{"report_id":"2fa7dd7a-bca8-4a07-b4ab-a85a9db391c0","version":6,"status":"done","tags":[],"date":"2026-05-31T23:39:54Z","url":{"schema":"https","addr":"evnt-virl.live/","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"104.21.37.225","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"evnt-virl.live/","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"title":"VIRL | Airdrop","dom":{"size":11305,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5789)","md5":"303e0ecdfe85ea3a0e7bd81f94648c12","sha1":"86072236718a17e5c8eb0a89af29b7e2a7dbc6d9","sha256":"f24e37921c5414f78eb42577de2c5af5159288df93685b6e629e04a65d81ac27","sha512":"960b7fa5ab32969440b6779ddd996b7896ab1cd646d2cda2d4167384442c59e843e69450e06b3f0f3466fde461546abe330406d7abcf667b5583a30a18025dd5","ssdeep":"192:Vuf5+onOJpcjNM1h9cl40KAAqRZ6AHi7D4+P20Pge2LQ40pAAqRZ6rafquFWKn5n:VCM1br0DRZ6AHkD4+P2Qge2v0sRZ6ra1","tlshash":"583296e285d4102a511b99cf5f296b6c31bb30bfe5ba054277fc8785cf9ad81fe0a844","dom_hash":"domhash77c601464a5c2194daa392b7915c5210","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"evnt-virl.live/","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"104.21.37.225","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-05T23:39:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"evnt-virl.live","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-05-31T23:39:55.796546Z","last_seen":"2026-05-31T23:39:55.796546Z","alert_count":36,"request_count":18,"received_data":1567944,"sent_data":8502,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"evnt-virl.live/","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b86919986b86f8b9313e8ca1af7fa97e","sha1":"3ee20e7e20f98ff1190d55ddf102b033e51e3870","sha256":"dde5c5767a43a825b57e8e9655720cb1a9fd669924a29effa4e759ce58311228","sha512":"02d4108becedd5a60eca04b2d70378b86cbb9925e0710f44b192611699f51c80b7cb4f861561235794a19f181f5f8a9e704b5eb37380ddaf6db74618729ab174","ssdeep":"","tlshash":"cac022b489a04ea0036800aa61388aa870a4941e4216a18f83bc8889a0ccec24a8c922","size":186,"data":"","first_seen":"2026-05-31T23:40:00.212407Z","last_seen":"2026-05-31T23:42:12.02655Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/jquery-3.6.0.min.js","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-07T05:02:21.958111Z","times_seen":478881,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"00a70e105ea43f5ec8dc1de5877dcc6c","sha1":"86c249f78da7d1bfbbe379706a62b8a1fbfbfb39","sha256":"c5e12b18d0fc1dc6db40e5765ce564a72c8a70e676679793bfaa3aeab7d2b459","sha512":"dc36541526b91e020d2a01fb120c7451643ae5dc887b8991c6ccc0ec3fc4a7ccfa869ce50821fe08c5ed7953dea7a3459ae3ad9b303f6b75ee0425bff67a0c30","ssdeep":"","tlshash":"6bc08c4aa0a39130023bb12c0b0b89013460200f414ccd28ba8d0ec35fa48088aa4206","size":156,"data":"","first_seen":"2026-05-31T23:40:00.21471Z","last_seen":"2026-05-31T23:42:12.027408Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/secureproxy?s=%2Fipfs%2FNhvNOwo21LUwfKqjqnXBSAdcc76f0303761d0a70808801f6956158%3Ft%3D1780270770196","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d558479dbe9046c949a78f3cbe2a41b2","sha1":"0bb7afa37b1612fad7348014cfeb00198e65ce73","sha256":"1b3d8241516482aba6cb4cd3f2961330bc1a7c213c3443723bb557a5b7d28ac7","sha512":"60d31a7e5e628c20861b29e8bd06b88f7cd615117f1a30cc140b5db3e93fd5fff99598239802b091ac01047861ded0046905ff497c38baacdf3d35ccdf6a27d4","ssdeep":"6144:Ih5gDTQekdB8HE+JPY/kdYss77e08Nr0e1W8Ydt1JCDNWA9EVJi:osTjmBYE+VY/4EmbrVY707","tlshash":"e1d4a8e097095ebb8480eab72423432fff9c4d8db94b2a5652f998bd724470f12dc15e","size":621031,"data":"","first_seen":"2026-05-31T23:40:00.208543Z","last_seen":"2026-05-31T23:40:00.208543Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"evnt-virl.live/lf08q.css","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /lf08q.css HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: W/\"6a172c5f-3958\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tBUzgCpslgT%2BrJpgR3yqEGOpMdM9IzQNhwLTpAuuWQyAV5HUcRpvEntPSAM1oGFV9V1whvqcolRvLDuuANM4%2BtQDsbEZqSh4Vhlt5C%2FM%2BE6VOeSWCtLTRLNDJG7jZeZEKw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d1788e1b1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14680,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"436cfa7774b4af72eeadbb345323167f","sha1":"94336b713134ee92b3526a512e878c1cb1c7c39c","sha256":"695acba564a615538fd3eb6d892b12eb647ba31fa20a7e04d4cd71ddba7f0a65","sha512":"a929372bc49cf65924e72437f9ade0d4013ff0fb1fef52c674f5df596ddb26d1918c39609a11f2941bab8ebbd4b91794807520f48fe1fded1d4cd3770d42a7e0","ssdeep":"96:M/K1AasR5u7Of1yx6O+hbxek1JUrp112OMB5JN0nKbSX12baayXxFP4NH:MvasR5uP60Fp112V5FyHP45","tlshash":"e062ff179b405546b31fa0946fe447caa73e64229e8e4defa047346c52ca1e522f2fcf","first_seen":"2026-05-31T23:40:00.19349Z","last_seen":"2026-05-31T23:42:12.017666Z","times_seen":2,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/xn7gYHE41ni1AdIRggexSg.woff2","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 24836\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: \"6a172c5f-6104\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=meXqudGHvV6rcb1aF2Y7Ckm5h1dtVxlZQ36MyGA19Fx2l4Ym%2BChDMhJoX4tbVRsH%2BGI1BZHR1dwlm9Jcl8G8Os3ecz419ixW0bgQ1UhGxkp9TZSFaRPQeiLGqvwzZXDJEg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d179f8541525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24836, version 1.0","md5":"938c6e8019b69313372c47dbb7a7c930","sha1":"b42951014c5eca12749d87a4706caf22dc4fe081","sha256":"a30ddcd349703aff7464c34bef3fffdff405ee50c113440d7c8693c02d210972","sha512":"5537c005cd8f321f26fe67f6292b3ec14e88ff4b2365311628dbbe4753e01e568f6881b9f2e7d71e8e6b2c261ed25f372829dd28f89f865ce574b4e1fec29614","ssdeep":"768:3KQaj5c95F1QmIwa55Go1COpZLpkkM46CU+YIC:ahj5cXow65xCM5pkkM468YB","tlshash":"a2b2f105ee49b3d4b276f1fcfa802884179282f27dabda8f3f2015981dd8e5b8d45320","first_seen":"2025-06-02T20:09:41.98255Z","last_seen":"2026-06-07T05:08:50.385686Z","times_seen":26843,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/xn7gYHE41ni1AdIRggexSg.woff2","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 24836\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: \"6a172c5f-6104\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Gji3380BmEYYPxkRHojEK6ibVDpYZ%2BT%2BpQ8QtFlF%2B8yCK2b%2FeaFnAzoGFUi8ArXl5iFursRzDdQdkVSpD%2BODiN6CsMjfFzmFxKOIfLb%2B8IEUCr6UcTcsQiu09Y5akexY7w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d17a087c1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24836, version 1.0","md5":"938c6e8019b69313372c47dbb7a7c930","sha1":"b42951014c5eca12749d87a4706caf22dc4fe081","sha256":"a30ddcd349703aff7464c34bef3fffdff405ee50c113440d7c8693c02d210972","sha512":"5537c005cd8f321f26fe67f6292b3ec14e88ff4b2365311628dbbe4753e01e568f6881b9f2e7d71e8e6b2c261ed25f372829dd28f89f865ce574b4e1fec29614","ssdeep":"768:3KQaj5c95F1QmIwa55Go1COpZLpkkM46CU+YIC:ahj5cXow65xCM5pkkM468YB","tlshash":"a2b2f105ee49b3d4b276f1fcfa802884179282f27dabda8f3f2015981dd8e5b8d45320","first_seen":"2025-06-02T20:09:41.98255Z","last_seen":"2026-06-07T05:08:50.385686Z","times_seen":26843,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":169,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/QmbvJiZo6k7HHsNihQ66h8hqio7zPwYPSDu2J7PjxBJCKc.png","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /QmbvJiZo6k7HHsNihQ66h8hqio7zPwYPSDu2J7PjxBJCKc.png HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: image/png\r\ncontent-length: 99425\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: \"6a172c5f-18461\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h3ivuTEGPYW15wUrUNzC1N0iUb0zsiq6pEfh1fC0djAlGj%2FdFHUhC1qsR3L9T4lQFGvmXmzYB5SBaIFlhhkIKdQa7a73wiHB9Z02I7%2By4CdO%2FeCq4fz3DVPUA8C94M0HFw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d17c2b9a1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":99425,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 800 x 800, 8-bit/color RGBA, non-interlaced","md5":"ec4ebf5c4ee402bcb468c748423ecd53","sha1":"c26f27580f356be8479c7044b107c6ca86f2e215","sha256":"fbbdfe1606f8e1c571dbe541126bee870ec725b1a1395c903e2caf96d761766e","sha512":"1c088e46b9a118ea7e229035eee9db917362bd5ef5d06ccf8e48ed2450e7f9f2f7925ca4a080721e23229007903499e3af9b570b9df710eed30e2471cb27b61b","ssdeep":"3072:K0+0GqPj9MhmZKYJervyyPS5dQEjwol5UT7Zd:i0r79MhEJervy+S5dQEjwG2TP","tlshash":"1ba3f1ca205881b783586321129c99b047778f3a25966b3fb773f83a251e1e1f3d716e","first_seen":"2026-05-23T13:13:11.97162Z","last_seen":"2026-05-31T23:42:12.021657Z","times_seen":4,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":7,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/bg.webp","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /bg.webp HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/lf08q.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: image/webp\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: W/\"6a172c5f-281f4\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nfiwrIn1%2B1H%2BWE1WQwSYuPIiQ9yVbnW3uzmFRTL2xAl%2BTWLNICW07aOBsbRJbISXni1Llq2puadr7ssWymfeEXbBIBW9ke%2BFglVh789syMb9vnDQHDPrT1lKXwGjgjGQ7A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d179c80e1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":164340,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1081, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3011d862842e46c5cabe32a01dffb2e3","sha1":"ba30424a5a287bde9b2b6e6e6f5e394a458502b6","sha256":"72f2a89af4ff32b53bad52ae6dd547e902cd5c41de8e6a7052346fd991d34ae6","sha512":"1444d5688995a85fb2d4117c39a60aadde0d83e2c6fd452069474eadc9f53df7340e7d63cd2717ed5fce3e98cd914bc6b29493be085fa99b369971d770d08d23","ssdeep":"3072:lZawzZ5wBgL6QhdVcIQRp012K369mHiSNr1YrmSG9iNovsDxGKR5q2IKd3s:lwo2+d7f3gmt1aWvWGKRfIKd3s","tlshash":"c1f323286d87523699c8e35e5420a3b9736310b867f49e2ad309631cdc3b6f3d21ddd8","first_seen":"2026-05-22T06:38:10.888119Z","last_seen":"2026-05-31T23:42:12.020274Z","times_seen":22,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":190,"receive":89,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/xn7gYHE41ni1AdIRggexSg.woff2","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 24836\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: \"6a172c5f-6104\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IJtp%2FeVxCDmAWsDt2n9O4U2b1A3sGe1qaANkoJkx6jjdGjCy9Eb6xdevfnsA%2Bi%2FcMkusO%2F1%2BUvTKPWqEL7%2BfOyCjeyOQmZpoMqguj%2Bb5qyQHySSnug4kokcMWn%2Buw9KRKQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d17a18911525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24836, version 