a92d","sha512":"f2b301a11c5bafc61d00b3a181cea9cff68c9352fa2e047313cf8af565b3fd5cb5d158568049dcf3860199b33061180631002c07908e281d0e8eb5de76937a33","ssdeep":"","tlshash":"ba900447fc043511405d05c7d40cc40755005105f171d5d53011055410550401f51c57","first_seen":"2025-08-19T07:40:33.412728Z","last_seen":"2025-08-19T07:40:33.412728Z","times_seen":1,"resource_available":false,"data":null}},"time_used":333,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":333,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1%2Bx5MfFHBeuDluVZz%2FqvH7I3Wd4RnApC04c7a%2Btr%2Bp1auvXC7euE8NIOK0x88zT716p2CJ%2Fexoz1wUMCdfKVKd79LDW01JORrcKg%2BoAKiw0%3D\"}]}\r\ncf-ray: 9717ffee6fd5588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-10T09:34:35.831084Z","times_seen":10596,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CDr%2BaaKfz98bfQprG1Maby4Fmb5oOLcTBPrMJ2Y9iiOae4ebOeKqQAq1r6PavSxhj1wzwdd8yoJbPewgMzRt0J5ucwg0yYl5sHyE0mv5s54%3D\"}]}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 885900\r\ncf-cache-status: HIT\r\netag: W/\"65aa84fe-1499c\"\r\ncf-ray: 9717fff08830588e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84380,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-10T09:34:35.836032Z","times_seen":16148,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/8b/59/4f/8b594fd93843afec253d5e5f7141da24.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /8b/59/4f/8b594fd93843afec253d5e5f7141da24.js HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 32387\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 954029cf64ed6f5f0cc0cde4d40be44c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"34d1c69133b88b45db2ce1d6669be43d","sha1":"dbe0e8ad593ec79600fb9242ec2efb64f00c7eda","sha256":"8bf4ffb0d3b5d23947baa444ff689a41858019dda623aa635fc2918186dfe1cd","sha512":"1c9ffd8f0c0dff7a3f278db0af1ede1d79064a37109c58a31c6ba7c238acc8f33607cdafce51ed0c5ba473c56912e80010c91d83849b25a52308c20b3798c281","ssdeep":"1536:SO/ysWbSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXz+IPC+:+JhKfEMRbhJIMuV0DSIPT","tlshash":"b7a3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0bf63e558","first_seen":"2025-08-19T07:40:33.413663Z","last_seen":"2025-08-19T07:40:33.413663Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1093,"timings":{"blocked":411,"dns":13,"connect":130,"send":0,"wait":135,"receive":131,"ssl":270},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sentry.developzilla.com/api/12/store/","fqdn":"sentry.developzilla.com","domain":"developzilla.com","tld":"com"},"ip":{"addr":"96.46.180.116","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"developzilla.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 07 Jul 2025 20:58:44 GMT","end":"Sun, 05 Oct 2025 20:58:43 GMT"},"fingerprint":{"sha1":"AE:CE:02:AD:6B:2C:68:87:F6:2D:3D:3E:59:10:E2:07:70:C8:3D:C4","sha256":"42:DA:7B:D8:6E:9E:FA:8B:AB:1F:DD:37:A9:07:5E:FD:94:98:AD:35:4F:7B:80:02:89:1F:C7:A2:DA:75:94:E8"}}},"request":{"raw":"OPTIONS /api/12/store/ HTTP/1.1\r\nHost: sentry.developzilla.