{"report_id":"3b4076bd-fa0c-437a-8a6a-2c742c9a0801","version":6,"status":"done","tags":[],"date":"2025-12-03T06:12:45Z","url":{"schema":"https","addr":"ahegao.online/sister-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"172.67.142.87","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"title":"Sister Breeder Episode 1 - 2 - Ahegao online","dom":{"size":1179,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1164)","md5":"859302f2fc09f479875fb43748bd7f0b","sha1":"e8f9ed3a8b789ca6e6e92af78ceda544a44eeb13","sha256":"cc2f713889a8bb335909a6c3093dba8c5e2dbb48d0bd9294b973e00c44921cc8","sha512":"b242f6380877a3219ce265f9fc3fb10e82c0732c0b45b69e738696f50eef839f700b13cb3e7d5fd71b02d4020079d5166876512c26bf4961172fd39fe5566318","ssdeep":"","tlshash":"de21517992d1b86dcc2581c4cca149cc373bd3294a8c7e449e4a72b2b10d4ef66172dc","dom_hash":"domhash6065967dbb44769c81e100e4bfc90992","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"ahegao.online/sister-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"172.67.142.87","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-07T06:12:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"hw-cdn2.ang-content.com","ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2018-11-15","domain_rank":4721082,"first_seen":"2019-03-25T22:41:04Z","last_seen":"2025-11-26T06:13:16.000258Z","alert_count":0,"request_count":8,"received_data":436485,"sent_data":3860,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]},{"fqdn":"3dhq1.org","ip":{"addr":"151.80.18.202","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"2024-10-10","domain_rank":997376,"first_seen":"2024-12-05T12:46:42.6231Z","last_seen":"2025-11-17T06:41:21.1261Z","alert_count":0,"request_count":4,"received_data":2021284,"sent_data":1888,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"a.adtng.com","ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"domain_registered":"2018-07-20","domain_rank":79851,"first_seen":"2018-07-26T19:17:41Z","last_seen":"2025-11-26T20:51:37.245689Z","alert_count":0,"request_count":4,"received_data":49193,"sent_data":2662,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"static.addtoany.com","ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2006-03-10","domain_rank":28267,"first_seen":"2012-05-21T12:58:18Z","last_seen":"2025-12-01T00:54:08.099217Z","alert_count":0,"request_count":10,"received_data":90301,"sent_data":4662,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"s3t3d2y1.afcdn.net","ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2022-06-27","domain_rank":0,"first_seen":"2025-11-21T12:51:16.33547Z","last_seen":"2025-11-28T12:51:37.799595Z","alert_count":2,"request_count":2,"received_data":18851,"sent_data":972,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"hw-cdn2.adtng.com","ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2018-07-20","domain_rank":157324,"first_seen":"2020-02-20T16:50:17Z","last_seen":"2025-11-26T14:43:16.8807Z","alert_count":0,"request_count":3,"received_data":52440,"sent_data":1365,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-30T22:14:19.793229Z","alert_count":0,"request_count":1,"received_data":7626,"sent_data":506,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"vainanalyst.com","ip":{"addr":"88.85.68.219","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-09-04","domain_rank":869851,"first_seen":"2023-09-04T01:16:18Z","last_seen":"2025-11-17T06:41:21.192223Z","alert_count":0,"request_count":3,"received_data":39848,"sent_data":2027,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-30T22:13:37.547558Z","alert_count":0,"request_count":4,"received_data":106936,"sent_data":2116,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-11-30T22:16:05.472311Z","alert_count":0,"request_count":2,"received_data":745543,"sent_data":885,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.mysteriousimprovement.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2025-11-19","domain_rank":0,"first_seen":"2025-12-01T09:43:19.853809Z","last_seen":"2025-12-01T09:43:19.853809Z","alert_count":0,"request_count":2,"received_data":208228,"sent_data":929,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ahegao.online","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-05-10","domain_rank":229618,"first_seen":"2016-05-14T03:14:01Z","last_seen":"2025-11-17T06:41:21.272496Z","alert_count":0,"request_count":22,"received_data":3322726,"sent_data":11738,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:7.4.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"AddToAny","description":"AddToAny is a universal sharing platform that can be integrated into a website by use of a web widget or plugin.","website":"https://www.addtoany.com","common_platform_enumeration":"","icon":"AddToAny.svg","categories":["Widgets"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"neverstoprotation.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-03-09","domain_rank":204761,"first_seen":"2023-03-09T07:51:53Z","last_seen":"2025-11-28T15:15:14.827616Z","alert_count":0,"request_count":3,"received_data":1097061,"sent_data":1908,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"s.magsrv.com","ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-08-01","domain_rank":47665,"first_seen":"2023-08-04T12:48:00Z","last_seen":"2025-12-01T07:32:10.961535Z","alert_count":5,"request_count":5,"received_data":17141,"sent_data":3709,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"a.magsrv.com","ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2023-08-01","domain_rank":51490,"first_seen":"2023-08-04T16:18:00Z","last_seen":"2025-12-01T12:55:50.988552Z","alert_count":9,"request_count":3,"received_data":557670,"sent_data":1239,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0299a29dc6401ff6b13a21c0ab18ffd8","sha1":"d59ed31bf187c700ceb001177b7a8b8cd16900f5","sha256":"a56c29e8de0b00eecfacf773be1634f2aac8dc104953a76134329ab7d59e97bc","sha512":"31eff6649746d082fc2d674dd87e2b4c6668bab73aee878d9b95f0cde8d3cce32905fb0fdb3b780fd67713aee512097f1949e1423c72defb06b24ceddd79dac4","ssdeep":"","tlshash":"84f03026cc04952f20ab6dfb03179f0b00a5f09936bd5aa8b02cccb4f19e141fa1632a","size":573,"data":"","first_seen":"2025-12-03T06:12:56.44155Z","last_seen":"2025-12-03T06:12:56.44155Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/tumblr.