{"report_id":"3b173c9d-0744-40bf-a552-c919b4d11281","version":6,"status":"done","tags":[],"date":"2026-02-28T17:32:41Z","url":{"schema":"http","addr":"klopk.com","fqdn":"klopk.com","domain":"klopk.com","tld":"com"},"ip":{"addr":"162.255.119.253","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.klook.com/?aid=45505\u0026aff_adid=768219\u0026aff_pid=\u0026aff_sid=\u0026utm_medium=affiliate-alwayson\u0026utm_source=non-network\u0026utm_campaign=45505\u0026utm_term=\u0026utm_content=\u0026aff_klick_id=123557542836-45505-768219-d61d2e7","fqdn":"www.klook.com","domain":"klook.com","tld":"com"},"title":"klook.com","dom":{"size":43,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"d1ba9189c22d8e6e667d05677ffb7e27","sha1":"8ec08fdf85be2b610631ad1b6e03efbd67366151","sha256":"f8dac000ac22aa5f27170a9c0b03e3f8503ed983328a2492d6e06fee67cb8b1b","sha512":"a9986e5f0dd743eb67083fbc7b37fc4be7bc97d3a38d4daae41a6801c16eec5bf88ca2c71ca4fed5b479457b11120415e679a941c408f2bba912cc820ffd906d","ssdeep":"","tlshash":"c19004fdf15140055c3435c00cc333450d14435c30034d0035c03474c404115cd175c4","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"klopk.com","fqdn":"klopk.com","domain":"klopk.com","tld":"com"},"ip":{"addr":"162.255.119.253","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-04T17:32:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":6,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:21Z","timestamp":1772299941,"ip_dst":{"addr":"192.0.78.26","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":38594,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)","source":"{\"timestamp\":\"2026-02-28T17:32:21.636790+0000\",\"flow_id\":1654145025405022,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.45\",\"src_port\":38594,\"dest_ip\":\"192.0.78.26\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2855174,\"rev\":1,\"signature\":\"ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_24\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_24\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_08_24\"]}},\"tls\":{\"sni\":\"href.li\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":873,\"bytes_toclient\":3902,\"start\":\"2026-02-28T17:32:21.618590+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:22Z","timestamp":1772299942,"ip_dst":{"addr":"192.0.78.26","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":38604,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)","source":"{\"timestamp\":\"2026-02-28T17:32:22.237259+0000\",\"flow_id\":521216404641147,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.45\",\"src_port\":38604,\"dest_ip\":\"192.0.78.26\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2855174,\"rev\":1,\"signature\":\"ETPRO INFO Referer Obfuscation/Hiding Service Domain (href .li in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_24\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_24\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_08_24\"]}},\"tls\":{\"sni\":\"href.li\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":753,\"bytes_toclient\":3902,\"start\":\"2026-02-28T17:32:22.218491+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:31Z","timestamp":1772299951,"ip_dst":{"addr":"Client IP","port":50568,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer","source":"{\"timestamp\":\"2026-02-28T17:32:31.780890+0000\",\"flow_id\":562302061727220,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50568,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2819814,\"rev\":3,\"signature\":\"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2016_04_18\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_06_30\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":564,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.282100+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:31Z","timestamp":1772299951,"ip_dst":{"addr":"Client IP","port":50568,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Namecheap URL Forward","source":"{\"timestamp\":\"2026-02-28T17:32:31.780890+0000\",\"flow_id\":562302061727220,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50568,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035208,\"rev\":2,\"signature\":\"ET INFO Namecheap URL Forward\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_02_16\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_02_16\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":564,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.282100+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:32Z","timestamp":1772299952,"ip_dst":{"addr":"Client IP","port":50570,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer","source":"{\"timestamp\":\"2026-02-28T17:32:32.453148+0000\",\"flow_id\":181664880093614,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50570,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2819814,\"rev\":3,\"signature\":\"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2016_04_18\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_06_30\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":684,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.879022+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:32Z","timestamp":1772299952,"ip_dst":{"addr":"Client IP","port":50570,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Namecheap URL Forward","source":"{\"timestamp\":\"2026-02-28T17:32:32.453148+0000\",\"flow_id\":181664880093614,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50570,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035208,\"rev\":2,\"signature\":\"ET INFO Namecheap URL Forward\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_02_16\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_02_16\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":684,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.879022+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-28","alert":"Code and strings of plugins from the Tetris framework loaded by Swid","trigger":"geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3","date":"2020-09-06","description":"Code and strings of plugins from the Tetris framework loaded by Swid","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetrisplugins_JS"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-28","alert":"Code and strings of plugins from the Tetris framework loaded by Swid","trigger":"geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg%3D%3D\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026cid=f59b~UeyTjzTMcPXimGlZictdRNs9~8o1~XZPWbB3WZ_kzhwu1KomTeIJzv01H61brWcwgXXGgGO19izBfRyhA_PegY~WLt9CAt7HKlm_1moak9nPWiptrK_K7S9J4NA\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026s=37675\u0026e=d96ef6d09b11500e33a875b2e54b7a9b3e81a2b1bddd8b1600a3a452de6454339d8f13307274b4b4a89eb0e8dd64749e\u0026b=1731402\u0026dm=cd","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3","date":"2020-09-06","description":"Code and strings of plugins from the Tetris framework loaded by Swid","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetrisplugins_JS"}},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-28","alert":"Sinkholed","trigger":"href.li","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"affiliate.klook.com","ip":{"addr":"104.18.31.