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-sentry-auth\r\nReferer: https://packsitas.com/\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.25.5\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: x-sentry-auth,x-requested-with,x-forwarded-for,origin,referer,accept,content-type,authentication,authorization,content-encoding,transfer-encoding\r\naccess-control-max-age: 3600\r\ncross-origin-resource-policy: cross-origin\r\nallow: POST,GET,HEAD\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload;\r\nx-content-type-options: nosniff\r\nx-robots-tag: none\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":720,"timings":{"blocked":219,"dns":24,"connect":101,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Mon, 27 Sep 2021 07:43:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FRnTpJczQOtI%2BNOgI5GfnawOtjL2%2F9xI35zAquaEpva36WNS4q8aqvdyCICLjIsu1urRJYcG8yARdY%2BtiiBg%2Bv5HHqrwGvVqmGOLAPhhdQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9717ffe9bca8bb02-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1325,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"f6990569c7ffeac1f4a3f6d9eee5da44","sha1":"e7d5e37acf89a8faee252c36fc2c9d6615501d76","sha256":"cc2a9756c81bd570fff8b32e48a413687c33f8abe9c934e743a0769178b4f690","sha512":"be3ebced9d65b29fef8caab46e95f54f1ca645ea5942331c84c964ec033fb7c78506d14eda131948b7f664f1635deaa8d82a63169f9214f72035b087ea104bda","ssdeep":"","tlshash":"a52105692df9c97311e750947b352f1bed92ea87c80a6e0173bc9d684f9ad84cd23407","first_seen":"2023-06-26T22:59:31Z","last_seen":"2026-04-10T09:34:35.817673Z","times_seen":2393,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":33,"dns":5,"connect":8,"send":0,"wait":119,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC","sha256":"A2:57:20:B6:AE:46:89:B9:39:C7:57:9B:1E:43:96:E3:5A:BC:7E:3F:1D:18:10:34:CC:53:3D:DB:78:4E:5C:21"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 19 Aug 2025 07:39:54 GMT\r\ndate: Tue, 19 Aug 2025 07:39:54 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"e9d2e14beb088f37fae98294940a9dcd","sha1":"1dafc3c55550249c8c2d782d5616c7b445c8e005","sha256":"f2e491cc46d3fcba81f729065d622bd722751d4a2e7f80b479aa64a92c17b5c7","sha512":"64025ea9b660d5e1d45a593a27345e152ba6b5ef95daceee5e43201319a555eb5457cfe1ecdcc725202063a22c5f406f3ba4607863d5b714c378f144bcdea5f7","ssdeep":"384:pjf5jgjPjrjyUj/qY4+j4jYjpjfMj1jWj6jyhj/qY4XjNjtj4jfdjkjDj3jyQj/E:p90DXOU/R08toBy+Oh/EBpcZwPLOQ/VK","tlshash":"e5722291041740009b835ce223cebf35fe1f92117152d0b5abfd9b6badcbc66526939d","first_seen":"2025-06-02T17:27:24.212334Z","last_seen":"2026-01-19T16:22:17.33804Z","times_seen":5482,"resource_available":false,"data":null}},"time_used":366,"timings":{"blocked":157,"dns":0,"connect":30,"send":0,"wait":45,"receive":0,"ssl":131},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/plugins/wp-statistics/assets/js/tracker.js?ver=14.15.2","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/plugins/wp-statistics/assets/js/tracker.js?ver=14.15.2 HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 2658\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 15 Aug 2026 07:55:49 GMT\r\nlast-modified: Sun, 10 Aug 2025 23:08:18 