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"69da5ce7bc12ff6a3574b419e52cc5bb","sha1":"49f624343a8f70e504397e152d4d4002c1d81e30","sha256":"2babafd803a9de8606d0b04be90894c4bd3c69b7788380e644f3eaa3722aaead","sha512":"2b713e2e0ebb3e0fd1be067177100d779dbc934888fb3b5eda2c51115a3f3e15006887fbaa5272e0ad16b17219547992c7eabd9f2284f55660031fd4cbc90a4b","ssdeep":"","tlshash":"19e026a81664edc4cf7306bb871e21cf623a74ae21cd8ac29ab848b95c764399487507","size":358,"data":"","first_seen":"2024-04-25T14:16:00Z","last_seen":"2026-04-06T10:34:36.332227Z","times_seen":451,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-FYJMCF9B38\u0026cx=c\u0026gtm=4e5bj1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"29e725cc986857c4ce3bbc18a803a658","sha1":"fe0ccf3eb8bc6d4b4ec4eda6653c0e9bdde4b90a","sha256":"2bade9de05948989dda953a327a3292d6c7e6defea1e9263052224008011fe6a","sha512":"605a2c4909330aa3b9beff9155b5ca0cc74bb0bd8b23466e07d30e2135679c6c3c8226277868da3dac05752cacdf36884b3e7034e81b7a8948429a63ca3bba07","ssdeep":"6144:1iWgKOtdDUI23EBULUVW66O7GQEO71skIaV0sBLatgFvu:1B3O3UHEBUfO71KgM","tlshash":"cf9418ce73d674225396f078502f018ba57b28a2b44cc896f1c9cde52e74a9a4277f7c","size":425186,"data":"","first_seen":"2025-12-03T06:12:56.418006Z","last_seen":"2025-12-03T06:12:56.418006Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ccfacfc946099bf13c55ea4504a60df","sha1":"496f57bbeca633ccf8354b8ecb4d6de515eb959f","sha256":"8202b5ad457a6424d9ce609d50ed051a005fff5b84a74996c8160fab9cb83c9c","sha512":"320e02b5b07a12deb8bd7e60dcc7356d0e827ad4b5591704c4543804ac5517574e0ddd48984c41d795fa773aede258b55089bbb34b9db2929c7e889f732450b2","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisGEolY4o/CXMXpo:U+28VOk262lElwnRjfs4s7hpo","tlshash":"4e045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185377,"data":"","first_seen":"2025-12-02T09:42:15.813455Z","last_seen":"2025-12-11T11:32:32.79372Z","times_seen":269,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ccfacfc946099bf13c55ea4504a60df","sha1":"496f57bbeca633ccf8354b8ecb4d6de515eb959f","sha256":"8202b5ad457a6424d9ce609d50ed051a005fff5b84a74996c8160fab9cb83c9c","sha512":"320e02b5b07a12deb8bd7e60dcc7356d0e827ad4b5591704c4543804ac5517574e0ddd48984c41d795fa773aede258b55089bbb34b9db2929c7e889f732450b2","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisGEolY4o/CXMXpo:U+28VOk262lElwnRjfs4s7hpo","tlshash":"4e045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185377,"data":"","first_seen":"2025-12-02T09:42:15.813455Z","last_seen":"2025-12-11T11:32:32.79372Z","times_seen":269,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10009643?time=1583262877801","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"eventHandler","is_inline":false,"md5":"32b877ce91cb6ec0da746bbb78289340","sha1":"53b76e03f4c11bcf201daa086ab80af5c04cdae6","sha256":"4e203fca68fb538525a6becc21237e2985ac55a295fc4ff3c4d75478874d7658","sha512":"b9f7f96b8d7a0c7a4df2cd289d7b0c90ec7c4c820ce49b6302a40a65f30826afc70efccd43c30a390baadfdd56ffe75447e32506bd8b92732b2a0e3b62434df3","ssdeep":"","tlshash":"785000f3030c0f000003fc000000000000000000f00000000000000000000000000000","size":8,"data":"","first_seen":"2023-04-10T17:50:31Z","last_seen":"2026-04-07T06:22:11.837055Z","times_seen":2101,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10000867?time=1583262438188","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f6b1595227948a02e84186651d3586ea","sha1":"373bc02b6fcd3de84a11a3704998070071d398ca","sha256":"9fa1daa02a5c0e8e85b0d95445ecae3cd89e0685898a471c8e3b1d805c7b8207","sha512":"dd1097df06eb5c0821611f2b59d755544d112bbc5984150e6643c89cd92b095d9b54e619c28083f573dee973f09a95bea0522ba0fe7f3b84a4594dc4756251d2","ssdeep":"192:0rMA8yf+yXDvqzaFASu/C4aVrrKVlvJ31gr0S9l1AM+iqFd+tUC:0rMA8yf+c6sARC4tSr0pdCV","tlshash":"f772e6be7242b851a67b29a280af110e3f3199a3b85cc44084d6d9d17d34d7d93bfe6c","size":15989,"data":"","first_seen":"2024-01-10T23:12:26Z","last_seen":"2026-04-07T06:22:11.835282Z","times_seen":1178,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-includes/js/jquery/jquery.min.js","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-07T06:12:10.041556Z","times_seen":692029,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.mysteriousimprovement.com/ecc874/8432b5c32887.js","fqdn":"www.mysteriousimprovement.com","domain":"mysteriousimprovement.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e75be77cc28e1a0b2ba17d21010ed4e6","sha1":"a95fd5a5354710979b3438d136a0c385d9bdb421","sha256":"df0d6945ef99d5d815c4860c06e855a54e09246704730a8e6b3eeb4616ae91d6","sha512":"ca7f0317944ea65357e6d2390a79b012c98f9f95365be840677136b4ac95af703e665a7639aa4adbd335ff2d072dc2e69a15697678b3748566305027bf7db099","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvD0:OijxEQq3P5Enne9zkWHLm","tlshash":"b0a33461350b64fd2ad0c1e7eb6b20886c295810e469cca1ecd1d7c7d6eb8e3429b5f7","size":103683,"data":"","first_seen":"2025-12-01T09:43:27.5577Z","last_seen":"2025-12-03T06:12:56.421063Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js","fqdn":"hw-cdn2.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"48c80c7c28b5b00a8b4ff94a22b72fe3","sha1":"d57303c2ad2fd5cedc5cb20f264a6965a7819cee","sha256":"6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356","sha512":"c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658","ssdeep":"192:/u+H3An7ybVSpBjen6K1GegJjgF+TDg91wTr1PH3kV/LQB3OJIuq/Y4RBF4B3ve:/vAvUxEtkmZZY4RBF4hve","tlshash":"4572954c7250f0f743c39522413f120ff3369898b15a90687369d8fa6cb889e6267f79","size":16885,"data":"","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-07T06:22:11.761861Z","times_seen":2343,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js","fqdn":"hw-cdn2.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"48c80c7c28b5b00a8b4ff94a22b72fe3","sha1":"d57303c2ad2fd5cedc5cb20f264a6965a7819cee","sha256":"6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356","sha512":"c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658","ssdeep":"192:/u+H3An7ybVSpBjen6K1GegJjgF+TDg91wTr1PH3kV/LQB3OJIuq/Y4RBF4B3ve:/vAvUxEtkmZZY4RBF4hve","tlshash":"4572954c7250f0f743c39522413f120ff3369898b15a90687369d8fa6cb889e6267f79","size":16885,"data":"","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-07T06:22:11.761861Z","times_seen":2343,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"neverstoprotation.com/iframe/5ebd27f8848b1?iframe\u0026ag_custom_domain=ahegao.online","fqdn":"neverstoprotation.com","domain":"neverstoprotation.