1.0","md5":"938c6e8019b69313372c47dbb7a7c930","sha1":"b42951014c5eca12749d87a4706caf22dc4fe081","sha256":"a30ddcd349703aff7464c34bef3fffdff405ee50c113440d7c8693c02d210972","sha512":"5537c005cd8f321f26fe67f6292b3ec14e88ff4b2365311628dbbe4753e01e568f6881b9f2e7d71e8e6b2c261ed25f372829dd28f89f865ce574b4e1fec29614","ssdeep":"768:3KQaj5c95F1QmIwa55Go1COpZLpkkM46CU+YIC:ahj5cXow65xCM5pkkM468YB","tlshash":"a2b2f105ee49b3d4b276f1fcfa802884179282f27dabda8f3f2015981dd8e5b8d45320","first_seen":"2025-06-02T20:09:41.98255Z","last_seen":"2026-06-07T05:08:50.385686Z","times_seen":26843,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/xn7gYHE41ni1AdIRggOxSuXd.woff2","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /xn7gYHE41ni1AdIRggOxSuXd.woff2 HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 14500\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: \"6a172c5f-38a4\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HjK%2FSBbetKSQlgVoT%2FmvnF5GRbq3Ci5%2Bxxm8ErdYJPF50qdjOr%2Bes7qIkgqca1Py2S6Ou2jJDkB1UC3r0ibDPKCFT%2BohJff6UfguUKdYfqA03EnEZlikBES9qxYO0h1s4Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d17a189f1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14500, version 1.0","md5":"e58febde317b69ceb51690ea201850c9","sha1":"d8fc94bf7a39043a7759bd564a7e16b3ea080736","sha256":"c268b459a9329e59fecf39a17618efd44c71735532048d60b12aab76a8c14914","sha512":"af17f0a6913d974bd7d38a060549dacd158c667abb08f830d44d302c1a1cb4f8106eeeb772d2b4066be2c5a1e763d26042c707343770f5e84b0f5165cab9d96b","ssdeep":"384:4VvSHMmDtGjtHrBRvGjLWPSNRXZpyJ+kC18bZ:4VvSsmDt6LBROj1RXZ4J+318bZ","tlshash":"8a52b05ef04e86f0b51f2a7ece5c6a1153725e56134f2e50e967b0c8c75e82a1e27142","first_seen":"2025-06-05T11:45:07.756161Z","last_seen":"2026-06-07T02:42:38.161924Z","times_seen":2760,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-31T23:39:29.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 May 2026 23:39:29 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S5hEKp78zg1ifzTHCS8dG%2B9lqdvZo4sB01LLVYdAAcGykJ6our7OfC5mSDFbElYaksQgD6guBhB0DBgSoe9sPaGki4SOlSbU0J5YO%2BUEa323J3I3eq3UZ%2BQS190ioXaRcQ%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: a049d1769fec4e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":11062,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5789)","md5":"e2a1412d99eb84a687f4d2c561ba3098","sha1":"86938f0de8aa7ee7786b15950b295baf8cfea414","sha256":"49c54245d215bfaf2bd553727cbc7cf0f5ea752f0e0e2315a1b3fe8d312a9935","sha512":"503f9004324440cfe2c03217142b2fc9c4a08da28c931e4b483b4bc0fdab83a4cb606460b595829aaedb408eb4a44944dbf86493c48733a31ecb10facd462e36","ssdeep":"192:XUf5+onOJpcjNU9cl40KAAqRZ6AHi7D4+P20Pge2LQ40pAAqRZ6rafquFWKn5n:XAcr0DRZ6AHkD4+P2Qge2v0sRZ6rayuN","tlshash":"323284e28194102a511b99cb5f256b6c32bb30bfe5ba154177fc8785cf9ad81fe0a844","first_seen":"2026-05-31T23:40:00.202392Z","last_seen":"2026-05-31T23:42:12.02356Z","times_seen":2,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":41,"dns":28,"connect":2,"send":0,"wait":168,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/wallet.webp","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /wallet.webp HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: image/webp\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: W/\"6a172c5f-45640\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0AEjWh21%2Bh6qHJSMB2yIQZhtsooyYFjViMUxrWp%2FI%2FqWDV3WBhmxjpxOAhTCPFxP%2FophdQSbANgZUfKDR%2F1IlH6fOIlivThXvoIpXATDspSqXXRNh%2FYUIcCeuFDJP%2FHMSg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d1788e1e1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":284224,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a1cec4d43a52771b0bf05d21349a0b66","sha1":"2e879b25a8a9f1717b004d924218fdcf5cef65c4","sha256":"ef95c310302992f185b8cb7fdc75a06f9e70afe68cadd1514f7b9e3665d6fa45","sha512":"c6e4efc504704bcb1a4a2f3492a894082082fadcec583008b54a9d6eb0faa58791fc8f6412dbb022ff9ca0970d93e4f3a56f8a2ef841596763f87f489556a28e","ssdeep":"6144:ij72Hs6uLTK+ZLUfmxoMGEgxt3z+oTAcJCrHgSyYHOH3:ap6WZhUe6MszbEVrASyYHE","tlshash":"125423cea2a739ec5c21a86d335f7d694478064114bf2b86c49c535fea2b6533ecc86c","first_seen":"2026-05-22T06:38:10.893132Z","last_seen":"2026-05-31T23:42:12.025931Z","times_seen":20,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":101,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/jquery-3.6.0.min.js","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /jquery-3.6.0.min.js HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: W/\"6a172c5f-15d9d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aIikjMMPlNtjXV8vvREcFWEe7GzpY2AhiErv8Tr25C8TlCzqbZs%2FCbDT9uwylSVF6%2BDw6gClx7XaN%2BqLlqVw6VeFWQIip3Zyyx8gtf7RJxqgrHt4CN1N1NbdM0Wy0k6mnw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d1789e221525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-07T05:02:21.958111Z","times_seen":478881,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/css2.css","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: W/\"6a172c5f-22d8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IXxJP%2F103%2FjO805u0U78hlARWO80OaP%2BIN9CK7h9HcKQOiGCub7ose0Xmln75WgTfCD4nwOnuQ%2F2oykxysEGtoMu%2F%2BR1FiXzbyDLvlDaB6mxeeRCFWcMAwmm5WmXhX9Opg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d1788e1a1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8920,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"9aed1b1208efc83b1164b9e89b31970d","sha1":"74779ad610a1cf967a8dc89d2016b34ba0e6cf36","sha256":"23287b79461e6a77efeb9828b63c97ef84bdb270aa599157356ee04ee42c11f3","sha512":"1d0bc2874d58cd564f9c86b4f8b83817a8c612a620b1f4be62b20aeb81b800a5c2da6e0b41974c3e82e70dae43a1f69db6cc80c3f2b619d11696619603de4d27","ssdeep":"192:4loLd3dx4yAlxWd38o4frl+Jd3nz40il3Ed3uK45llMvd3ht4G0:CSYMIewMoie","tlshash":"5602bb50002ba804a7831cd6bbce3e364d4db285a085d9756ffe149cbe9bd723270b5e","first_seen":"2025-08-27T17:25:21.854083Z","last_seen":"2026-06-01T14:54:08.406362Z","times_seen":77,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":169,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/QmbvJiZo6k7HHsNihQ66h8hqio7zPwYPSDu2J7PjxBJCKc.png","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /QmbvJiZo6k7HHsNihQ66h8hqio7zPwYPSDu2J7PjxBJCKc.png HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: image/png\r\ncontent-length: 99425\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: \"6a172c5f-18461\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CFB1OXkflUV9OW2siPpO6nXyNHiD21DRfl2h7EJoiAqRFHFjhThV663F%2FA%2BmQ9kV%2BqGIrSUYn0ewMdeQ9RRktA5l5GWl3dlaaN72kzfgphbT3u7b22sGHf%2BkVn0pMxiLCw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d1788e1d1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":99425,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 800 x 800, 8-bit/color