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2005-11-15","domain_rank":549353,"first_seen":"2016-05-17T02:47:10Z","last_seen":"2026-02-26T07:02:14.050018Z","alert_count":0,"request_count":1,"received_data":1706,"sent_data":552,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ct.captcha-delivery.com","ip":{"addr":"18.65.39.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2019-12-23","domain_rank":125224,"first_seen":"2020-02-05T05:26:26Z","last_seen":"2026-02-26T01:06:09.733767Z","alert_count":0,"request_count":1,"received_data":16208,"sent_data":414,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"geo.captcha-delivery.com","ip":{"addr":"13.50.6.43","port":443,"asn":16509,"as":"AMAZON-02","country":"Sweden","country_code":"SE"},"domain_registered":"2019-12-23","domain_rank":76095,"first_seen":"2020-03-18T08:06:49Z","last_seen":"2026-02-26T01:06:09.714241Z","alert_count":2,"request_count":2,"received_data":911594,"sent_data":2919,"comment":"","tags":null,"fingerprints":null},{"fqdn":"static.captcha-delivery.com","ip":{"addr":"52.84.50.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2019-12-23","domain_rank":167473,"first_seen":"2020-05-12T12:33:44Z","last_seen":"2026-02-26T01:06:09.80538Z","alert_count":0,"request_count":6,"received_data":45682,"sent_data":3164,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"klopk.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":8,"request_count":2,"received_data":1062,"sent_data":872,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.klook.com","ip":{"addr":"104.18.31.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2005-11-15","domain_rank":12347,"first_seen":"2017-02-06T03:18:36Z","last_seen":"2026-02-23T18:05:29.955757Z","alert_count":0,"request_count":2,"received_data":3468,"sent_data":1708,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"DataDome","description":"DataDome is a cybersecurity platform that specialises in bot protection and mitigation, offering advanced solutions to safeguard websites and mobile applications against malicious bot traffic, credential stuffing, scraping, and other automated threats.","website":"https://datadome.co","common_platform_enumeration":"","icon":"DataDome.svg","categories":["Security"]}]},{"fqdn":"href.li","ip":{"addr":"192.0.78.26","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":30988,"first_seen":"2012-05-22T12:39:06Z","last_seen":"2026-02-26T04:00:13.359811Z","alert_count":1,"request_count":1,"received_data":1077,"sent_data":569,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","fqdn":"geo.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"13.50.6.43","port":443,"asn":16509,"as":"AMAZON-02","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"f6a7b0b88e83bdce657451f93597718a","sha1":"6eeda08c98f88edf1222a0d80aad8c3daaf37d77","sha256":"f8884cc2401e2e9e4153be2ff7324b508a3b84c7c17dcaafc5388d8be1ae7064","sha512":"a08e094daaa26a8e236115f894db1ae598ae4255e7fc7dc925ab03ba6bcd486b2ee6dc2121d2aabeed2df04465a4279570c683024834b0e56c0fb6e2906e9bed","ssdeep":"","tlshash":"32711fbe11f31230cdb321ad5b97a6907c389013b505e9697c4cd556ef48d908fb6bc8","size":3575,"data":"","first_seen":"2025-08-27T16:52:00.136433Z","last_seen":"2026-06-05T05:09:31.427384Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","fqdn":"geo.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"13.50.6.43","port":443,"asn":16509,"as":"AMAZON-02","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"762f28282f8d1c27ff83d14d0ee39138","sha1":"dd592ea07c8dc0f11c3b4702919d6c2c873d017f","sha256":"0574a49f35757bbd496fe2ce02611760aa94b2a1ff2a82b5975c73fed0603060","sha512":"51918187d110b8eac3f0a8d496d900fe1fb5aedf43aa7fbf75243e9a0753e2ac410385dfb2825bedf0241b20cc4d5fe3298d385822950a41d85dd2627ccdb9d7","ssdeep":"12288:fyqqW//Nb4KtQcUeNnmfPG+qJW/B+PEl/e9Oo2hmcwEfO/QukA:QKfEl/e9Oo2hmcwEfO/QukA","tlshash":"aea43a6c524598be833b152913df28837c1a9a62fd14a328bd39c9e29bf494d145fcfc","size":477885,"data":"","first_seen":"2026-02-28T17:32:47.092053Z","last_seen":"2026-02-28T17:32:47.092053Z","times_seen":1,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-28","alert":"Code and strings of plugins from the Tetris framework loaded by Swid","trigger":"geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3","date":"2020-09-06","description":"Code and strings of plugins from the Tetris framework loaded by Swid","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetrisplugins_JS"}}],"urlquery":null}},{"url":{"schema":"https","addr":"www.klook.com/?aid=45505\u0026aff_adid=768219\u0026aff_pid=\u0026aff_sid=\u0026utm_medium=affiliate-alwayson\u0026utm_source=non-network\u0026utm_campaign=45505\u0026utm_term=\u0026utm_content=\u0026aff_klick_id=123557542836-45505-768219-d61d2e7","fqdn":"www.klook.com","domain":"klook.com","tld":"com"},"ip":{"addr":"104.18.31.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"da4c6c278e75a8c8ce54319229f9895c","sha1":"443abb9562046bf0905775c97158343cfe74ebb3","sha256":"35f7b21eea35a353b44054e1cc62437026d71fa8ca9d8c68e9dbddcf2681dc2d","sha512":"1057f6a29454f2593288c39b2657e4e2e3c140c070591d4461f0653609b99690857e965cd4e24a716b4ed1bb2d0d82ca2a921eb9e80969fae86ea00950acca98","ssdeep":"","tlshash":"d2f06238c42f5189d36b0c17bbb0e2ae31400e565dc970e978ae842c840e62103aca0b","size":635,"data":"","first_seen":"2026-02-28T17:32:47.096592Z","last_seen":"2026-02-28T17:32:47.096592Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ct.captcha-delivery.com/i.js","fqdn":"ct.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"18.65.39.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"14867fc17e7a0d59f653596d425b2feb","sha1":"2c12b362f630bc3058da912580cb4382c73888d3","sha256":"b2086fb19988cbf9d2caa696692c0711145ee92124319146e0d1352d8eb5797d","sha512":"30999e7314d56ead316c3bb0591b2c4bc158f1841e17a107a46587622d81cdda24fd5a9a3ee921f389a6716e9fb00a40250fa1c3ecf6c05cd48ce8ef2be1a18b","ssdeep":"192:Rc6NViX29WR+ctayDQ7/p3GyxLq3ffZ0CVcF6rNUOuSeK3+nX8hOUO40252JCIo9:RFyrSDK173Us5MCkC","tlshash":"476295ad68f345680763603d1bbf6218b1715113349ecc50bc5ca6117f90e67da7abec","size":15685,"data":"","first_seen":"2025-12-09T15:18:57.63761Z","last_seen":"2026-04-22T10:51:00.227375Z","times_seen":869,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg%3D%3D\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026cid=f59b~UeyTjzTMcPXimGlZictdRNs9~8o1~XZPWbB3WZ_kzhwu1KomTeIJzv01H61brWcwgXXGgGO19izBfRyhA_PegY~WLt9CAt7HKlm_1moak9nPWiptrK_K7S9J4NA\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026s=37675\u0026e=d96ef6d09b11500e33a875b2e54b7a9b3e81a2b1bddd8b1600a3a452de6454339d8f13307274b4b4a89eb0e8dd64749e\u0026b=1731402\u0026dm=cd","fqdn":"geo.