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a9e8a4152268d5dec29b9bbb1bcafbf6","sha1":"3811b4095ea4d3331d8ea5858cb387bf0ed672e5","sha256":"3224a541bb1ede0b595368e6b0ac2a5ac2519e1f267fd12f0cb90930a6ff5b41","sha512":"371a77f23c4508031eaa8c2b236ce2784ec8117c3661b3f4b2e76762e1fb1cc174e9ff667781129310824ae5dd364b1918e535d0fc3d4aabc7f615f99dc506b8","ssdeep":"","tlshash":"a89002572282e52c889a9a9f541147592c3480111851bad0a40519b04591e914e165c4","size":55,"data":"","first_seen":"2025-03-26T18:40:14.781649Z","last_seen":"2026-02-27T11:56:59.107343Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10000867?time=1583262438188","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"eventHandler","is_inline":false,"md5":"32b877ce91cb6ec0da746bbb78289340","sha1":"53b76e03f4c11bcf201daa086ab80af5c04cdae6","sha256":"4e203fca68fb538525a6becc21237e2985ac55a295fc4ff3c4d75478874d7658","sha512":"b9f7f96b8d7a0c7a4df2cd289d7b0c90ec7c4c820ce49b6302a40a65f30826afc70efccd43c30a390baadfdd56ffe75447e32506bd8b92732b2a0e3b62434df3","ssdeep":"","tlshash":"785000f3030c0f000003fc000000000000000000f00000000000000000000000000000","size":8,"data":"","first_seen":"2023-04-10T17:50:31Z","last_seen":"2026-04-07T06:22:11.837055Z","times_seen":2101,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10009643?time=1583262877801","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2e369c77196abba9ba7c155c1e02a143","sha1":"1c8179e4ae3bd3534db6725354819b3981032d8b","sha256":"4383e19cb1b84463ce4564e348a9bd3cd3d68d6f02ec8b29fa0b556bce8102c8","sha512":"90daa1877ba5ce81f9762741393101cee7be7466a9ee2580c3f21df532a4a5aa9776d85b757625558ab7c4e9eb7bac22aa36a3ed727d93fa0171e01d65154d42","ssdeep":"","tlshash":"302100b58c09bc9ae6a520c16e4b599cb7be35991588c3933bcec7d2cf28cd15e2c446","size":1230,"data":"","first_seen":"2025-12-03T06:12:56.445299Z","last_seen":"2025-12-03T06:12:56.445299Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10009643?time=1583262877801","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"59c610bc8d2c5d85f555e6e0dc05841b","sha1":"c2fc45251ad6b7221d9d6e0b2a37399c43b215ea","sha256":"83c911301c7dd778c9f10c102ef72fdf326c81edc1b1cde9c29d810d8b88887d","sha512":"2b69d9c5843a194c897aeb523d8b74a16d17968efe1f71c4c0438cddd09dc7fb9f179f563d254e5dca96e3da7a9873234fa712b9084144c8a316766ab451b5bd","ssdeep":"","tlshash":"cb114262251ba17cf42a16337d294bb40b561797688280a46bd2cd8f59b157fc0402ad","size":1046,"data":"","first_seen":"2025-12-03T06:12:56.446477Z","last_seen":"2025-12-03T06:12:56.446477Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d9731d3052c4baf1c71c06c05ee01016","sha1":"8b9d43edd1f183164f687abbe7ff09661b6231f1","sha256":"0f05b1f14937b83b12365aa02e1e0f021eb24755cfa294e699b628759e574b3f","sha512":"233c706cf91ddd9370da914cb1afcb43687bdde69fb023677a881a475be1fe478e0ff2922fdf94811c80f5013c1a08a859b95894bbd6fb70362aa589ff2c3517","ssdeep":"","tlshash":"8a11ef0af95511f346ac50b0af4ffec23e290ba9ce1802721294352d26a4f0e7c564a4","size":859,"data":"","first_seen":"2023-03-11T22:22:39Z","last_seen":"2026-04-05T11:31:05.421103Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7e52e44356b2b53b63628ea57498d235","sha1":"7f124c15ffc077f6c0ab25cbc8470d6bf076880d","sha256":"d807ead96aa9d06e6c01d75f564fc50a801b3a3fac1d67b4061655524b10b046","sha512":"f2a2065832f815257f34cf50e0dd77c0ef0e8acd525a31e120e11ec019b8d0bb7e6935b7bded1c478e50226a805811b64b868b987d5636e632fbe6e312ea6998","ssdeep":"","tlshash":"1b90022295045a94018251241414e852a0e0aa51b7055d73e8c95408451491054455a0","size":46,"data":"","first_seen":"2025-11-17T06:41:31.229037Z","last_seen":"2025-12-03T06:12:56.448013Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e50227c9b269ddf39cebc0d838f9d04f","sha1":"e6a8eb0e20a8652de1249407500651f22a51361c","sha256":"c03e6cf93c411bbfda9263490ecf7c3d8d03298f80108dc4eb5a6f22ef514913","sha512":"60179e998236110a635ac403820bb4c3f251393c8273961fc7db48f8272e8b11260a7ce991bc47c1a07e83d67bee54b3308931e55dd9414f283078ce6c4eed9d","ssdeep":"","tlshash":"87c09b88311a4c7596e72740cb7ff604f451331cd5d55d37491d63455d10f17db54854","size":150,"data":"","first_seen":"2025-11-17T06:41:31.230381Z","last_seen":"2026-02-28T15:38:34.045728Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9d1d185a210b650e07f52e7f23175f01","sha1":"3e17cccb13288b9b0ebdbbb80b97f87689307c79","sha256":"1d4fd08ec5cf99c9eccf43ec34fcba25c1b8c230778676335fcb9544590750ee","sha512":"8bdac7d7b88fe2de9edded8e1facc27845e9c8864f0f03b9c67bdeee7689f0bdc3a868469fd8fb827ec0ccf7ced7052f9d3a51ecaac7a058eae48fe46c46d5a7","ssdeep":"","tlshash":"19e02dd8084c3030a3fa407b633cd12534120040e4817081564dfc39bb91be80ca7888","size":331,"data":"","first_seen":"2025-11-17T06:41:31.232225Z","last_seen":"2025-12-03T06:12:56.450421Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10000867?time=1583262438188","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ed4a05d3af2d4a7428bcdd5a0c3aa37b","sha1":"7a599eded3fe1ee5179e32900b1ba69fae8c1236","sha256":"24dd9001c14f966de372918ce1aeabd09a1b2d200922b7b55bd01f5e983d879e","sha512":"019206caa51356094e87eb60a6836f66e5646d94d923834cca8e83c0d4a35b42db43a8c3f1d031a7323b3646e2d409ad8af9d95a1a49af0d3b2f9cefffce7817","ssdeep":"","tlshash":"752121f7290240fc31732ac4cf1b3f84b1a9a300be59d444c41ed9baba1586bf4326e9","size":1281,"data":"","first_seen":"2025-12-03T06:12:56.451545Z","last_seen":"2025-12-03T06:12:56.451545Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/pinterest.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"829f9f104207e6afc27f967b307d594a","sha1":"b7f2a19ff6f22e82eccce298a79a043134a3ccd8","sha256":"af131f38af73817b1fbcd3381d88c95f4123b4b5a58ca4bd0872a68f29cbbf2d","sha512":"26defdd6b42b384b157642e39d8144524484591b32b8e8689b114551fc8c7d69dc11cb903a202ed1c70a86498b08fcac8be9f18e9eb2c5c9ff2dc3d3a0b060df","ssdeep":"","tlshash":"d61100e7471092cc08cdbd6e9f1a149ba71d7cbd2fa901d2150ece7498d3988ec0390a","size":892,"data":"","first_seen":"2024-04-19T15:00:28Z","last_seen":"2026-04-07T04:44:34.70402Z","times_seen":1589,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/sandbox%20eval%20code","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-07T06:12:43.370298Z","times_seen":777453,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"41eece0da217398b6f4d4ee2f01b6245","sha1":"72f2098b0520b07dd3c6874646c920a3d367a4e2","sha256":"62bba8c2295a14bb2d007a3f7f8730fd10cef7348a6474f3f832c99ca6795d35","sha512":"1009ef0076bfb735c9b40fa3b106c8de414943b27fd74cfd315265ad768592a9d3eaf408c2392269659fb5af26c32f454d8f8a86fe0044d5a0c46ef424ebe207","ssdeep":"","tlshash":"dec09b3d110413fedfd5359ddc05667d1811b1b1d1918cb04715d527605de144cf3801","size":134,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-07T06:18:40.651947Z","times_seen":11692,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/twitter.