GMT\r\netag: \"22f7-68992662-43ee060832dca42e;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 366241\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kAJJ8hniOQHKDBkcHUCBStue%2FJRMBwFcTKfQQhKPhB9umrZXZeIvQtP5aycKVLgkRLqAzf6pYHIlNK%2FmFiOd4TNIW69ghc0YGUY6P5Q%3D\"}]}\r\ncf-ray: 9717ffdbb9058bde-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":8951,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4474)","md5":"ca2be7699b36cdb54806c8f512492520","sha1":"f054bad5a98ce4d60e9f560c2f93a364efedab93","sha256":"c01fa4f79ce47a5a684b37c31f49b9304499fb1eba255aeb9d03cffb3d7e83ee","sha512":"8a510ae4a71f25b9dc99026fd4b0f883a41821e2774476e8d765eb2cb151d5fcea73168f25cd5ec4170680b3831dd67f21fa0d2245bd2830b8b6872cf3db333c","ssdeep":"192:5nQ998xYO9SkmsKlsLqWOGAOZPSeIWCE+D:5nQ9WxqCLw/WCEq","tlshash":"0c0284467bd25af1ccf23468152a2a3975ab0ed33202e170f828ddd3445c6d6e743b7a","first_seen":"2025-08-11T14:39:25.499896Z","last_seen":"2026-04-10T08:27:32.51968Z","times_seen":1625,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-content/uploads/2025/04/antonia-mackenzie-onlyfans-gratis-2025-4-768x432.webp","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/antonia-mackenzie-onlyfans-gratis-2025-4-768x432.webp HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 32808\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 19 Aug 2026 01:44:37 GMT\r\nlast-modified: Sat, 31 May 2025 23:38:24 GMT\r\netag: \"8028-683b92f0-51174890ef17cce7;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 42914\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LIGEUK%2FtkH3NxLd4lCLo6itxbZO0dku7CAqCt1Sy1%2F1InvfjJ0xcHScOb2ct2iA%2FiCGEA%2BJUplzzOiG0LQOFKxhl%2Fl%2BYqswE%2BlmL9WE%3D\"}]}\r\ncf-ray: 9717ffe16e94f9e2-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":32808,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 768x432, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3c6d3e9f463f8a3fed3a17e27d97ba20","sha1":"08c4bcf318604ae770927f734d7454ba0ea1d5d6","sha256":"a435ae0309d0bcda1c66f3c93833f57349276ee4bb4979f1b0e63e8d073e3af8","sha512":"d60db5ce97201f51efe6a8a32b0aae5139795d53bf97a277361fe97b134a5d367c468825530eef06221cc8b958a8cf22af49c7b857c237b396857ad9e5965730","ssdeep":"768:Y8Gaxl0m/oeeJBsH3vdCIyR6KjSBsVhbu4Qq5Xyj0Uihar:Y8Dlbw3zivlCeBYiY1A0UiG","tlshash":"7fe2e1a0e895325e84e7af5d0c98bd390a94c54fb28ae6df2468a641131cc353c63fed","first_seen":"2025-08-02T11:30:48.554101Z","last_seen":"2025-10-16T23:53:34.452257Z","times_seen":6,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/vpn/classic-push/small/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:53 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84fe-d1b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H%2FgH%2Bq6zyycGJtTdIt0AVHXG6hBri%2BlnaUlMfaLOM%2BEFLXWrc3TW5F2ZxROaREktOlQxdsqqXIz11JAOuhg4UiQTdwaIFfWI9VcdNn3zwK4%3D\"}]}\r\ncf-ray: 