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"13.50.6.43","port":443,"asn":16509,"as":"AMAZON-02","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"ff7148377a1695c10bb7dc98f6a5ff3f","sha1":"e9ca760516ac2bd8c716fc64e52014e2adbaad91","sha256":"847c17aad92bc68a486fe9021688af7cd4e8d4e0208fb842d6159e8cd9684ca1","sha512":"2c1d7c9fcebe2902f5cde0cc6f7af3849117f7d3a01d8b50338fb0576dca92d31baef19cdb12cfcc48c9c5c7a01887168dfa918100192cc32889cd7239dc5aff","ssdeep":"6144:J9UJ36ChodvlRSD0Gv5gev7tHlDqaTYHPViVVycF53N+jYkoMfgo7:J9U7YvlddvarRNFg","tlshash":"c994f8b0a1826c5cb6797c1513ae34c324875a77ba58a6dcec34d4e3c2f2576b98ecd0","size":416734,"data":"","first_seen":"2026-02-28T17:32:47.100058Z","last_seen":"2026-02-28T17:32:47.100058Z","times_seen":1,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-28","alert":"Code and strings of plugins from the Tetris framework loaded by Swid","trigger":"geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg%3D%3D\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026cid=f59b~UeyTjzTMcPXimGlZictdRNs9~8o1~XZPWbB3WZ_kzhwu1KomTeIJzv01H61brWcwgXXGgGO19izBfRyhA_PegY~WLt9CAt7HKlm_1moak9nPWiptrK_K7S9J4NA\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026s=37675\u0026e=d96ef6d09b11500e33a875b2e54b7a9b3e81a2b1bddd8b1600a3a452de6454339d8f13307274b4b4a89eb0e8dd64749e\u0026b=1731402\u0026dm=cd","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3","date":"2020-09-06","description":"Code and strings of plugins from the Tetris framework loaded by Swid","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetrisplugins_JS"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg%3D%3D\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026cid=f59b~UeyTjzTMcPXimGlZictdRNs9~8o1~XZPWbB3WZ_kzhwu1KomTeIJzv01H61brWcwgXXGgGO19izBfRyhA_PegY~WLt9CAt7HKlm_1moak9nPWiptrK_K7S9J4NA\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026s=37675\u0026e=d96ef6d09b11500e33a875b2e54b7a9b3e81a2b1bddd8b1600a3a452de6454339d8f13307274b4b4a89eb0e8dd64749e\u0026b=1731402\u0026dm=cd","fqdn":"geo.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"13.50.6.43","port":443,"asn":16509,"as":"AMAZON-02","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.klook.com/?aid=45505\u0026aff_adid=768219\u0026aff_pid=\u0026aff_sid=\u0026utm_medium=affiliate-alwayson\u0026utm_source=non-network\u0026utm_campaign=45505\u0026utm_term=\u0026utm_content=\u0026aff_klick_id=123557542836-45505-768219-d61d2e7","date":"2026-02-28T17:32:23.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.captcha-delivery.com","organization":""},"issuer":{"commonName":"Amazon ECDSA 256 M04","organization":"Amazon"},"validity":{"start":"Wed, 14 Jan 2026 00:00:00 GMT","end":"Fri, 12 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"84:99:02:55:0D:B0:27:3F:D5:3B:80:B1:A2:7D:3A:75:FE:D0:C5:02","sha256":"D6:0B:84:02:F5:B9:16:0C:CD:48:04:A9:19:11:ED:BF:38:3A:95:FC:FE:51:04:A6:38:F7:D9:7C:8D:28:B2:1D"}}},"request":{"raw":"GET /interstitial/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg%3D%3D\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026cid=f59b~UeyTjzTMcPXimGlZictdRNs9~8o1~XZPWbB3WZ_kzhwu1KomTeIJzv01H61brWcwgXXGgGO19izBfRyhA_PegY~WLt9CAt7HKlm_1moak9nPWiptrK_K7S9J4NA\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026s=37675\u0026e=d96ef6d09b11500e33a875b2e54b7a9b3e81a2b1bddd8b1600a3a452de6454339d8f13307274b4b4a89eb0e8dd64749e\u0026b=1731402\u0026dm=cd HTTP/1.1\r\nHost: geo.captcha-delivery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.klook.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 28 Feb 2026 17:32:23 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":417080,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (64266)","md5":"99140f8a4e21ed455dc6bfbf4e7cd5c2","sha1":"e96196a87e3719b1216a47ce7411d9c58a716d41","sha256":"e7a0bd44cb824b57ea9e141c806f7dc6a47cffb91eea66bebcdfdfe5296da442","sha512":"5b12f58127a9dc3dbefc16fea114e35880e7a7caf33c8d035779acf464082d3810c31dc717961bfc1877fc2b3f59a20d7a850e091666cf86943adff5bbf28d12","ssdeep":"6144:y9UJ36ChodvlRSD0Gv5gev7tHlDqaTYHPViVVycF53N+jYkoMfgog:y9U7YvlddvarRNFB","tlshash":"8c94f8b0a1826c5cb6797c1513ae34c324875a77ba58a6dcec34d4e3c2f2576b98ecd0","first_seen":"2026-02-28T17:32:47.061308Z","last_seen":"2026-02-28T17:32:47.061308Z","times_seen":1,"resource_available":false,"data":null}},"time_used":524,"timings":{"blocked":233,"dns":52,"connect":10,"send":0,"wait":23,"receive":34,"ssl":169},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-28","alert":"Code and strings of plugins from the Tetris framework loaded by Swid","trigger":"geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg%3D%3D\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026cid=f59b~UeyTjzTMcPXimGlZictdRNs9~8o1~XZPWbB3WZ_kzhwu1KomTeIJzv01H61brWcwgXXGgGO19izBfRyhA_PegY~WLt9CAt7HKlm_1moak9nPWiptrK_K7S9J4NA\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026s=37675\u0026e=d96ef6d09b11500e33a875b2e54b7a9b3e81a2b1bddd8b1600a3a452de6454339d8f13307274b4b4a89eb0e8dd64749e\u0026b=1731402\u0026dm=cd","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3","date":"2020-09-06","description":"Code and strings of plugins from the Tetris framework loaded by Swid","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetrisplugins_JS"}}],"urlquery":null}},{"url":{"schema":"https","addr":"static.captcha-delivery.com/common/fonts/poppins/font-face.css","fqdn":"static.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"52.84.50.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","date":"2026-02-28T17:32:24.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.captcha-delivery.com","organization":""},"issuer":{"commonName":"Amazon ECDSA 256 M01","organization":"Amazon"},"validity":{"start":"Wed, 14 Jan 2026 00:00:00 GMT","end":"Fri, 12 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"4B:F8:91:06:E4:2C:48:D9:73:19:0B:2F:00:40:4B:06:4D:09:7D:0B","sha256":"68:6B:3C:E2:9D:5A:C8:78:F5:26:BA:B6:2B:AD:7D:91:43:EC:24:F5:BB:80:E0:55:B0:37:E6:C3:ED:2D:CB:44"}}},"request":{"raw":"GET /common/fonts/poppins/font-face.css HTTP/1.1\r\nHost: static.captcha-delivery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://geo.captcha-delivery.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 566\r\nlast-modified: Fri, 06 May 2022 16:47:06 GMT\r\nx-amz-version-id: null\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 28 Feb 2026 04:41:32 GMT\r\netag: \"2255dc42e538ab5d937f36bf52ae2fd5\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 4ecb87f89fb78847d0c397cc575bc254.