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca05cf90bd32d6134c0b92464c343f9a","sha1":"187feb5cc71d225717838268487a0abc9b8d405c","sha256":"3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636","sha512":"d36553644d3a52a96dbf733c7eb766deda074c926f44514001633dd0a3ea2b84d1a835f207bcd9772e33b2a8c086616cebf6119a3d802134636ef7c53e92dec0","ssdeep":"","tlshash":"8bf0ddfe277c60dc28234baacb15e5591b2d30ba3b8051c3061c87b0488791ce503d42","size":645,"data":"","first_seen":"2024-04-12T16:11:45Z","last_seen":"2026-04-07T06:31:11.721072Z","times_seen":4031,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/vk.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c04dea781d39cda7192e16e0210aebe1","sha1":"53387a72b5046d96cbc057fbe8397ee867faeaea","sha256":"d5253661fb06ef994e0abfc00a99ee5fe2ed3971094b485a8a94bf9332877166","sha512":"7f951308152a101a6470acce08d82330f3383eabaedc1f3bb580f1d42a725dc684304aeefb8bb7a01c4095d385d4d1315b7654d30b0fa2086a50ca7888ceb418","ssdeep":"","tlshash":"d0111f99432087006ed7c4bccf00ece6653b506e00b8a7c5437d9a7cd5da9daed0445a","size":1012,"data":"","first_seen":"2023-11-02T13:28:09Z","last_seen":"2026-04-06T19:05:39.562023Z","times_seen":621,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6b4a233200b81d89dd15739deaaade90","sha1":"5ed46c9d3a57edc3cc23f82b4fd93fdd3abd6059","sha256":"02440688bd1c4d95a9258d68573225d0dce080162667a1c21c329a6bea34d512","sha512":"08731453322b28d96dcfcd4fed342693379b267314bd1ebefc101fd02cd8e7f3f4c8d00dcb422784f0b1c96337494a73061287e26465601eeb3f3e7f811ec958","ssdeep":"","tlshash":"92a0223c3e800f38b2202082280b00cc0a28a0330208280282a38000808cc33f0e888c","size":67,"data":"","first_seen":"2025-11-17T06:41:31.235895Z","last_seen":"2026-02-28T15:38:34.04627Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ccfacfc946099bf13c55ea4504a60df","sha1":"496f57bbeca633ccf8354b8ecb4d6de515eb959f","sha256":"8202b5ad457a6424d9ce609d50ed051a005fff5b84a74996c8160fab9cb83c9c","sha512":"320e02b5b07a12deb8bd7e60dcc7356d0e827ad4b5591704c4543804ac5517574e0ddd48984c41d795fa773aede258b55089bbb34b9db2929c7e889f732450b2","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisGEolY4o/CXMXpo:U+28VOk262lElwnRjfs4s7hpo","tlshash":"4e045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","size":185377,"data":"","first_seen":"2025-12-02T09:42:15.813455Z","last_seen":"2025-12-11T11:32:32.79372Z","times_seen":269,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/modules/core.oafg07ee.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a0efe46283cac93dd3c057bc30548a5","sha1":"e488c97789dd77545c8bcfff0efbaea93f9adbd0","sha256":"292d24e79b1e264ced629c35d3b59a7a83093f972cdd0eac61e7b32189964772","sha512":"a04fd7ce8bc19db42cefa9bcfd3cdcc1b2766f2b89f33a6abb10e67d0853a29cd5715a30aa92de70bdc8b00c2a5cbdb519be310adf8f6bcdc51d1dd1f37cda72","ssdeep":"1536:e8fJLQgdDGsto0AnVnCN2kw3vnNvCAvJd84OZQrKxRNa6upg1fE3i4BQ:VfKg6PvCulOmrKxiNpg1eQ","tlshash":"16635c9f37066937aa1b30e8a8efa508a037275e9e080954f5a5d4b511fdecd3067f2c","size":72512,"data":"","first_seen":"2025-10-23T06:03:39.901486Z","last_seen":"2026-04-07T01:03:10.188649Z","times_seen":16592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e5817bcf4c82c7c85d1d88636d221ce","sha1":"b5c32cc6c931c33c1297884016e13d3b9a5bf261","sha256":"6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c","sha512":"08176e8fd06443f72738a279e22a28b4fd340e22d1abbf9a04f131286598cf1be98a79cbe776b37380fa3d6d396e431e3d8ba38f0b73fb0f3261b8753dccf706","ssdeep":"96:SyJLyojtnYt2b4PIdQXahVCzS3u7CuEi7rh2dC2+A4coFLULlpUsPK:rmXax3GCri7rpA4TFejC","tlshash":"1ea18301197529364cf82561911f2e6f42a286255a9bbca1c3c2fe44fcf5e53145bff3","size":5027,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-07T06:22:11.787139Z","times_seen":2325,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-07T06:18:40.656331Z","times_seen":11456,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/cache/autoptimize/js/autoptimize_82037ecf4ef1c6c51fabf6ebd29cc865.js","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b31ab65ba799273a61c383d591a1d807","sha1":"3c15a7672c58fd74d9055597b2a44b1b957044fd","sha256":"aa744f374fb182ed6882838439269e029bf708e0ee7b232590257925e2c32ecb","sha512":"ba8debfba974ff53d0e4d9bd3c2c149c8c6151a538abd7bc4945675bb7c9894a3ae3ab77afad7d907a9e0810a8811549f0637ae85182c822c0e9cb3cb5121508","ssdeep":"1536:0rP7Q+hBMCMrFXXPhJ0Ixkgxb2RdtIP4NnrROavPFzULNuIxQ8OQth8ZqfBk5sX2:0rPU+8Prpb0KadtIP4NnsRxzhth8ZWX2","tlshash":"4e93194f7310322646abb1ba916f020f7137a66da906805cb17ad8eb5d7d84e6133f7c","size":95997,"data":"","first_seen":"2025-11-17T06:41:31.153967Z","last_seen":"2025-12-03T06:12:56.428218Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"b371217e361d6779f2e74db0ff282099","sha1":"46e0a8cf7bfe24dd15eace1c418f674a375e2a17","sha256":"01a8eb9366aa3d6d9eb3c66187b4463bdf0a005b68822b640b999204a83315dd","sha512":"c97bd801d417316d6c6a7856986d3944718728eac86a80d494bb91fc1787d0a6175dffd44cab0dd9619ade1140f064f2c972ab02f463557e20015d49fec2c8f3","ssdeep":"","tlshash":"648000a80238c0082002c3000023c8a32000280f0088838cbc0328c2a0b88000002ea2","size":34,"data":"","first_seen":"2023-04-11T08:14:10Z","last_seen":"2026-04-07T06:52:37.136185Z","times_seen":2884,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/a2a.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"baf0595a19bdc7f7497b74731d2166c4","sha1":"fd5714384c52fc0338083574434d12328313896c","sha256":"3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43","sha512":"da0e15a709b3d043e8cd9e4f97cf70d8c1addc2a7d90b6bb11d71cd72aba9133e5b9388528691cf6a354a6aaa346045f64d82b947883057471e1f1a2fdbd1901","ssdeep":"","tlshash":"74c01291501575418c1342fb475e500b167120bd015c14ca36a881f9595613f8c42fc3","size":182,"data":"","first_seen":"2023-03-08T14:25:33Z","last_seen":"2026-04-07T06:31:11.78136Z","times_seen":14600,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"23fc81a54d2656c03d0a3a9dee1ac26b","sha1":"8b4555e7627aec586aa417ff3dacd7c5234a45ec","sha256":"be4f0d91bfb012f1dde3db9b7511a617981af70aa7246969dfd81d3de0311048","sha512":"c2bbbd71fd3f7e46ffc4e0dd1becfbc378d9e9deea3caeee12bb9a24d9be60c3bdf61ceb18089a7e4567308f8d3b23033ad9ea8cf0363c28a6328afb8b17d899","ssdeep":"","tlshash":"b9a0223e3e800f3a33002083080b30cc0a2880330208280a823380000088c33f0e88ac","size":67,"data":"","first_seen":"2025-11-17T06:41:31.241668Z","last_seen":"2026-02-28T15:38:34.051731Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-77858295-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d749f5d6bfbdcb8af25cad951573f468","sha1":"10ed7d488682f151271e4e55a1375b1e53bfa6fd","sha256":"a96a8bda56a8d5a7313fd216dc7c21303b9aa836ff1c9c5f1195fec741c9e1df","sha512":"27e5e21d126259c0ada6d31d0ae6f7b02ffa3a349dff6590d301cf434be19e550f78ba24cbc2feaf97b3c23fcb92cd2b6c0cba5c7da562bddde03327f3626109","ssdeep":"6144:2WgdtyDUI23ju0IVW66O7GQUO7LcUUfecq:lsoUHjuGO7bht","tlshash":"c46409cd73da742243a3a474503f018ba27b69d2f84cc895f186d9d52e70aaa4277f3d","size":319169,"data":"","first_seen":"2025-12-03T06:12:56.432099Z","last_seen":"2025-12-03T06:12:56.432099Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/reddit.