9717ffeb1b0b9780-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3355,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"039a6734d79ed9aa51cf81c52479c5fe","sha1":"9cf29c4ea1a3880681d50c7228374f8073b7778b","sha256":"a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1","sha512":"879f067d02f582c2ff8f9c0308cbb44b24964136c4d8074f1a1b200169b520bb49fdd2b290772dfbc3ca432fba2ce9d5b1a398eb14746613cc942dd7567fa1d9","ssdeep":"","tlshash":"3a61ba966b670a04b51ad0ab3f667b4723084007995fed757fc8620ccfc92a8d6d378e","first_seen":"2024-02-12T03:25:01Z","last_seen":"2026-04-10T09:34:35.833065Z","times_seen":2194,"resource_available":false,"data":null}},"time_used":507,"timings":{"blocked":40,"dns":4,"connect":10,"send":0,"wait":424,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js\u0026l=962\u0026fd=216","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js\u0026l=962\u0026fd=216 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:54 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/impr.gif?sid=H4sIAAAAAAAC_1RTy4sc1Re-NZPd7wc-EBeC0IuAz-m59ZjqHrOQxGRkTExiEsnCRbiPqpmbrq5b3lu3azJugkEJCNLudCPVX3dmNI6if4CgPe6Cgu1qwAyIf4IQcCc909B6FufxfafgO6fO_XDgDkkIxw4uv6m3VZax5ZUmbTx_XeVSV7Zx8VrDp016qnFd5XF0qrE1dab3ih9GTfpC4_VEdPRyQH1Kfeo31pRJUr21fMRCFXurfnOVNqOg6a9E2DL_ra1bgGUeZO-QPAklJ4_9mb4DJcbIu9-eTWyn1MXL57ouY6U26Mndt_NOrqsc3XmaGg9pvjvrhrYTQj5dgM53ZxNA90bTCcDVhCw8_RA8353JBO_dO1bKMyQ5uPwfqt4YSTaGYmMIfQdK_koAIXHxEvLuzkVtKnbrmGVTdkJOPPoLqpqQEw-fQt795kymthpXdeZKpXOLrbSG2hpDbYxRuH2U2wtQ1T5E-T6U_IUsP7qAvDu6ZDMNJQ9O8qDN-YofL1Eh46VIynCJBdRf8ts8bqUBo2k7PVqRSsdgdhHOenDKg0s9uMJDVx40ItqOhM_COF2VokUjFkUy4XS1HVDKVkULTky191EWfYisD2E-2HG5sGEw8PfcjSIL4jhshT4d-DuF3Cw7vVFpXDKa9gz8L46hMDgCUZjb6Kg-jPsBdrOGlYuw5YR4b91GT9aoEoLKElSMoFIEVUlQ9ep7MrOBrXdkZh33ZzGYxbAe6nJjwO7pciPJCZjpw8h6pIp37R2IcnG4nVo51FPHeHl_bSmIW62llRv-kHFZD4pD8sT073if__gHOslBI07iKIjbVPIwEdynK5zSgLdagWzFPGBtWFVD2QUw62FbTcj5j39HoSbkuZdugrN92GwfQj0O5p4Fq2qwzRrb-dcFEx2rSmabQnchdY2iPIHyljfIDskzRwdy-u_PkIgHr_4WHhmEqVGYGjfVTwQb2d3hFV2R0RVdWfLdpaJUXbXNpsdztWRlsnj_fHKr0kaun7X9L0-LKTFN964ltrzAcqnyDUu-OqOkTMyaNiIh36_b6wm_7OzmGWdyV1y4_NraercwibVK52MwNSHeez9DqAn5_xvnjh7GyfWPoMwYxtXougdkZhDFbdhirt1qApPNeV54qFw9NAGfg5kiyJJ5zXgN-6-az_OhYdOvmaoH9i42jAdW3kHerdEzNXpZDZb1Yd3isCzMXAbPvCHPjDfimck-OV6xVQeNNEwCQWm7FfthO038MJIiXWlHqzJmNAwTlHayOXpx_Z8AAAD___hLLKf2BAAA","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTy4sc1Re-NZPd7wc-EBeC0IuAz-m59ZjqHrOQxGRkTExiEsnCRbiPqpmbrq5b3lu3azJugkEJCNLudCPVX3dmNI6if4CgPe6Cgu1qwAyIf4IQcCc909B6FufxfafgO6fO_XDgDkkIxw4uv6m3VZax5ZUmbTx_XeVSV7Zx8VrDp016qnFd5XF0qrE1dab3ih9GTfpC4_VEdPRyQH1Kfeo31pRJUr21fMRCFXurfnOVNqOg6a9E2DL_ra1bgGUeZO-QPAklJ4_9mb4DJcbIu9-eTWyn1MXL57ouY6U26Mndt_NOrqsc3XmaGg9pvjvrhrYTQj5dgM53ZxNA90bTCcDVhCw8_RA8353JBO_dO1bKMyQ5uPwfqt4YSTaGYmMIfQdK_koAIXHxEvLuzkVtKnbrmGVTdkJOPPoLqpqQEw-fQt795kymthpXdeZKpXOLrbSG2hpDbYxRuH2U2wtQ1T5E-T6U_IUsP7qAvDu6ZDMNJQ9O8qDN-YofL1Eh46VIynCJBdRf8ts8bqUBo2k7PVqRSsdgdhHOenDKg0s9uMJDVx40ItqOhM_COF2VokUjFkUy4XS1HVDKVkULTky191EWfYisD2E-2HG5sGEw8PfcjSIL4jhshT4d-DuF3Cw7vVFpXDKa9gz8L46hMDgCUZjb6Kg-jPsBdrOGlYuw5YR4b91GT9aoEoLKElSMoFIEVUlQ9ep7MrOBrXdkZh33ZzGYxbAe6nJjwO7pciPJCZjpw8h6pIp37R2IcnG4nVo51FPHeHl_bSmIW62llRv-kHFZD4pD8sT073if__gHOslBI07iKIjbVPIwEdynK5zSgLdagWzFPGBtWFVD2QUw62FbTcj5j39HoSbkuZdugrN92GwfQj0O5p4Fq2qwzRrb-dcFEx2rSmabQnchdY2iPIHyljfIDskzRwdy-u_PkIgHr_4WHhmEqVGYGjfVTwQb2d3hFV2R0RVdWfLdpaJUXbXNpsdztWRlsnj_fHKr0kaun7X9L0-LKTFN964ltrzAcqnyDUu-OqOkTMyaNiIh36_b6wm_7OzmGWdyV1y4_NraercwibVK52MwNSHeez9DqAn5_xvnjh7GyfWPoMwYxtXougdkZhDFbdhirt1qApPNeV54qFw9NAGfg5kiyJJ5zXgN-6-az_OhYdOvmaoH9i42jAdW3kHerdEzNXpZDZb1Yd3isCzMXAbPvCHPjDfimck-OV6xVQeNNEwCQWm7FfthO038MJIiXWlHqzJmNAwTlHayOXpx_Z8AAAD___hLLKf2BAAA HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]; iprc_l+bd8c85ceda51526c29df1c6070b5ce73=3078195; iprc_l:3078195=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:55 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: close\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+e4b5b9f52112f0a72d844984c3940636=4323737; expires=Wed, 20 Aug 2025 07:39:55 GMT; path=/; secure; SameSite=None\niprc_l:4323737=1; expires=Wed, 20 Aug 2025 07:39:55 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 6\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c8ee44b3aa8749a1d01841db4c584492\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:55.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 Aug 2025 10:09:08 GMT\r\nexpires: Fri, 14 Aug 2026 10:09:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 423047\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-10T09:55:48.830468Z","times_seen":727106,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/8b/59/4f/8b594fd93843afec253d5e5f7141da24.js","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:51.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:10:41 GMT","end":"Fri, 26 Sep 2025 22:10:40 GMT"},"fingerprint":{"sha1":"C7:75:50:5C:D3:7C:BF:A1:34:3E:61:33:FC:D6:81:21:2E:31:1D:92","sha256":"CB:A9:18:8B:DD:56:71:B4:C1:61:A7:9F:5C:50:7F:22:BB:83:72:BC:0F:B3:14:19:C4:E9:F9:59:6A:0F:95:EC"}}},"request":{"raw":"GET /8b/59/4f/8b594fd93843afec253d5e5f7141da24.js HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 32366\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: eacbd43cd23847ed53572823012da354\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104633,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4ed5ed1e1568a1f38a5679910a4db267","sha1":"5ed83390038d34495f2ef3b472f5cd534c8bbd07","sha256":"9e89fb3d0404fed9ee8fe311d6140483031919e089672f1494ba9047779747fb","sha512":"f325a3e52f55345c2567e06daa9b46b2b0afab5af34928e4857fd4a2ebe90476f62845678081da3e570e242231ef25e06bf6cecad4400f7b7e391328fb918169","ssdeep":"1536:SO/CsWkSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXz+IPC+:xJhKfEMRbhJIMuV0DSIPT","tlshash":"dba3c6487f50f15c83aaa07b233f910ae02b4d42618d915ce513e5e8bf6eb0bf63e558","first_seen":"2025-08-19T07:40:33.416121Z","last_seen":"2025-08-19T07:40:33.416121Z","times_seen":1,"resource_available":true,"data":null}},"time_used":987,"timings":{"blocked":367,"dns":4,"connect":118,"send":0,"wait":131,"receive":118,"ssl":242},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"packsitas.com/wp-json/wp-statistics/v2/hit","fqdn":"packsitas.com","domain":"packsitas.com","tld":"com"},"ip":{"addr":"104.21.68.