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: fA4zD3BFQtcE8Vji4sXkUHJ-OQ7qWIdymgN_-SvBUFDvR2JP7rnbqA==\r\nage: 46253\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":566,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"2255dc42e538ab5d937f36bf52ae2fd5","sha1":"3fa98e0b0a8189a78b90819e00b3fbb68c382c46","sha256":"8c50a3b69f37913ff69e02b8c886bc0c57bb96f328e0c90bb5641dfe0271cd97","sha512":"1175653f2f6563c58a02f53ec42d0ecbb7c3199428ddaac574a1f034c7ca1955001f83fff67edd0ce562b875f42b31ea41d9467e9cfd3d4c9603e8b9427ca5f0","ssdeep":"","tlshash":"35f04c6304f8b84855118cd9231f6d512fcc54057347a9a1bb1f1c08ada3e61436abed","first_seen":"2025-08-08T09:17:01.1243Z","last_seen":"2026-06-05T05:09:31.424276Z","times_seen":4,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":128,"dns":105,"connect":1,"send":0,"wait":5,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.captcha-delivery.com/common/fonts/poppins/poppins.woff2","fqdn":"static.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"52.84.50.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","date":"2026-02-28T17:32:24.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.captcha-delivery.com","organization":""},"issuer":{"commonName":"Amazon ECDSA 256 M01","organization":"Amazon"},"validity":{"start":"Wed, 14 Jan 2026 00:00:00 GMT","end":"Fri, 12 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"4B:F8:91:06:E4:2C:48:D9:73:19:0B:2F:00:40:4B:06:4D:09:7D:0B","sha256":"68:6B:3C:E2:9D:5A:C8:78:F5:26:BA:B6:2B:AD:7D:91:43:EC:24:F5:BB:80:E0:55:B0:37:E6:C3:ED:2D:CB:44"}}},"request":{"raw":"GET /common/fonts/poppins/poppins.woff2 HTTP/1.1\r\nHost: static.captcha-delivery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://geo.captcha-delivery.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.captcha-delivery.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 7884\r\naccess-control-allow-origin: https://geo.captcha-delivery.com\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-max-age: 3000\r\naccess-control-allow-credentials: true\r\nlast-modified: Fri, 06 May 2022 16:47:06 GMT\r\nx-amz-version-id: null\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 28 Feb 2026 17:32:24 GMT\r\netag: \"9212f6f9860f9fc6c69b02fedf6db8c3\"\r\nvary: Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 4ecb87f89fb78847d0c397cc575bc254.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 9-4bjoFDQTHFnXxecFCRaBcyag4q8PZQz_sIlDZKBAMWMd9rWDuSOg==\r\nage: 38124\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":7884,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7884, version 1.0","md5":"9212f6f9860f9fc6c69b02fedf6db8c3","sha1":"ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b","sha256":"7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f","sha512":"67317495f4b53e20a9f31c034e456e6c37f387dffb2c092caa5159bc441cfcadd02749ffe5bbed1d580d5300a59e48a767ef2c6d9978b474f84c1a2cd095c126","ssdeep":"192:xLFDbKO9E3rS3JWBRO/J601FSS5ZUbik3Zy2f0:pd9J5W501otlI","tlshash":"c3f1ae4eb3f2cd1be40982e53a0fc90b1c578272681fd772d067a22517893bc8db2c81","first_seen":"2023-04-05T15:35:34Z","last_seen":"2026-06-16T17:43:07.402255Z","times_seen":358057,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.captcha-delivery.com/captcha/page-customization/33324/klook-identity-card.png","fqdn":"static.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"52.84.50.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","date":"2026-02-28T17:32:25.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.captcha-delivery.com","organization":""},"issuer":{"commonName":"Amazon ECDSA 256 M01","organization":"Amazon"},"validity":{"start":"Wed, 14 Jan 2026 00:00:00 GMT","end":"Fri, 12 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"4B:F8:91:06:E4:2C:48:D9:73:19:0B:2F:00:40:4B:06:4D:09:7D:0B","sha256":"68:6B:3C:E2:9D:5A:C8:78:F5:26:BA:B6:2B:AD:7D:91:43:EC:24:F5:BB:80:E0:55:B0:37:E6:C3:ED:2D:CB:44"}}},"request":{"raw":"GET /captcha/page-customization/33324/klook-identity-card.png HTTP/1.1\r\nHost: static.captcha-delivery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://geo.captcha-delivery.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 11790\r\nlast-modified: Tue, 16 Apr 2024 12:54:41 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: null\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 28 Feb 2026 01:54:46 GMT\r\netag: \"505042d9ea526234e4fcfbdf398111ee\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 4ecb87f89fb78847d0c397cc575bc254.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: qc5z-bfSEwjpIqf2BeoLiehFBPUuRBC54b8OrTYfczy_K3GK6syaDA==\r\nage: 56260\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":11790,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 330 x 240, 8-bit/color RGBA, non-interlaced","md5":"505042d9ea526234e4fcfbdf398111ee","sha1":"0373069bac076b19ff6e2a26a9a148d547d1a34f","sha256":"19d5027149e707145064ff10a667ede46ae59b95e15e92d27d295c537ddcbf48","sha512":"26eadc4e7fbc303c394a93c5fb31061b5e8f9381188f2dadaae2ae4731c7399d6ae7d5feb97740efaf02e4f127de259734f0516e052883f5fd9b50810b5e23ea","ssdeep":"192:+bQSTrXXQi9Mc02yRV3QN0ukVVhaEDHyr3DBTxoJ649hT0h64P8nMv6XNSFW:+b3TsL2yL3FxSbN5Rc4+86XUFW","tlshash":"e232c0dd2d98c01e4d15032512e3d9e617da27a819e11a2ce60ffd2c1be2b965e0b39a","first_seen":"2025-08-08T09:17:01.074993Z","last_seen":"2026-06-05T05:09:31.41619Z","times_seen":4,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.captcha-delivery.com/common/fonts/poppins/poppins.woff2","fqdn":"static.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"52.84.50.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","date":"2026-02-28T17:32:26.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.captcha-delivery.com","organization":""},"issuer":{"commonName":"Amazon ECDSA 256 M01","organization":"Amazon"},"validity":{"start":"Wed, 14 Jan 2026 00:00:00 GMT","end":"Fri, 12 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"4B:F8:91:06:E4:2C:48:D9:73:19:0B:2F:00:40:4B:06:4D:09:7D:0B","sha256":"68:6B:3C:E2:9D:5A:C8:78:F5:26:BA:B6:2B:AD:7D:91:43:EC:24:F5:BB:80:E0:55:B0:37:E6:C3:ED:2D:CB:44"}}},"request":{"raw":"GET /common/fonts/poppins/poppins.woff2 HTTP/1.1\r\nHost: static.captcha-delivery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://geo.captcha-delivery.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.captcha-delivery.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 7884\r\naccess-control-allow-origin: https://geo.captcha-delivery.com\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-max-age: 3000\r\naccess-control-allow-credentials: true\r\nlast-modified: Fri, 06 May 2022 16:47:06 GMT\r\nx-amz-version-id: null\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 28 Feb 2026 17:32:24 GMT\r\netag: \"9212f6f9860f9fc6c69b02fedf6db8c3\"\r\nvary: Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 4ecb87f89fb78847d0c397cc575bc254.