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"408cc755e613b4f00fbe10d7411ed087","sha1":"14341990ed687477b3addbdd1a3b50ae8a98589b","sha256":"68ed9b82b62d45cf5d12587a7e9566a4ddeb94d69bcb225e9e3c7268c76b3cbb","sha512":"713379c452034896501703ce09391f7ddfb3b0053276ff0dd1a499eeb3c99ebed97ce8fd77e4910d962ba4ef4d8f1d23dfe7c51a0b7d0537baabd5be5cf05a01","ssdeep":"","tlshash":"891125fe471c94ec0ea36ae9af168059531fd875359b07b01a6fdbf92543008c407a92","size":893,"data":"","first_seen":"2024-04-16T17:58:32Z","last_seen":"2026-04-07T03:20:01.337093Z","times_seen":2615,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/page.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e9a3b98e2acbdadac054fdc26332edf6","sha1":"e79c2933e456e2bc1031ad2bb59c006a8b602090","sha256":"fcb4248858836c831fd9ab8fa4c5a8fe0b8cd038c804fa6cc44a5e9004e163b6","sha512":"d6c64f6804ad98d601ea30808b63008698e9c199892da2b587e61fabb4a35de8badff61b02534234d8ca1ad09945849433a19dca3cdb5215d672ebfc1782c564","ssdeep":"","tlshash":"4861b74f774ea8734a5736bac19fb60f2223731e5c6588048914e4d449bcec6501fa7e","size":3179,"data":"","first_seen":"2025-10-23T06:03:39.971585Z","last_seen":"2026-04-07T01:03:10.185945Z","times_seen":16689,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10000867?time=1583262438188","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2ec0c9ad862d37a73276e820ea03ff62","sha1":"861c45fa985a2a14de830a8168501095216a5e7e","sha256":"5610dd5fe90bd3dbbfd58e67d8c812db1791aa165813f2dad82485decb8d229f","sha512":"fc1428e3665946bf7db7481ce7cecff763682d50cb45b0e809c7524c35acf8c1ad46e813b02c987e531803a39cd0088321f7ca3616e66f4d85f492dba0c6520a","ssdeep":"","tlshash":"f511320238002278f4376233bd2c8fe05b562986298244e866dadc8b78708bfe14163b","size":1038,"data":"","first_seen":"2025-12-03T06:12:56.457508Z","last_seen":"2025-12-03T06:12:56.457508Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"41eece0da217398b6f4d4ee2f01b6245","sha1":"72f2098b0520b07dd3c6874646c920a3d367a4e2","sha256":"62bba8c2295a14bb2d007a3f7f8730fd10cef7348a6474f3f832c99ca6795d35","sha512":"1009ef0076bfb735c9b40fa3b106c8de414943b27fd74cfd315265ad768592a9d3eaf408c2392269659fb5af26c32f454d8f8a86fe0044d5a0c46ef424ebe207","ssdeep":"","tlshash":"dec09b3d110413fedfd5359ddc05667d1811b1b1d1918cb04715d527605de144cf3801","size":134,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-07T06:18:40.651947Z","times_seen":11692,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vainanalyst.com/cwDh9.6vbx2G5ilTSkWfQg9gNVD-EbySN-zhI_2/MdCi0I0kMjTsIQ3/MxjnY/xZ","fqdn":"vainanalyst.com","domain":"vainanalyst.com","tld":"com"},"ip":{"addr":"88.85.68.219","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"231e52ef517f03805f28c923a57fbc72","sha1":"94bd96f6b88d6081460704cf4212280103907ba7","sha256":"2e840ab98c86714d4d997793b7c8a554eea4e517db94497017a69e5e4814bc06","sha512":"98f32bb9493e569c8b478f06ccf051e2f9d6d9f0c0b18629e0696dab11ee8fd0be81e6f218124abb8e4236232f1019526abde9c26e57b454febd3a91e21e3268","ssdeep":"768:QZhdZg7J0OMLfTF9dFaQNp8JY29c6SboEBkleZ2YoOcLhIyPTgLgooDMiG82IGcY:QZ1g7JQLqQNp8Jr9c6SboEBkleZ2qcLC","tlshash":"c203a7c871c3642642eb507d713f7208b23a54655429b028bc79c8e4bcb9e9f8677bbd","size":38012,"data":"","first_seen":"2025-12-03T06:12:56.410635Z","last_seen":"2025-12-03T06:12:56.410635Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-07T06:18:40.656331Z","times_seen":11456,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"de7507ad26c6c904109c87dd5dfac288","sha1":"952cae1ce6ce1e74b010b31b4357424c12a5960c","sha256":"09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02","sha512":"bf1e05b722c1990f20aba1abe8aa7bedeb660957e0adc012e757cfa9cd9b4d13b39d5f7d0688bc341f7d630b28c160b3e22dacc0ac0f9f37ed22230e6ffe68b1","ssdeep":"","tlshash":"fba002353403501e20265c517d266a0cf84e9475e198345707070470d0e3c4b5d004c7","size":59,"data":"","first_seen":"2023-03-07T01:02:10Z","last_seen":"2026-04-07T06:18:40.656331Z","times_seen":11456,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e5817bcf4c82c7c85d1d88636d221ce","sha1":"b5c32cc6c931c33c1297884016e13d3b9a5bf261","sha256":"6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c","sha512":"08176e8fd06443f72738a279e22a28b4fd340e22d1abbf9a04f131286598cf1be98a79cbe776b37380fa3d6d396e431e3d8ba38f0b73fb0f3261b8753dccf706","ssdeep":"96:SyJLyojtnYt2b4PIdQXahVCzS3u7CuEi7rh2dC2+A4coFLULlpUsPK:rmXax3GCri7rpA4TFejC","tlshash":"1ea18301197529364cf82561911f2e6f42a286255a9bbca1c3c2fe44fcf5e53145bff3","size":5027,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-07T06:22:11.787139Z","times_seen":2325,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js","fqdn":"hw-cdn2.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"48c80c7c28b5b00a8b4ff94a22b72fe3","sha1":"d57303c2ad2fd5cedc5cb20f264a6965a7819cee","sha256":"6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356","sha512":"c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658","ssdeep":"192:/u+H3An7ybVSpBjen6K1GegJjgF+TDg91wTr1PH3kV/LQB3OJIuq/Y4RBF4B3ve:/vAvUxEtkmZZY4RBF4hve","tlshash":"4572954c7250f0f743c39522413f120ff3369898b15a90687369d8fa6cb889e6267f79","size":16885,"data":"","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-07T06:22:11.761861Z","times_seen":2343,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/sm.25.html#type=core\u0026event=load","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"107e713ee1be819b72679a9b20d1b704","sha1":"1d4a8f1f9af8ae391110851b0c5df66d50a1d8dd","sha256":"8eb57361472f7fa5e3b2def7d28f9a03330413fd300a2223ee2ca3291782a41f","sha512":"503b1a4d5d8ff0a9b6caf23041156bf016983c5243d3c129aa6da4a26b947dc73b4ca76400f3d0bed5b7e67c721948a6f77d4720eec763e78268718e4524ac3e","ssdeep":"","tlshash":"a7f0204ff21e393c86730615309a3c86e43e93708c003230a64fa38306d8b9b574af51","size":552,"data":"","first_seen":"2025-03-02T13:21:48.338565Z","last_seen":"2026-04-07T06:32:28.986726Z","times_seen":33146,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/facebook.