RGBA, non-interlaced","md5":"ec4ebf5c4ee402bcb468c748423ecd53","sha1":"c26f27580f356be8479c7044b107c6ca86f2e215","sha256":"fbbdfe1606f8e1c571dbe541126bee870ec725b1a1395c903e2caf96d761766e","sha512":"1c088e46b9a118ea7e229035eee9db917362bd5ef5d06ccf8e48ed2450e7f9f2f7925ca4a080721e23229007903499e3af9b570b9df710eed30e2471cb27b61b","ssdeep":"3072:K0+0GqPj9MhmZKYJervyyPS5dQEjwol5UT7Zd:i0r79MhEJervy+S5dQEjwG2TP","tlshash":"1ba3f1ca205881b783586321129c99b047778f3a25966b3fb773f83a251e1e1f3d716e","first_seen":"2026-05-23T13:13:11.97162Z","last_seen":"2026-05-31T23:42:12.021657Z","times_seen":4,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":71,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/secureproxy?s=%2Fipfs%2FNhvNOwo21LUwfKqjqnXBSAdcc76f0303761d0a70808801f6956158%3Ft%3D1780270770196","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /secureproxy?s=%2Fipfs%2FNhvNOwo21LUwfKqjqnXBSAdcc76f0303761d0a70808801f6956158%3Ft%3D1780270770196 HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: cloudflare\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: max-age=2592000\r\netag: W/\"979e7-C7evo3sWEvrXNIAUz+sAGY5lznM\"\r\nexpires: 0\r\npragma: no-cache\r\ncontent-disposition: attachment; filename=51E-AiNljVpIHvFA-lMx9w.js\r\ncdn-proxyver: 1.55\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 05/31/2026 23:39:30\r\ncdn-edgestorageid: 879\r\ncdn-requestid: c5b69ec674dad29e7ae9cdc384249282\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sSDRKZxqBfLzbd1xu6gLTom3IZX%2F8Uu8Ls3IK6ZXpJ9DrbtEPdO7cWSmTbAH%2FMIu6ltORelDQFtnIpvs0fp%2Fa4Ken5NCHyREnYeeR8wCaQdUR1ehUrVDj9HnJnlsIF2f3w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d179c8051525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":621031,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (38683)","md5":"d558479dbe9046c949a78f3cbe2a41b2","sha1":"0bb7afa37b1612fad7348014cfeb00198e65ce73","sha256":"1b3d8241516482aba6cb4cd3f2961330bc1a7c213c3443723bb557a5b7d28ac7","sha512":"60d31a7e5e628c20861b29e8bd06b88f7cd615117f1a30cc140b5db3e93fd5fff99598239802b091ac01047861ded0046905ff497c38baacdf3d35ccdf6a27d4","ssdeep":"6144:Ih5gDTQekdB8HE+JPY/kdYss77e08Nr0e1W8Ydt1JCDNWA9EVJi:osTjmBYE+VY/4EmbrVY707","tlshash":"e1d4a8e097095ebb8480eab72423432fff9c4d8db94b2a5652f998bd724470f12dc15e","first_seen":"2026-05-31T23:40:00.208543Z","last_seen":"2026-05-31T23:40:00.208543Z","times_seen":1,"resource_available":true,"data":null}},"time_used":826,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":746,"receive":80,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/xn7gYHE41ni1AdIRggexSg.woff2","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 24836\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: \"6a172c5f-6104\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hnDPuGqj%2FlntRRAG6fPobkpA8w03GprY%2BnaUCMkJVEUG8kem3iB8oPiBEW0WLBwXc01KmugByOP2qJ0lrDtTj1NY5DMBv4f5GPKJa9P2b9eRmGuHvdOEDvH2zHKUHmIqng%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d17a189b1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24836, version 1.0","md5":"938c6e8019b69313372c47dbb7a7c930","sha1":"b42951014c5eca12749d87a4706caf22dc4fe081","sha256":"a30ddcd349703aff7464c34bef3fffdff405ee50c113440d7c8693c02d210972","sha512":"5537c005cd8f321f26fe67f6292b3ec14e88ff4b2365311628dbbe4753e01e568f6881b9f2e7d71e8e6b2c261ed25f372829dd28f89f865ce574b4e1fec29614","ssdeep":"768:3KQaj5c95F1QmIwa55Go1COpZLpkkM46CU+YIC:ahj5cXow65xCM5pkkM468YB","tlshash":"a2b2f105ee49b3d4b276f1fcfa802884179282f27dabda8f3f2015981dd8e5b8d45320","first_seen":"2025-06-02T20:09:41.98255Z","last_seen":"2026-06-07T05:08:50.385686Z","times_seen":26843,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/xn7gYHE41ni1AdIRggOxSuXd.woff2","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /xn7gYHE41ni1AdIRggOxSuXd.woff2 HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 14500\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: \"6a172c5f-38a4\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CC3ZFtrlIH0lDb3gCT3UYlXVbMa3Ppu0YEW%2B7jvL5IFDbYc8E%2FBOUG8D3EQW0O4MTBfSSdLMnX3h5Sk313P39kBpAdSN6hsPLzh9Sly1D1eEBcYNjXl8dHSbEyjM%2FHT3yw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d17a18a31525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14500, version 1.0","md5":"e58febde317b69ceb51690ea201850c9","sha1":"d8fc94bf7a39043a7759bd564a7e16b3ea080736","sha256":"c268b459a9329e59fecf39a17618efd44c71735532048d60b12aab76a8c14914","sha512":"af17f0a6913d974bd7d38a060549dacd158c667abb08f830d44d302c1a1cb4f8106eeeb772d2b4066be2c5a1e763d26042c707343770f5e84b0f5165cab9d96b","ssdeep":"384:4VvSHMmDtGjtHrBRvGjLWPSNRXZpyJ+kC18bZ:4VvSsmDt6LBROj1RXZ4J+318bZ","tlshash":"8a52b05ef04e86f0b51f2a7ece5c6a1153725e56134f2e50e967b0c8c75e82a1e27142","first_seen":"2025-06-05T11:45:07.756161Z","last_seen":"2026-06-07T02:42:38.161924Z","times_seen":2760,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/xn7gYHE41ni1AdIRggOxSuXd.woff2","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /xn7gYHE41ni1AdIRggOxSuXd.woff2 HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 14500\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: \"6a172c5f-38a4\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t4nxwD8lgsWc29hSebV7bC41VLmDZQy2ZG7iwlZYKYBYjaagCAnNCTVTg9YvZYyLQKd3UMAJ2HGdEAqfRUEVE0xThiRbvOA0Cf2W3j%2BpHG657BDkw1Je6uyp%2BDopDDUk%2Bg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d17a28c21525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14500, version 1.0","md5":"e58febde317b69ceb51690ea201850c9","sha1":"d8fc94bf7a39043a7759bd564a7e16b3ea080736","sha256":"c268b459a9329e59fecf39a17618efd44c71735532048d60b12aab76a8c14914","sha512":"af17f0a6913d974bd7d38a060549dacd158c667abb08f830d44d302c1a1cb4f8106eeeb772d2b4066be2c5a1e763d26042c707343770f5e84b0f5165cab9d96b","ssdeep":"384:4VvSHMmDtGjtHrBRvGjLWPSNRXZpyJ+kC18bZ:4VvSsmDt6LBROj1RXZ4J+318bZ","tlshash":"8a52b05ef04e86f0b51f2a7ece5c6a1153725e56134f2e50e967b0c8c75e82a1e27142","first_seen":"2025-06-05T11:45:07.756161Z","last_seen":"2026-06-07T02:42:38.161924Z","times_seen":2760,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/xn7gYHE41ni1AdIRggOxSuXd.woff2","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:30.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"GET /xn7gYHE41ni1AdIRggOxSuXd.woff2 HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://evnt-virl.live/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 May 2026 23:39:30 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 14500\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 27 May 2026 17:39:43 GMT\r\netag: \"6a172c5f-38a4\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gkbR4Q9oekv%2FomE6mxRm7QePDcQtM1hD%2BYyvPNelgqZyA3NhEObodqchuV4E3VxwDzjXiInuLfltThl2jWv86y%2BjvkIykCnQ2b%2BSovmHkirTio%2F%2BoCpBKyadaipMUNoIPQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a049d17a28bc1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14500, version 1.0","md5":"e58febde317b69ceb51690ea201850c9","sha1":"d8fc94bf7a39043a7759bd564a7e16b3ea080736","sha256":"c268b459a9329e59fecf39a17618efd44c71735532048d60b12aab76a8c14914","sha512":"af17f0a6913d974bd7d38a060549dacd158c667abb08f830d44d302c1a1cb4f8106eeeb772d2b4066be2c5a1e763d26042c707343770f5e84b0f5165cab9d96b","ssdeep":"384:4VvSHMmDtGjtHrBRvGjLWPSNRXZpyJ+kC18bZ:4VvSsmDt6LBROj1RXZ4J+318bZ","tlshash":"8a52b05ef04e86f0b51f2a7ece5c6a1153725e56134f2e50e967b0c8c75e82a1e27142","first_seen":"2025-06-05T11:45:07.756161Z","last_seen":"2026-06-07T02:42:38.161924Z","times_seen":2760,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"evnt-virl.live/secureproxy?s=%2Fjmpd%2F","fqdn":"evnt-virl.live","domain":"evnt-virl.live","tld":"live"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://evnt-virl.live/","date":"2026-05-31T23:39:31.