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: ZcgVrvcQmJeNZ-7b3JRzQoKrpCcaG4libbABlXHJ6zGQcJDJkbdlKg==\r\nage: 38126\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":7884,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7884, version 1.0","md5":"9212f6f9860f9fc6c69b02fedf6db8c3","sha1":"ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b","sha256":"7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f","sha512":"67317495f4b53e20a9f31c034e456e6c37f387dffb2c092caa5159bc441cfcadd02749ffe5bbed1d580d5300a59e48a767ef2c6d9978b474f84c1a2cd095c126","ssdeep":"192:xLFDbKO9E3rS3JWBRO/J601FSS5ZUbik3Zy2f0:pd9J5W501otlI","tlshash":"c3f1ae4eb3f2cd1be40982e53a0fc90b1c578272681fd772d067a22517893bc8db2c81","first_seen":"2023-04-05T15:35:34Z","last_seen":"2026-06-16T17:43:07.402255Z","times_seen":358057,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"klopk.com/","fqdn":"klopk.com","domain":"klopk.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-28T17:32:18.301Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: klopk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-16T17:50:43.021957Z","times_seen":16476669,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:31Z","timestamp":1772299951,"ip_dst":{"addr":"172.18.0.45","port":50568,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer","source":"{\"timestamp\":\"2026-02-28T17:32:31.780890+0000\",\"flow_id\":562302061727220,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50568,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2819814,\"rev\":3,\"signature\":\"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2016_04_18\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_06_30\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":564,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.282100+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:31Z","timestamp":1772299951,"ip_dst":{"addr":"172.18.0.45","port":50568,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Namecheap URL Forward","source":"{\"timestamp\":\"2026-02-28T17:32:31.780890+0000\",\"flow_id\":562302061727220,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50568,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035208,\"rev\":2,\"signature\":\"ET INFO Namecheap URL Forward\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_02_16\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_02_16\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":564,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.282100+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:32Z","timestamp":1772299952,"ip_dst":{"addr":"172.18.0.45","port":50570,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer","source":"{\"timestamp\":\"2026-02-28T17:32:32.453148+0000\",\"flow_id\":181664880093614,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50570,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2819814,\"rev\":3,\"signature\":\"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2016_04_18\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_06_30\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":684,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.879022+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:32Z","timestamp":1772299952,"ip_dst":{"addr":"172.18.0.45","port":50570,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Namecheap URL Forward","source":"{\"timestamp\":\"2026-02-28T17:32:32.453148+0000\",\"flow_id\":181664880093614,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50570,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035208,\"rev\":2,\"signature\":\"ET INFO Namecheap URL Forward\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_02_16\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_02_16\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":684,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.879022+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"klopk.com/","fqdn":"klopk.com","domain":"klopk.com","tld":"com"},"ip":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-28T17:32:21.879Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: klopk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Sat, 28 Feb 2026 17:32:22 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 132\r\nConnection: keep-alive\r\nLocation: https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\r\nX-Served-By: Namecheap URL Forward\r\nServer: namecheap-nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":736,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-16T17:50:43.021957Z","times_seen":16476669,"resource_available":true,"data":null}},"time_used":498,"timings":{"blocked":165,"dns":1,"connect":165,"send":0,"wait":167,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:31Z","timestamp":1772299951,"ip_dst":{"addr":"172.18.0.45","port":50568,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer","source":"{\"timestamp\":\"2026-02-28T17:32:31.780890+0000\",\"flow_id\":562302061727220,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50568,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2819814,\"rev\":3,\"signature\":\"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2016_04_18\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_06_30\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":564,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.282100+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:31Z","timestamp":1772299951,"ip_dst":{"addr":"172.18.0.45","port":50568,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Namecheap URL Forward","source":"{\"timestamp\":\"2026-02-28T17:32:31.780890+0000\",\"flow_id\":562302061727220,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50568,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035208,\"rev\":2,\"signature\":\"ET INFO Namecheap URL Forward\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_02_16\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_02_16\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":564,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.282100+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:32Z","timestamp":1772299952,"ip_dst":{"addr":"172.18.0.45","port":50570,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer","source":"{\"timestamp\":\"2026-02-28T17:32:32.453148+0000\",\"flow_id\":181664880093614,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50570,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2819814,\"rev\":3,\"signature\":\"ETPRO HUNTING Suspicious Redirect Attempting to Hide Referer\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"confidence\":[\"Medium\"],\"created_at\":[\"2016_04_18\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_06_30\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":684,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.879022+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-28T17:32:32Z","timestamp":1772299952,"ip_dst":{"addr":"172.18.0.45","port":50570,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.255.119.253","port":80,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Namecheap URL Forward","source":"{\"timestamp\":\"2026-02-28T17:32:32.453148+0000\",\"flow_id\":181664880093614,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.255.119.253\",\"src_port\":80,\"dest_ip\":\"172.18.0.45\",\"dest_port\":50570,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035208,\"rev\":2,\"signature\":\"ET INFO Namecheap URL Forward\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_02_16\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_02_16\"]}},\"http\":{\"hostname\":\"klopk.