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"014bcc757e484e12e3aea6c9d768fd4b","sha1":"4c17157d0012f8002e4e6cf77c5f4a9747792cf4","sha256":"4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49","sha512":"b00fab0ce2e56b56c18e0dc54ac3329d77fc18096e63bc2aef34342770f40dac91c10f7a8a9db1dcc5ce42fbafe637fcb1fdd51994ef937aa00923375476d467","ssdeep":"","tlshash":"dae0ab951236d9864d51093ec71fa48fb3b0b67fa1d8298006bc80b289d20fd3e0ba03","size":429,"data":"","first_seen":"2024-04-12T16:11:44Z","last_seen":"2026-04-07T06:31:11.772949Z","times_seen":16908,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e5817bcf4c82c7c85d1d88636d221ce","sha1":"b5c32cc6c931c33c1297884016e13d3b9a5bf261","sha256":"6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c","sha512":"08176e8fd06443f72738a279e22a28b4fd340e22d1abbf9a04f131286598cf1be98a79cbe776b37380fa3d6d396e431e3d8ba38f0b73fb0f3261b8753dccf706","ssdeep":"96:SyJLyojtnYt2b4PIdQXahVCzS3u7CuEi7rh2dC2+A4coFLULlpUsPK:rmXax3GCri7rpA4TFejC","tlshash":"1ea18301197529364cf82561911f2e6f42a286255a9bbca1c3c2fe44fcf5e53145bff3","size":5027,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-07T06:22:11.787139Z","times_seen":2325,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/fluidplayer.js","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c641be6eeba84b08d4fa8f35040630d","sha1":"6303d126a92797c53ff71ff8f57e3c4154388b07","sha256":"f7d007973bc56beb44fe69827a1feba196bffc0dd4097e8c28853a9bce4365b4","sha512":"464730a99a83a59f71df4cba0548aad96f5b44d6626b3419e3b58d87c307c873402245ff749ff7cc79ddfb753e06fe1ca3d599463d6fd1d15642196990efa5d6","ssdeep":"6144:w0okalkmaeu66EnF4ag7/CbSsRPvPYXVKwSpHGf9OSLHTF2HYeVyW:lag7/CbhRPv49nF2HYe0W","tlshash":"5424098e3a44b6344ccb655fb7afd211327ca91a6c12712ab417fc8dd3e8489d413bda","size":212323,"data":"","first_seen":"2023-10-22T06:32:02Z","last_seen":"2026-03-17T09:50:49.595303Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-07T06:12:43.371571Z","times_seen":775911,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d8c8c7175fbe2e1bc580c3ba48f1379d","sha1":"e927091a0865a741d776f6f876cfe1c5bb868ed3","sha256":"e09cd89d55987171b831428b088105aa48f341cd74750ef3c850acb42431f736","sha512":"b0b0603e61eca471a8ce618f2d9dc2f928bd10a00059f642298ae1df9319016b2f473f9d1a6d0af22bd94fbf5074b1e80e3818f02a858d38c8920467bcdd8cea","ssdeep":"","tlshash":"97b092d47a891e0ba2946ad08a28a766496e23a3a9a12c04ab5692c58245826ddc8a42","size":115,"data":"","first_seen":"2025-12-03T06:12:56.461682Z","last_seen":"2025-12-03T06:12:56.461682Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/fluidplayer.js","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c641be6eeba84b08d4fa8f35040630d","sha1":"6303d126a92797c53ff71ff8f57e3c4154388b07","sha256":"f7d007973bc56beb44fe69827a1feba196bffc0dd4097e8c28853a9bce4365b4","sha512":"464730a99a83a59f71df4cba0548aad96f5b44d6626b3419e3b58d87c307c873402245ff749ff7cc79ddfb753e06fe1ca3d599463d6fd1d15642196990efa5d6","ssdeep":"6144:w0okalkmaeu66EnF4ag7/CbSsRPvPYXVKwSpHGf9OSLHTF2HYeVyW:lag7/CbhRPv49nF2HYe0W","tlshash":"5424098e3a44b6344ccb655fb7afd211327ca91a6c12712ab417fc8dd3e8489d413bda","size":212323,"data":"","first_seen":"2023-10-22T06:32:02Z","last_seen":"2026-03-17T09:50:49.595303Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ahegao.online/wp-content/uploads/2021/04/Sakusei-Byoutou-The-Animation-Episode-1.mp4","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/uploads/2021/04/Sakusei-Byoutou-The-Animation-Episode-1.mp4 HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 248154\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Sat, 01 May 2021 01:37:59 GMT\r\netag: \"3c95a-5c13ac750cce0\"\r\nage: 3538557\r\ncache-control: max-age=31536000\r\nexpires: Fri, 23 Oct 2026 07:16:26 GMT\r\ncontent-range: bytes 0-248153/248154\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Fd2Q%2FduH7eFz5MtBYpc0P%2Fhl0butLOV3KxGRNnrdT1GKe9jJ5chyFEZCzlGmHrVWZe4bv9UB6pG2WjBU5hj6gOH8kLDyzVPiBWJFYX8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97f4f32b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":248154,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"1e0822fb02e40e614c40b7a15acc45cd","sha1":"28b4d389a55a38ca02247dcf5077d883a8e44d79","sha256":"c62b4153026d1440751bde40ba60b2f06585a9897f53e525479e66a08421759c","sha512":"c51553f140ce8724e2bb3551dafed93a4b854773c8dbbb7887744c962646f754de3581f3cd2207b95ba74fcefae2f98da9733350280a146c62fcd78052845e8c","ssdeep":"6144:PViXnXXqZ6QAtzklq6e3j+F03JoqqS1Bno1oe8cVKmE8bIi4ElN6:PYXXiXOzMu3jz3NbvvcVKX8MN66","tlshash":"b9341355e7e3200ec8cccf3a94636b8db67a4c065872b9037de4365df2e94658d3816e","first_seen":"2025-11-17T06:41:31.207171Z","last_seen":"2026-02-28T15:38:33.993982Z","times_seen":4,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/a7/creatives/39/1493/809369/959092/959092_video.mp4","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://a.adtng.com/get/10000867?time=1583262438188","date":"2025-12-03T06:12:24.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /a7/creatives/39/1493/809369/959092/959092_video.mp4 HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: openresty/1.19.9.1\r\ncontent-type: video/mp4\r\nlast-modified: Mon, 10 Aug 2020 12:25:01 GMT\r\netag: \"30782-5ac850b26a51d\"\r\nexpires: Fri, 27 Mar 2026 11:59:22 GMT\r\ncache-control: max-age=10563752, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\nage: 693334\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\nx-served-by: cache-ams21082-AMS, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 89, 0\r\nx-timer: S1764742344.107042,VS0,VE28\r\naccess-control-allow-origin: *\r\ncontent-range: bytes 0-198529/198530\r\ncontent-length: 198530\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":81911,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"25afb6b5a930c7a0cf7f65ffc85814c2","sha1":"c1066029fdecc315884fb8341585da8e8b385f4e","sha256":"8ba6b2f2fc438ece4af2058a695c8529e61d59db25210ca5a819ff2d2047ec2e","sha512":"c74edace9cbfbbac8f50ea59c8454be4dcf52a0b831752a9f68a392fb5e2f2f14d997d8ed7b104967c6fdf704d4a981220668dc3280b378d37112ced68c58d5a","ssdeep":"1536:2+BgoZpernuXg+9V5tdUBu6+5JWVzgY+ThI43xZPjU4jI333+0vWUlSY:rcCg+9ZsndBAvBZwM4nNvdSY","tlshash":"2c83012a13600536e93505746a819b0796bec56079ab43ef7eb03120ad3f6e6dfe131e","first_seen":"2025-12-03T06:12:56.368347Z","last_seen":"2025-12-03T06:12:56.368347Z","times_seen":1,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3dhq1.org/video/SisBreeder2.mp4","fqdn":"3dhq1.org","domain":"3dhq1.org","tld":"org"},"ip":{"addr":"151.80.18.202","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ahegao.online/npl.php/?video=SisBreeder2\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder2.jpg","date":"2025-12-03T06:12:24.