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"packsitas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 17 Jul 2025 13:54:00 GMT","end":"Wed, 15 Oct 2025 14:51:44 GMT"},"fingerprint":{"sha1":"7A:DD:6C:89:7C:CA:AE:E7:F2:D3:69:EF:1C:CE:0E:5D:EB:77:49:C4","sha256":"94:E7:76:DA:42:8A:FE:8A:2E:78:38:77:FF:77:38:21:94:7A:5C:8F:00:43:1B:45:3C:EB:1F:AD:2D:C8:43:17"}}},"request":{"raw":"POST /wp-json/wp-statistics/v2/hit HTTP/1.1\r\nHost: packsitas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 159\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/niquidoll/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 Aug 2025 07:39:56 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-length: 19\r\nx-robots-tag: noindex\r\nlink: \u003chttps://packsitas.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nx-content-type-options: nosniff\r\naccess-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link\r\naccess-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type\r\nallow: POST\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE\r\naccess-control-allow-credentials: true\r\nvary: Origin,Accept-Encoding,User-Agent\r\nx-litespeed-cache-control: no-cache\r\ncache-control: no-cache, no-store, must-revalidate, max-age=0\r\ncontent-encoding: br\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IqlI%2BQQOL%2BgV0YXYGas5AuzYDHX6WTSfhFbET6lNZs4yK%2BNoOXpYAmwdTHSPXt8TS9Balj%2B7K92c4I5oYUJdhRD6CKh7HmC3hIiIvho%3D\"}]}\r\ncf-ray: 9717ffe33eebf9e2-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"28ec1eee5f4049e3c4f2135069c1d2c8","sha1":"3505519507ca1c2a089c46e100b80408ca278421","sha256":"edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b","sha512":"f71618e40ebaa14ab6d523a2341258c0da264b545388f8fffd14c31c64b35f94b21eb633316c4d77afcd864aade1db588ef6387ee0c4787e6f7770db0abc1183","ssdeep":"","tlshash":"f06000020000002088800a000220aa302a200a20080a0080000c30200020080800a002","first_seen":"2023-04-06T19:00:00Z","last_seen":"2026-04-10T08:27:32.394436Z","times_seen":9142,"resource_available":true,"data":null}},"time_used":4087,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4086,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/ren.gif?sid=H4sIAAAAAAAC_1RTzYscxRuu3s3t9wM_EA-CMIeAnzvbX9MzYw6SmKysiUlMIjl4CFVd3buV6e5q62N6s16CQQkIMt70Ij3PTHY1rqJ_gKCz3oKC42nBLIh_ghDwJrM7MPoe3o_nqYLnfeutD4f2kASw9ODym3JbZBldbTXdxvPXRcFlpRsXrzU8t-mealwXRRSeamzNnOq_4gVh032h8XoS9-Sq73qu67leY02oJJVbq0csRLnX9Zpdtxn6Ta8VYkv9t9Z2CZo64P1D8iQEnz72Z_oORDxBkX97NtE9I8uXz-U2o0Yq9Pnu20WvkFWBfJGmykFa7M5PQ-opIZ8uQRa78w4g--NZB2BiSpaefghW7M5lgvXvHStlGZICjP8PVX-CJJtA0AlieQeC_0qAmOPiJRT5zkWpKnrrmKUzdkpOPPoLopqSEw-fQpF_cyYTW42rMrNGyEJjK60htiYQGxOUdh9mewmi2kds3ofgv5DVRxdQ5ONLOpMQ_OAk8zuMtbxoxY15tBJyHqxQ3_VWvA6L2qlP3bSTHo1IpBNQvQyrHVjhwKYObOkg5weN0O2EsUeDKO3yuO2GNAx5wtxux3dd2o3bsPFM-wCmHCDOBojVBzsl3zS9_tgom4xtEeuh98UxFPhH4M4MDPyht2dvlJkfRUE78Nyhh1LdRk8MoOwP0Js1NF-GNlPivHUbfV6jSggqTVBRgkoQVIag6tf3eKZ9Xe_wTFvmzaM_j0E9kmZjSO9Js5EUBFQNoHg9FuW7-g5iszzaTjUfyZmjzNxfW_GjdnuldcMbUcbrYXlInpi9jvP5j3-glxw0oiQK_ajjchYkMfPcFnNdn7XbPm9HzKcdaFFD6CVQ7WBbTMn5j39HKabkuZdugtF96GwfsXgc1D4LWtWgmzW2i69LGve0MFQ3Y5mDyxqlOQFzyxlmh-SZowU5_fdnSOIHr_4WHBliVaNUNW6Knwg2srujK7Ii4yuy0uS7S6URudims-W5aqhJlu-fT25VUvH1s3rw5el4RszSvWuJNhdowUWxoclXZwTniVqTKk7I9-v6esIuW715xqrClhcuv7a2npcq0VrIYgIqpsR572fEYkr-_8a5o49xcv0jCDWBsjVy-4DMDXF5G7pcaNeSQGULnpUOKluPlM8WYCYIsmRRU1ZD_6tmi3yk6Ow2FfVQ38WGckDNHRR5jb6q0c9q0GwAbZdHplQLGSxzRixTzphlKvvkeMRaHDRaPguiTidK0oinAQ_8gHdbbtINaTcKu2ELRk83xy-u_xMAAP__UkZy-_YEAAA=","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:53.