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/\",\"length\":132},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":132,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":684,\"bytes_toclient\":678,\"start\":\"2026-02-28T17:32:21.879022+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.klook.com/favicon.ico","fqdn":"www.klook.com","domain":"klook.com","tld":"com"},"ip":{"addr":"104.18.31.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.klook.com/?aid=45505\u0026aff_adid=768219\u0026aff_pid=\u0026aff_sid=\u0026utm_medium=affiliate-alwayson\u0026utm_source=non-network\u0026utm_campaign=45505\u0026utm_term=\u0026utm_content=\u0026aff_klick_id=123557542836-45505-768219-d61d2e7","date":"2026-02-28T17:32:23.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.klook.com","organization":"Klook Travel Technology Limited"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 04 Feb 2026 00:00:00 GMT","end":"Sun, 07 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"90:E2:26:86:63:9B:0C:B9:70:CD:98:36:CE:7B:D7:44:2C:5F:52:8C","sha256":"D0:CA:EA:2C:CA:37:A5:40:F4:94:F3:A0:CC:92:2A:F3:7E:9B:13:E5:5B:53:84:A5:C5:72:D2:28:0F:A7:E6:7F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.klook.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.klook.com/?aid=45505\u0026aff_adid=768219\u0026aff_pid=\u0026aff_sid=\u0026utm_medium=affiliate-alwayson\u0026utm_source=non-network\u0026utm_campaign=45505\u0026utm_term=\u0026utm_content=\u0026aff_klick_id=123557542836-45505-768219-d61d2e7\r\nCookie: kepler_id=9959c084-e214-4c19-961d-880e891b0e95; _cfuvid=42yAVgD5VsOjL.7hh9JS.C.xsm.IJpppn9lIk4r91BE-1772299942977-0.0.1.1-604800000; datadome=f59b~UeyTjzTMcPXimGlZictdRNs9~8o1~XZPWbB3WZ_kzhwu1KomTeIJzv01H61brWcwgXXGgGO19izBfRyhA_PegY~WLt9CAt7HKlm_1moak9nPWiptrK_K7S9J4NA\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 28 Feb 2026 17:32:23 GMT\r\ncontent-type: image/x-icon\r\ncontent-encoding: gzip\r\nlast-modified: Tue, 13 Jan 2026 08:35:37 GMT\r\netag: W/\"696603d9-47e\"\r\nexpires: Mon, 30 Mar 2026 17:32:23 GMT\r\ncache-control: max-age=2592000\r\nx-frame-options: SAMEORIGIN\r\ncontent-security-policy: frame-ancestors 'self';\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\nx-kong-upstream-latency: 0\r\nx-kong-proxy-latency: 0\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9d51a937cb8f2efa-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"8bff434f9b0d1b86b9ba4ce7be269c20","sha1":"2b8deb05011779ed013941823519e018d767b1e6","sha256":"a7d2aedd067240662b51f2f9537a1f4784543c59e98f81e9c1993912f850b257","sha512":"37dd3852e8f538aee354fd905672b90cf4fb1997dd48e095dca372809d0fd2ce04c55624d244da8b7b79bd5b4932c8d10d36a755c270e887facd5eb06891f4d8","ssdeep":"","tlshash":"0e21c2d6b4428214c02e7231c9b6bbe7666c2c2b6984462f7553b7ddbdf0f008b8d544","first_seen":"2025-08-27T16:52:00.120893Z","last_seen":"2026-06-08T12:18:10.863089Z","times_seen":5,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":264,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","fqdn":"geo.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"13.50.6.43","port":443,"asn":16509,"as":"AMAZON-02","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.klook.com/?aid=45505\u0026aff_adid=768219\u0026aff_pid=\u0026aff_sid=\u0026utm_medium=affiliate-alwayson\u0026utm_source=non-network\u0026utm_campaign=45505\u0026utm_term=\u0026utm_content=\u0026aff_klick_id=123557542836-45505-768219-d61d2e7","date":"2026-02-28T17:32:24.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.captcha-delivery.com","organization":""},"issuer":{"commonName":"Amazon ECDSA 256 M04","organization":"Amazon"},"validity":{"start":"Wed, 14 Jan 2026 00:00:00 GMT","end":"Fri, 12 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"84:99:02:55:0D:B0:27:3F:D5:3B:80:B1:A2:7D:3A:75:FE:D0:C5:02","sha256":"D6:0B:84:02:F5:B9:16:0C:CD:48:04:A9:19:11:ED:BF:38:3A:95:FC:FE:51:04:A6:38:F7:D9:7C:8D:28:B2:1D"}}},"request":{"raw":"GET /captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402 HTTP/1.1\r\nHost: geo.captcha-delivery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg%3D%3D\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026cid=f59b~UeyTjzTMcPXimGlZictdRNs9~8o1~XZPWbB3WZ_kzhwu1KomTeIJzv01H61brWcwgXXGgGO19izBfRyhA_PegY~WLt9CAt7HKlm_1moak9nPWiptrK_K7S9J4NA\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026s=37675\u0026e=d96ef6d09b11500e33a875b2e54b7a9b3e81a2b1bddd8b1600a3a452de6454339d8f13307274b4b4a89eb0e8dd64749e\u0026b=1731402\u0026dm=cd\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 28 Feb 2026 17:32:24 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":494172,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (35477)","md5":"e36aeb56b77e16518942ada0bc1a399f","sha1":"1a6aae09ea07556027231db5f59b9c91d1bed608","sha256":"45121bd56bae431b1273798971d026458b32019f464b68a2cee8397f7d7992f6","sha512":"b95cdad45e1d75158859452cdfc3c6b91ff6f0c176953d210bc4c08da6c87189ca9eb42a42cd8f86110ef0fbcad2985b8c4287969c836774fbf2a67fa47d1f8f","ssdeep":"12288:5yqqW//Nb4KtQcUeNnmfPG+qJW/B+PEl/e9Oo2hmcwEfO/Qukl:uKfEl/e9Oo2hmcwEfO/Qukl","tlshash":"b0b43a6c524558be833b152913df28837c1a9662fd04a728bc39cae29fe498d545fcfc","first_seen":"2026-02-28T17:32:47.078856Z","last_seen":"2026-02-28T17:32:47.078856Z","times_seen":1,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-28","alert":"Code and strings of plugins from the Tetris framework loaded by Swid","trigger":"geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3","date":"2020-09-06","description":"Code and strings of plugins from the Tetris framework loaded by Swid","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetrisplugins_JS"}}],"urlquery":null}},{"url":{"schema":"https","addr":"static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css","fqdn":"static.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"52.84.50.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","date":"2026-02-28T17:32:24.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.captcha-delivery.com","organization":""},"issuer":{"commonName":"Amazon ECDSA 256 M01","organization":"Amazon"},"validity":{"start":"Wed, 14 Jan 2026 00:00:00 GMT","end":"Fri, 12 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"4B:F8:91:06:E4:2C:48:D9:73:19:0B:2F:00:40:4B:06:4D:09:7D:0B","sha256":"68:6B:3C:E2:9D:5A:C8:78:F5:26:BA:B6:2B:AD:7D:91:43:EC:24:F5:BB:80:E0:55:B0:37:E6:C3:ED:2D:CB:44"}}},"request":{"raw":"GET /captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css HTTP/1.1\r\nHost: static.captcha-delivery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://geo.captcha-delivery.