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"3dhq1.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 15:36:40 GMT","end":"Mon, 19 Jan 2026 15:36:39 GMT"},"fingerprint":{"sha1":"A7:72:84:DC:4C:CB:FA:63:B3:46:7B:CD:E3:07:E1:B7:7A:98:34:5C","sha256":"29:7C:44:E1:82:BE:33:4D:AD:67:42:47:1E:74:2A:D9:B6:63:31:6D:AD:80:86:27:D6:E9:09:2E:C8:80:85:1B"}}},"request":{"raw":"GET /video/SisBreeder2.mp4 HTTP/1.1\r\nHost: 3dhq1.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=381747200-\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 206 Partial Content\r\nDate: Wed, 03 Dec 2025 06:12:24 GMT\r\nServer: Apache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, close\r\nLast-Modified: Fri, 10 Oct 2025 13:45:11 GMT\r\nETag: \"16cfeabd-640ce2067a82e\"\r\nAccept-Ranges: bytes\r\nContent-Length: 977597\r\nContent-Range: bytes 381747200-382724796/382724797\r\nContent-Type: video/mp4\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":977597,"size_decoded":0,"mime_type":"video/mp4","magic":"data","md5":"d76f90c6412334380ae667f7ffa1232d","sha1":"f2be81fcf2e6de38ea91a46f57767466859c9731","sha256":"537b5dd22ffe9ae3f5e742e5228b559d7b9d2f6ad18646fea839c3525cd47f58","sha512":"50aee1359aad5990f17f023495a7bcdac7abffa52845a9cc35d02eb4098ab8854b404afe984af63795ba86e209db662e054d06635058ca0de54c1b838aabd83b","ssdeep":"6144:yKwwVW3/Ts92fg80uxJ8AlahYiwBf4xU+kJzH9YStlSr9ArGg+RpqPG2GG410C:y69YfgU8AlT+kJDriJqPG2GGjC","tlshash":"2e257f07ff87690aee584bb550c0c35632a7c9dd5a1b030b5a92ba9bfd066e41c873f1","first_seen":"2025-12-03T06:12:56.371466Z","last_seen":"2025-12-03T06:12:56.371466Z","times_seen":1,"resource_available":false,"data":null}},"time_used":523,"timings":{"blocked":72,"dns":1,"connect":30,"send":0,"wait":33,"receive":337,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"neverstoprotation.com/bnr/4/89b/fcc3ed/89bfcc3edc37433e0723ac708b861a9b.jpg","fqdn":"neverstoprotation.com","domain":"neverstoprotation.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://neverstoprotation.com/iframe/5ebd27f8848b1?iframe\u0026ag_custom_domain=ahegao.online","date":"2025-12-03T06:12:24.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"neverstoprotation.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 10:12:36 GMT","end":"Mon, 09 Feb 2026 11:11:04 GMT"},"fingerprint":{"sha1":"8E:57:A4:F9:42:DE:67:03:1E:60:65:BC:EA:30:15:D1:4E:3C:F7:E5","sha256":"05:D0:FD:1B:02:E9:D6:41:92:85:78:B2:5F:5B:08:55:51:A6:1C:8B:F6:51:1C:30:62:49:68:3A:4E:D3:85:F1"}}},"request":{"raw":"GET /bnr/4/89b/fcc3ed/89bfcc3edc37433e0723ac708b861a9b.jpg HTTP/1.1\r\nHost: neverstoprotation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://neverstoprotation.com/iframe/5ebd27f8848b1?iframe\u0026ag_custom_domain=ahegao.online\r\nCookie: c_7a5ddeb5ed541401a4276cd2c24c6c12=1; z_35a9958084703fe607913a4ec4fc0f0e=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncache-control: max-age=31536000\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nage: 225107\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 30 Nov 2025 15:40:36 GMT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Gin3jAd0kfs01g9%2FpoxyN%2B0IYErbSQLsB0CgJz6C9mWfpGEao4IsbfmAmd8UjrpjycN5JQ9AX9dG7cPeRYkAWdtl2PlKVldo4G1MbzQIzhHjNxYaow%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e984bb67a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16225,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"data","md5":"daa7f0f325348938373790771ea90f9a","sha1":"d44c08872e047cf08829115d2ec790c3aaf15bf4","sha256":"5886fab07ea0be7021b41552010ffe1c6d728751aab9f6028c53131ca965dfa3","sha512":"a78712b4e8f088f5eab4664ff271a976457b4a211033334b8a0275538458280f5c606935d197d5b910347a8b82deb1ad73dde0f85f3979a1a8b2e6b677c36df8","ssdeep":"384:j6jfAwakYcjqI3WzZUYyg84b0UJ9Wo5BvehH9pPPgjKaoB9vBZsbRg73YeuFv:9XkYcxqPyg3bHGK2Jjvnsb+7LuFv","tlshash":"6eb2ce186246f7d2f1b124f5a68a0bd051889b18e3c6df61e4e45a603dfb113f6ff894","first_seen":"2025-04-21T00:55:21.20201Z","last_seen":"2025-12-03T06:12:56.374254Z","times_seen":2,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-includes/js/jquery/jquery.min.js","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 05 Dec 2023 17:13:45 GMT\r\npriority: u=2,i=?0\r\netag: \"656f5a49-15601\"\r\ncontent-encoding: gzip\r\nage: 1395\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ppeA%2BJRsHZJ%2F6uQEg1OUEQC%2Bg74NS%2BoGeo435Xmx7KbfnfwZiXafRto7Rtq4tDiMzSaD2PG4lfFq%2Fnu2ma306LeIv7frQgC1pW5Q2MI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97ccaa8b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-07T06:12:10.041556Z","times_seen":692029,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/plugins/kk-star-ratings/yellow.png","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/plugins/kk-star-ratings/yellow.png HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/wp-content/cache/autoptimize/css/autoptimize_6ebe74c29829631e6768afb8373a40cc.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: image/png\r\ncontent-length: 370\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Tue, 05 Dec 2023 17:40:58 GMT\r\netag: \"656f60aa-172\"\r\naccept-ranges: bytes\r\nage: 617\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aZvy8by3FbF085OYxlsfr9ClRxrdTKwo0SybZNU62UCcRsvuqmMm0px6NLfZZBBAgIy90XhVD3KRAOtCdCgNa59OCURLFOYYiHKfc4Y%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97dac8db1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":370,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit colormap, non-interlaced","md5":"5d62fd9ed6c7761e249516ff7b5dce81","sha1":"4b5f99db1121b71cda06c191bb79c0a7879ebfd8","sha256":"aee7369e2fbce98abcdd369c0c5447f676246721a2c69a9be4ad4efce89e1fa3","sha512":"2f3147ce291e0987bae3873eb445f3e00076555bbf87ee0d268f516d7577f007b80245963c220220986713641d42d347c488ab9720bcedba61a2998b21d10668","ssdeep":"","tlshash":"a0e06092c3200cfb32ed2772ef00e0f2d016278f991101078263a0bf2d926c086cc34a","first_seen":"2023-10-15T12:42:02Z","last_seen":"2026-02-10T12:22:05.685129Z","times_seen":36,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 