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTzYscxRuu3s3t9wM_EA-CMIeAnzvbX9MzYw6SmKysiUlMIjl4CFVd3buV6e5q62N6s16CQQkIMt70Ij3PTHY1rqJ_gKCz3oKC42nBLIh_ghDwJrM7MPoe3o_nqYLnfeutD4f2kASw9ODym3JbZBldbTXdxvPXRcFlpRsXrzU8t-mealwXRRSeamzNnOq_4gVh032h8XoS9-Sq73qu67leY02oJJVbq0csRLnX9Zpdtxn6Ta8VYkv9t9Z2CZo64P1D8iQEnz72Z_oORDxBkX97NtE9I8uXz-U2o0Yq9Pnu20WvkFWBfJGmykFa7M5PQ-opIZ8uQRa78w4g--NZB2BiSpaefghW7M5lgvXvHStlGZICjP8PVX-CJJtA0AlieQeC_0qAmOPiJRT5zkWpKnrrmKUzdkpOPPoLopqSEw-fQpF_cyYTW42rMrNGyEJjK60htiYQGxOUdh9mewmi2kds3ofgv5DVRxdQ5ONLOpMQ_OAk8zuMtbxoxY15tBJyHqxQ3_VWvA6L2qlP3bSTHo1IpBNQvQyrHVjhwKYObOkg5weN0O2EsUeDKO3yuO2GNAx5wtxux3dd2o3bsPFM-wCmHCDOBojVBzsl3zS9_tgom4xtEeuh98UxFPhH4M4MDPyht2dvlJkfRUE78Nyhh1LdRk8MoOwP0Js1NF-GNlPivHUbfV6jSggqTVBRgkoQVIag6tf3eKZ9Xe_wTFvmzaM_j0E9kmZjSO9Js5EUBFQNoHg9FuW7-g5iszzaTjUfyZmjzNxfW_GjdnuldcMbUcbrYXlInpi9jvP5j3-glxw0oiQK_ajjchYkMfPcFnNdn7XbPm9HzKcdaFFD6CVQ7WBbTMn5j39HKabkuZdugtF96GwfsXgc1D4LWtWgmzW2i69LGve0MFQ3Y5mDyxqlOQFzyxlmh-SZowU5_fdnSOIHr_4WHBliVaNUNW6Knwg2srujK7Ii4yuy0uS7S6URudims-W5aqhJlu-fT25VUvH1s3rw5el4RszSvWuJNhdowUWxoclXZwTniVqTKk7I9-v6esIuW715xqrClhcuv7a2npcq0VrIYgIqpsR572fEYkr-_8a5o49xcv0jCDWBsjVy-4DMDXF5G7pcaNeSQGULnpUOKluPlM8WYCYIsmRRU1ZD_6tmi3yk6Ow2FfVQ38WGckDNHRR5jb6q0c9q0GwAbZdHplQLGSxzRixTzphlKvvkeMRaHDRaPguiTidK0oinAQ_8gHdbbtINaTcKu2ELRk83xy-u_xMAAP__UkZy-_YEAAA= HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 6\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e498b9f4ec42e0733ee447ce2974beda\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbs?c=1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:54.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; uid_id2=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f:3:1; pdhtkv=true; uncs=2; pdhtkv32=true; uncs32=1; u_pl26637310=1; pdhtkv29=true; uncs29=1; u_pl27181531=1; slecac744539d885732140d6b141d5a36226=[3078195]; u_pl27181537=1; slec6e642680db3ecb105b002b772d76b2a8=[4323737]; iprc_l+bd8c85ceda51526c29df1c6070b5ce73=3078195; iprc_l:3078195=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:55 GMT\r\nContent-Length: 0\r\nConnection: close\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/watch.998052445414.js?key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /watch.998052445414.js?key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://packsitas.