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nlast-modified: Wed, 31 Dec 2025 12:40:40 GMT\r\ncontent-encoding: gzip\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: null\r\nserver: AmazonS3\r\ndate: Sat, 28 Feb 2026 02:41:53 GMT\r\netag: W/\"23464822977c44c55ef7876a5a849489\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 4ecb87f89fb78847d0c397cc575bc254.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: MkBbYWfw9TmUx3EIM3E35zy_mmhGLxB8YXNLr1U8RPeLTU-FlZR9Eg==\r\nage: 53432\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6164,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"23464822977c44c55ef7876a5a849489","sha1":"13922faf1b34b8e6bfec73db4c0e1505c53d2145","sha256":"90f12503b24159799afe91146630c31cb4301ed17864f9a136d77ed265d70709","sha512":"b8488474f4e86bbebf4fe54c287416009d5b719bc71dacd2f09cf30424a2a7c71be9e607047bd9ed538bd45a27b9ae52b5258428e80a7b30e53fe199b2f03495","ssdeep":"96:8uP8pig6K2JRZi9aL1Cjl4c3wS8OJqU6gms50nZKc:8uSig4JAaL1Cjyc3wSpJqU6FsmnZ","tlshash":"8cd1cda44e8180b7663789745bf84679e24d8c43e70219e17dac62448ff68e4b271e8f","first_seen":"2025-12-31T15:30:25.272226Z","last_seen":"2026-05-08T00:03:09.667747Z","times_seen":1862,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":129,"dns":107,"connect":1,"send":0,"wait":6,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"href.li/?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/","fqdn":"href.li","domain":"href.li","tld":"li"},"ip":{"addr":"192.0.78.26","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-28T17:32:22.218Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tls.automattic.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 15 Jan 2026 15:49:22 GMT","end":"Wed, 15 Apr 2026 15:49:21 GMT"},"fingerprint":{"sha1":"E7:A0:7D:A1:FF:62:40:01:81:71:74:9B:CF:20:C1:EB:4D:8C:C3:95","sha256":"9F:F2:7E:E2:93:22:D8:48:2E:B8:B5:6A:32:BC:A3:4F:3E:E1:A4:25:43:A6:15:94:2B:6A:E4:FB:97:16:4C:C4"}}},"request":{"raw":"GET /?https://affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/ HTTP/1.1\r\nHost: href.li\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 28 Feb 2026 17:32:22 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\nx-ac: 15.arn _dca BYPASS\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: a8c-cdn, dc;desc=arn, cache;desc=BYPASS;dur=114.0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":736,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"4b8f482c40b35ca584a3ed5c4624acfb","sha1":"f25c356d5a5b40139b2e2bc175f5488c7132af22","sha256":"ed2eaa2805d62bdacc4ed4aa35d68635e6db5c4ffa4c5e4ae712beef91b199ee","sha512":"ce09dfab26e6739fd7d161d37e81004d71bbc4aafddad258732d0aae635e7e06e793ecaba12976613a4cb3f979a2d6d762fb032a509438249a3fbe058ff6fbe4","ssdeep":"","tlshash":"63019cb31c5a5754b27000d46c61f29ec28391dd585de654a6c8caa33c4ce17dd8b7fb","first_seen":"2026-02-28T17:32:47.082752Z","last_seen":"2026-02-28T17:32:47.082752Z","times_seen":1,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":29,"dns":1,"connect":7,"send":0,"wait":122,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-28","alert":"Sinkholed","trigger":"href.li","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.captcha-delivery.com/common/fonts/poppins/poppins-700.woff2","fqdn":"static.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"52.84.50.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\u0026cid=gzP0aOewHtQ6xL4Rl91oBqkmECDT6a0qXZ2Mc0_zBNFiF4Xlxb8o8pqDuKYQIJzwZmhoMP3G2JEsACdDNiv3QLONcg0~Z7i1CnLyWd7gTufAK5y6vi_F6PUPaJAGccp7\u0026referer=https%3A%2F%2Fwww.klook.com%2F%3Faid%3D45505%26aff_adid%3D768219%26aff_pid%3D%26aff_sid%3D%26utm_medium%3Daffiliate-alwayson%26utm_source%3Dnon-network%26utm_campaign%3D45505%26utm_term%3D%26utm_content%3D%26aff_klick_id%3D123557542836-45505-768219-d61d2e7\u0026hash=1A2CDFCDF412CD9D3C93BB2E078906\u0026t=fe\u0026s=37675\u0026e=c8e4912710dc044bdd276b84482c556ba8ae28f0162cbe0bd34443a656c8bfcf3e459341ac53e123be694bdfd6aaa643\u0026ir=20\u0026dm=dc_ir\u0026b=1731402","date":"2026-02-28T17:32:24.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.captcha-delivery.com","organization":""},"issuer":{"commonName":"Amazon ECDSA 256 M01","organization":"Amazon"},"validity":{"start":"Wed, 14 Jan 2026 00:00:00 GMT","end":"Fri, 12 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"4B:F8:91:06:E4:2C:48:D9:73:19:0B:2F:00:40:4B:06:4D:09:7D:0B","sha256":"68:6B:3C:E2:9D:5A:C8:78:F5:26:BA:B6:2B:AD:7D:91:43:EC:24:F5:BB:80:E0:55:B0:37:E6:C3:ED:2D:CB:44"}}},"request":{"raw":"GET /common/fonts/poppins/poppins-700.woff2 HTTP/1.1\r\nHost: static.captcha-delivery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://geo.captcha-delivery.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.captcha-delivery.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 7816\r\naccess-control-allow-origin: https://geo.captcha-delivery.com\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-max-age: 3000\r\naccess-control-allow-credentials: true\r\nlast-modified: Fri, 06 May 2022 16:47:06 GMT\r\nx-amz-version-id: null\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 28 Feb 2026 17:32:24 GMT\r\netag: \"25b0e113ca7cce3770d542736db26368\"\r\nvary: Origin\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 4ecb87f89fb78847d0c397cc575bc254.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: HpYKyW1a9wU_t8FVelUxab4qsvl3GIIaIR7NE2TdZfgMU2BoVNp77g==\r\nage: 33872\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":7816,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7816, version 1.0","md5":"25b0e113ca7cce3770d542736db26368","sha1":"cb726212d5d525021752a1d8470a0fb593e0c49e","sha256":"9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526","sha512":"a0d331e62ab4727f49ca286a1ee7fb81cddc5bb9edf71ef84f4bd4fa1552069af1a82752011ba88fae80862d034135926b7e99d70e59d626d66d4ede90e94c30","ssdeep":"192:Agw5ksLwlyK8F2BXU96Fc575OI3+ga534SlEFwTG4ovej9be:Al5y8FSUMS5VOq1KISlvS4ov+4","tlshash":"a3f1af19d5de5a73f80032b45b6911ba7e42fa83bc68bbedf8046a10ad542cb467cc91","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-06-16T17:47:47.014771Z","times_seen":263378,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":69,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"affiliate.klook.com/redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/","fqdn":"affiliate.klook.com","domain":"klook.com","tld":"com"},"ip":{"addr":"104.18.31.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-28T17:32:22.