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"evnt-virl.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 16:15:15 GMT","end":"Tue, 25 Aug 2026 16:15:14 GMT"},"fingerprint":{"sha1":"92:0D:1C:1E:40:CF:5E:E1:5E:A6:A4:FF:FF:B8:9D:AE:88:32:3B:FE","sha256":"8D:08:DE:B4:2D:ED:6D:EF:1D:C9:D0:9A:51:60:AD:F5:BA:DD:B1:F2:2F:8B:82:4D:B7:B1:05:59:20:D1:2E:DA"}}},"request":{"raw":"POST /secureproxy?s=%2Fjmpd%2F HTTP/1.1\r\nHost: evnt-virl.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://evnt-virl.live/\r\ncontent-type: application/json\r\nContent-Length: 1379\r\nOrigin: https://evnt-virl.live\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1379,"data":"{\"route\":\"n9POyFeFG1tUtiSU-z9JOx3n\",\"payload\":\"0hqM-6_N52QBxAKuAhAAFgDjAgMDHwDzAhAAAgEAEgMAAO8nhn2XtsKCAQ98W0pnA-oPWINiYGUCAADJ66lZmznfxKXO2MiQUYSMHQFGuVNdQz01Kd2sBrQZ79N67NPOpXnQBmEc4O2xGEgE5kScV1XwuN7PtPsUxU9XyAJZbMghk-J_5EzxqeQL6A4b6lX_-z5YDvit-hg8uvQs5BuG_Bsxm00L4k2Ec8NNNOC0QxOzYqAa53ofg430uiNlzw1M1kPjdWTj0xjsniJ0c4pnewGwPXw8tw8nV7itt001v47d3eLdLqo7s2WRyMpyIbYP0U3yxhq4M3leR-fZOfXXodOKR-FwJgz-niSrwu5slSf8s_Vb4xGQQtpX9BrIhlGxJlJm8WC-sBy0-75uTRc8A7GKdnAxJljSDysH-y7aWOXufx_5EDOYby-Dv4fgxEKgV9tUecR7991EafrLINbxNX2rwtnjKHSYTgTWDisjCHr2zSxYk2LL3wbSgWsyP-pBNf6js5pkRDsgckPPONnUD2xezgARcOFjoYdVq5tcb8bCzQLJMUq7OsyJzP3X6Y00RcnbtujJKUd6790MEN6KQ7N-lZh0_5xk-5-Zh4egyh3I2XUjQrHW14oKVbqUK5O_9AMkqEMio1N3iKHMK7s2C0xufPGNBEOXhBeXI9FqKxCI7kqWoFR0lEilMvCsLglY_27zBFwjJOoqD_aXkW3l-Lac2WYI-gaeMRoo7UR9zJpbXAo2vpP0TuNhilWuQtzYQMot4bo8L4u_O-qzr84KbtcPLwLHkC-XsIiFbGHD4bBg0MUK_5AcQWAxyJxsy5v1frc0tYXBQWxxXU1bPG39YYz_H7uVDaOQom3U8JP958J6QSHNNPNRiJnCkRU8nAPY2FSVXfMA0EJIfF97kqzVEg03Iml7eNcjnmsYFg_q1bJwogOIXaNc8IrWLdGbLu_1ZWlHz5nyW3_PcylF_F4jmetOs7cEwMP6y8qPAF_4VTS_ol2FNNLE1wyTmeR95ApPdZ9Hy_1YPm04JkqeYjMVXbyxrEgLAN6iRz1CeHaX5-YdZXPE9EJbNeWFzm5bzIIurqp3bM7RIfpnJM0NUYt15Dblx94uoXrixR260EcdGqiyp-CzDZkYZ13GuRi3qg5_KJXRtBA\",\"challenge\":\"eyJpZCI6Ik9mQ0tUQ3VuQzlJdC1JMTlRVm5sZUEiLCJub25jZSI6MTM1LCJoYXNoIjoiMDAzZjRmZDk3MTI1NjU2YzMwMzg0NGM1ZmZmODA2ODBkYTdhNTg0OWQwYjJjMGQ5MGQyMDUzNjczYjRkZWRjNiJ9\"}"}},"response":{"raw":"HTTP/3 204 No Content\r\ndate: Sun, 31 May 2026 23:39:32 GMT\r\nserver: cloudflare\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: no-cache\r\netag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nx-ratelimit-limit: 20\r\nx-ratelimit-remaining: 19\r\nx-ratelimit-reset: 1780270832024\r\ncdn-proxyver: 1.55\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 204\r\ncdn-cachedat: 05/31/2026 23:39:32\r\ncdn-edgestorageid: 1056\r\ncdn-requestid: 29a69f4e1cda3e8059ffdb7ff9b1161a\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TgLKO%2FFDIWbkFsmmoPaecuYXjIubFPVc9hKt0ChKoEWwieVdMZKuDy0FZqXyKrvIUOK46iCmKHwcmLGqKAV6XhOSd3l%2Bs69Htp8zffca6YbqrTTnW18p5g6Q%2B%2BfZtnfvyg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a049d184b9bd1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T05:09:49.035637Z","times_seen":16204071,"resource_available":true,"data":null}},"time_used":669,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":669,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-31","alert":"Sinkholed","trigger":"evnt-virl.live","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}