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://packsitas.com\r\naccess-control-allow-credentials: true\r\nlocation: https://torchfriendlypay.com/watch.998052445414.js?dev=e\u0026key=43fb6dba152dc7d216fc2c00b1313dbb\u0026kw=%5B%22niquidoll%22%2C%22onlyfans%22%2C%22pack%22%2C%22packsitas%22%5D\u0026pst=1755589252\u0026rb=\u0026refer=https%3A%2F%2Fpacksitas.com%2Fniquidoll%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=4a4f99e557a2a307ae744472a13bb5626c3a909106822dfe06b137a6ec8f690a1716c07d604db91b01cb0b917d777ca12ba061b520a2ee9e74e76dabb1015d5ee25fac4cd27c651bec82af7e6e61f6e9ddfa8359be2474ed416a25\u0026tz=0\u0026uuid=b28bb516-0cd6-4dd3-a201-18b67f2a0f8f%3A3%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNjYzNzMxMCwiayI6IjQzZmI2ZGJhMTUyZGM3ZDIxNmZjMmMwMGIxMzEzZGJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTUxNzcyLCJwaWQiOjI1NjcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InNzaWtpaDlzZzkiLCJjcGtzIjp7IjI4IjoiOGI1OTRmZDkzODQzYWZlYzI1M2Q1ZTVmNzE0MWRhMjQiLCIyOSI6ImFjNzQ0NTM5ZDg4NTczMjE0MGQ2YjE0MWQ1YTM2MjI2In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYWNrc2l0YXMuY29tL25pcXVpZG9sbC8iLCJhciI6W119fQ.M_0BR4RoGf-N52Z22Miv09VWjYzdx53u_7eAqULXyWQ; expires=Tue, 19 Aug 2025 07:40:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 82dc94aeab9973f8aef0363606aa0e37\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4919,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T09:55:52.302984Z","times_seen":13573949,"resource_available":true,"data":null}},"time_used":725,"timings":{"blocked":309,"dns":1,"connect":101,"send":0,"wait":106,"receive":0,"ssl":206},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/8b/59/4f/8b594fd93843afec253d5e5f7141da24.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://packsitas.com/niquidoll/","date":"2025-08-19T07:39:52.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Jun 2025 22:31:57 GMT","end":"Fri, 26 Sep 2025 22:31:56 GMT"},"fingerprint":{"sha1":"C1:1A:8F:9D:C9:3D:22:4D:0E:AA:D9:B9:1C:98:E3:DC:41:83:82:4F","sha256":"B2:2E:9D:A4:0D:D7:A4:C2:A4:C1:7F:A9:E3:2A:AF:DE:7B:7F:BF:6A:1D:DC:6A:9C:AB:BF:98:D7:C2:A6:40:2E"}}},"request":{"raw":"GET /8b/59/4f/8b594fd93843afec253d5e5f7141da24.js HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://packsitas.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 19 Aug 2025 07:39:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 32387\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 11\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: dbb4adba90dc9325d39e50ffd5a4824a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":104629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"34d1c69133b88b45db2ce1d6669be43d","sha1":"dbe0e8ad593ec79600fb9242ec2efb64f00c7eda","sha256":"8bf4ffb0d3b5d23947baa444ff689a41858019dda623aa635fc2918186dfe1cd","sha512":"1c9ffd8f0c0dff7a3f278db0af1ede1d79064a37109c58a31c6ba7c238acc8f33607cdafce51ed0c5ba473c56912e80010c91d83849b25a52308c20b3798c281","ssdeep":"1536:SO/ysWbSTyJhKkoQhkmyC0E98k0RYqnhNzc/7ksqWPbIKau3l0gaTXz+IPC+:+JhKfEMRbhJIMuV0DSIPT","tlshash":"b7a3c6487f50f15c83aaa17b233f910ae02b4d42618d915ce513e5e8bf6eb0bf63e558","first_seen":"2025-08-19T07:40:33.413663Z","last_seen":"2025-08-19T07:40:33.413663Z","times_seen":1,"resource_available":true,"data":null}},"time_used":844,"timings":{"blocked":312,"dns":1,"connect":104,"send":0,"wait":115,"receive":103,"ssl":207},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-19","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}