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.klook.com","organization":"Klook Travel Technology Limited"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 04 Feb 2026 00:00:00 GMT","end":"Sun, 07 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"90:E2:26:86:63:9B:0C:B9:70:CD:98:36:CE:7B:D7:44:2C:5F:52:8C","sha256":"D0:CA:EA:2C:CA:37:A5:40:F4:94:F3:A0:CC:92:2A:F3:7E:9B:13:E5:5B:53:84:A5:C5:72:D2:28:0F:A7:E6:7F"}}},"request":{"raw":"GET /redirect?aid=45505\u0026aff_adid=768219\u0026k_site=https://www.klook.com/ HTTP/1.1\r\nHost: affiliate.klook.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 28 Feb 2026 17:32:22 GMT\r\nlocation: https://www.klook.com/?aid=45505\u0026aff_adid=768219\u0026aff_pid=\u0026aff_sid=\u0026utm_medium=affiliate-alwayson\u0026utm_source=non-network\u0026utm_campaign=45505\u0026utm_term=\u0026utm_content=\u0026aff_klick_id=123557542836-45505-768219-d61d2e7\r\ncf-ray: 9d51a9317ad12efa-OSL\r\nx-robots-tag: noindex\r\nset-cookie: kepler_id=9959c084-e214-4c19-961d-880e891b0e95; Domain=klook.com; Path=/; SameSite=None; Secure\n_cfuvid=42yAVgD5VsOjL.7hh9JS.C.xsm.IJpppn9lIk4r91BE-1772299942977-0.0.1.1-604800000; path=/; domain=.klook.com; HttpOnly; Secure; SameSite=None\r\nx-kong-upstream-latency: 24\r\nx-kong-proxy-latency: 0\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1003,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-16T17:50:43.021957Z","times_seen":16476669,"resource_available":true,"data":null}},"time_used":429,"timings":{"blocked":40,"dns":27,"connect":1,"send":0,"wait":347,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.klook.com/?aid=45505\u0026aff_adid=768219\u0026aff_pid=\u0026aff_sid=\u0026utm_medium=affiliate-alwayson\u0026utm_source=non-network\u0026utm_campaign=45505\u0026utm_term=\u0026utm_content=\u0026aff_klick_id=123557542836-45505-768219-d61d2e7","fqdn":"www.klook.com","domain":"klook.com","tld":"com"},"ip":{"addr":"104.18.31.170","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-28T17:32:22.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.klook.com","organization":"Klook Travel Technology Limited"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 04 Feb 2026 00:00:00 GMT","end":"Sun, 07 Mar 2027 23:59:59 GMT"},"fingerprint":{"sha1":"90:E2:26:86:63:9B:0C:B9:70:CD:98:36:CE:7B:D7:44:2C:5F:52:8C","sha256":"D0:CA:EA:2C:CA:37:A5:40:F4:94:F3:A0:CC:92:2A:F3:7E:9B:13:E5:5B:53:84:A5:C5:72:D2:28:0F:A7:E6:7F"}}},"request":{"raw":"GET /?aid=45505\u0026aff_adid=768219\u0026aff_pid=\u0026aff_sid=\u0026utm_medium=affiliate-alwayson\u0026utm_source=non-network\u0026utm_campaign=45505\u0026utm_term=\u0026utm_content=\u0026aff_klick_id=123557542836-45505-768219-d61d2e7 HTTP/1.1\r\nHost: www.klook.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: kepler_id=9959c084-e214-4c19-961d-880e891b0e95; _cfuvid=42yAVgD5VsOjL.7hh9JS.C.xsm.IJpppn9lIk4r91BE-1772299942977-0.0.1.1-604800000\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Sat, 28 Feb 2026 17:32:23 GMT\r\ncontent-type: text/html;charset=utf-8\r\ncontent-encoding: gzip\r\nx-datadome: protected\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory\r\ncharset: utf-8\r\ncache-control: max-age=0, private, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nx-datadome-cid: AHrlqAAAAAMA-4lyY9JfI-EAW1oqmg==\r\nx-dd-b: 259\r\nset-cookie: datadome=f59b~UeyTjzTMcPXimGlZictdRNs9~8o1~XZPWbB3WZ_kzhwu1KomTeIJzv01H61brWcwgXXGgGO19izBfRyhA_PegY~WLt9CAt7HKlm_1moak9nPWiptrK_K7S9J4NA; Max-Age=604800; Domain=.klook.com; Path=/; Secure; SameSite=Lax\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9d51a933d84e2efa-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"DataDome","description":"DataDome is a cybersecurity platform that specialises in bot protection and mitigation, offering advanced solutions to safeguard websites and mobile applications against malicious bot traffic, credential stuffing, scraping, and other automated threats.","website":"https://datadome.co","common_platform_enumeration":"","icon":"DataDome.svg","categories":["Security"]}],"data":{"size":1003,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1003), with no line terminators","md5":"eed9801c194dfbb2d9afa83a49d41bbd","sha1":"c3349644fb7c1bbdd70948d4b0706690b7b0a3b8","sha256":"be448dbf6d4da2fc1520c9c44dd1f73b093db598f0089fa090bfcfa942be1fed","sha512":"dbe27632af7863669d21201482bf1254e4eaafd2f35bff1298cf645900845cd649a7c2ba0af7b52e70e89741106ee097b6f5a0961c05abb1226fd67a39e43dd6","ssdeep":"","tlshash":"7411983ecc2b218dd66e1c57b9f0f2ec50015d893dc1a9e274e9d42cec0e2700f4894a","first_seen":"2026-02-28T17:32:47.086154Z","last_seen":"2026-02-28T17:32:47.086154Z","times_seen":1,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":395,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ct.captcha-delivery.com/i.js","fqdn":"ct.captcha-delivery.com","domain":"captcha-delivery.com","tld":"com"},"ip":{"addr":"18.65.39.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.klook.com/?aid=45505\u0026aff_adid=768219\u0026aff_pid=\u0026aff_sid=\u0026utm_medium=affiliate-alwayson\u0026utm_source=non-network\u0026utm_campaign=45505\u0026utm_term=\u0026utm_content=\u0026aff_klick_id=123557542836-45505-768219-d61d2e7","date":"2026-02-28T17:32:23.530Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.captcha-delivery.com","organization":""},"issuer":{"commonName":"Amazon ECDSA 256 M01","organization":"Amazon"},"validity":{"start":"Wed, 14 Jan 2026 00:00:00 GMT","end":"Fri, 12 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"4B:F8:91:06:E4:2C:48:D9:73:19:0B:2F:00:40:4B:06:4D:09:7D:0B","sha256":"68:6B:3C:E2:9D:5A:C8:78:F5:26:BA:B6:2B:AD:7D:91:43:EC:24:F5:BB:80:E0:55:B0:37:E6:C3:ED:2D:CB:44"}}},"request":{"raw":"GET /i.js HTTP/1.1\r\nHost: ct.captcha-delivery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.klook.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\ncontent-length: 15685\r\nlast-modified: Fri, 23 Jan 2026 14:23:13 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: null\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 28 Feb 2026 17:18:19 GMT\r\netag: \"14867fc17e7a0d59f653596d425b2feb\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: AMS1-P1\r\nx-amz-cf-id: 6nYFoelc8XygstT0-aMTTMRhcDtuvNDiCtRawxx2pV9RM0-ZkMgdRg==\r\nage: 845\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":15685,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"14867fc17e7a0d59f653596d425b2feb","sha1":"2c12b362f630bc3058da912580cb4382c73888d3","sha256":"b2086fb19988cbf9d2caa696692c0711145ee92124319146e0d1352d8eb5797d","sha512":"30999e7314d56ead316c3bb0591b2c4bc158f1841e17a107a46587622d81cdda24fd5a9a3ee921f389a6716e9fb00a40250fa1c3ecf6c05cd48ce8ef2be1a18b","ssdeep":"192:Rc6NViX29WR+ctayDQ7/p3GyxLq3ffZ0CVcF6rNUOuSeK3+nX8hOUO40252JCIo9:RFyrSDK173Us5MCkC","tlshash":"476295ad68f345680763603d1bbf6218b1715113349ecc50bc5ca6117f90e67da7abec","first_seen":"2025-12-09T15:18:57.63761Z","last_seen":"2026-04-22T10:51:00.227375Z","times_seen":869,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":67,"dns":18,"connect":18,"send":0,"wait":20,"receive":1,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}