425\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":425,"data":"{\"user\":{\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"language\":\"en-US\",\"referer\":\"https://ahegao.online/sis-breeder-episode-1-2/\",\"consumer\":\"ad-provider\",\"gdpr\":{\"gdpr\":0},\"screen_resolution\":\"1280x1024\",\"window_orientation\":\"landscape\",\"cookies\":[],\"scr_info\":\"YXN5bmN8fDM%3D\"},\"zones\":[{\"custom_targeting\":{},\"id\":2331145,\"extra_params\":{\"first_request\":true,\"zone_type\":10}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 03 Dec 2025 06:12:24 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://ahegao.online\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%227a1779f3d0c13fc55d98f2ceca453a49%22%3B; expires=Fri, 03 Dec 2027 06:12:24 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7303,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2a8063034a446c0fb71bf317b0a2ac5c","sha1":"9f565786ac914d348b5f7ff2e189444a609501c0","sha256":"6dee447a2a50cf1d8046a228e957380a2c6499c567d0ad9801ac1c3361b1ca35","sha512":"01a600093cab280ad801069bde09678a5042da25cd38f829299f69e3a6e227baad448deb2682e984820427fe834d84429c7b56a125b351efeb5e398a20f9d2a4","ssdeep":"192:uT/eqaO2Vl3r3CvGHkc3ZNRhxAoSIhUV1kv4kNYgnnKioUoPAu:kr0Ljf4kCgnnBoU+Au","tlshash":"1fe1953afe8914f963925f80a9e33efca97c3006d6214e727bc4691a93c85e14563725","first_seen":"2025-12-03T06:12:56.381444Z","last_seen":"2025-12-03T06:12:56.381444Z","times_seen":1,"resource_available":false,"data":null}},"time_used":570,"timings":{"blocked":16,"dns":1,"connect":26,"send":0,"wait":487,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10009643?time=1583262877801","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AA:9C:09:B0:15:A1:0B:DA:1E:24:2A:BC:FB:1E:C8:F2:28:27:96:B6","sha256":"BB:A4:BD:A7:85:B4:BE:F6:6B:75:DD:E6:F5:7C:F3:C5:BF:B2:38:FA:6D:10:F1:1B:81:19:E4:9B:74:53:CA:9C"}}},"request":{"raw":"GET /get/10009643?time=1583262877801 HTTP/1.1\r\nHost: a.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: text/html\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With\r\ncontent-encoding: gzip\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version\r\nalt-svc: h3=\":443\"; ma=3600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":21656,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (21656), with no line terminators","md5":"c2b6d08c0f33f51c4382849f1061bedc","sha1":"6c16fce24122d8e9fa218f508010fb3afda01e29","sha256":"44e733bae4e2994b9258fcbcea55c6c17f8cd6cb293a032c6dc803101f05bda2","sha512":"a6a52403f4487222c24f7e491c1c4cdde757c061e940f36d972c185072fb99e25ffc5f4cf0382969b1b4ff5af380cf9d4780b729ed175271999bcf86dba3a7e8","ssdeep":"192:HEHrMA8yf+yXDvqzaFASu/C4aVrrKVlvJ31gr0S9l1AM+iqFd+tUmXUcSNAxi8tU:orMA8yf+c6sARC4tSr0pdC6Npv","tlshash":"9fa2fa7e3242b455a63715a294bf120e3f318993f848c440c4e6d8e57d64dbee37ba9c","first_seen":"2025-12-03T06:12:56.383587Z","last_seen":"2025-12-03T06:12:56.383587Z","times_seen":1,"resource_available":false,"data":null}},"time_used":318,"timings":{"blocked":140,"dns":14,"connect":21,"send":0,"wait":28,"receive":0,"ssl":111},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/uploads/2025/11/Natsu-Zuma.mp4","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.592Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Natsu-Zuma.mp4 HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 384214\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Fri, 07 Nov 2025 22:03:00 GMT\r\netag: \"5dcd6-643085852a0e1\"\r\nage: 2188036\r\ncache-control: max-age=31536000\r\nexpires: Sat, 07 Nov 2026 22:25:06 GMT\r\ncontent-range: bytes 0-384213/384214\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ph6PWR%2FnYnwtyRbkwAamJibk%2FoeVoB2PBy6viMo9bWt%2FdNzR2ayhEKeKIr263%2Fur3gic8sIVyuNbvMmbFpZfq1yixIuTWUeruOGcH1A%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97efe9db1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":384214,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"fb6cbb94652ffd3310de9494ae1354cb","sha1":"2e5e23f8d9d67cf92a5dd8c454b946b8c6d1c97d","sha256":"61943104019fd00dd110d550372b71163043835400fbb2d1244f98567b1bcfed","sha512":"93c75fa8af709222d65ca0bac8724dbb0dc8b5ba24adda9ae0d9a3549b7cefcf92e3f9f20f3f293a1190cd5c208ecf3551f599974ba1a491320ba997b00ad954","ssdeep":"6144:ELxPYhTHZvBx45dbfY1afxah3gmXKtJco5w188fZj4trxanCRcmg0R8bvuAUkQfC:EFYhTHJBCjbfY1ag3gIKt2S7r4Ci7oSd","tlshash":"8f842319935788c8dc7082bcc2f3a75a4748e1c5f3c327ab89497d8d89ab05adcb7572","first_seen":"2025-11-17T06:41:31.132686Z","last_seen":"2026-02-28T15:38:34.031835Z","times_seen":4,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vainanalyst.com/Yb2-xdpeZ.Wf5g0_ZiGjFk0lY-Tn9oypcqm_lsktPuWvY-0xMy2zYA4_YC2DJEhFM-DHgIyJMKW_RMkNMOmPJ-mRNSTTFUk_NWWXUYyZY-zbVcldYeW_VglhMiWjZ-ml","fqdn":"vainanalyst.com","domain":"vainanalyst.com","tld":"com"},"ip":{"addr":"88.85.68.219","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vainanalyst.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 13:07:13 GMT","end":"Wed, 25 Feb 2026 13:07:12 GMT"},"fingerprint":{"sha1":"99:BD:66:42:10:C5:A1:76:76:6F:1C:1F:0C:B1:D0:1B:8A:57:D3:9C","sha256":"C8:D6:34:34:22:11:0C:79:54:D9:97:84:8E:86:4B:4D:B2:A2:7E:0B:E2:61:7E:23:00:ED:04:82:EF:E2:E9:F1"}}},"request":{"raw":"POST /Yb2-xdpeZ.Wf5g0_ZiGjFk0lY-Tn9oypcqm_lsktPuWvY-0xMy2zYA4_YC2DJEhFM-DHgIyJMKW_RMkNMOmPJ-mRNSTTFUk_NWWXUYyZY-zbVcldYeW_VglhMiWjZ-ml HTTP/1.1\r\nHost: vainanalyst.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 69\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":69,"data":"ref=https%3A%2F%2Fahegao.online%2Fsis-breeder-episode-1-2%2F\u0026prevRef="}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-length: 0\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-07T06:11:49.187712Z","times_seen":13450766,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-admin/admin-ajax.php","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"POST /wp-admin/admin-ajax.php HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 53\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":53,"data":"action=kksr_ajax\u0026id=17863\u0026stars=0\u0026_wpnonce=1fc3443b61"}},"response":{"raw":"HTTP/3 403 Forbidden\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nx-powered-by: PHP/7.4.20\r\naccess-control-allow-origin: https://ahegao.online\r\naccess-control-allow-credentials: true\r\nx-robots-tag: noindex\r\nx-content-type-options: nosniff\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o5uQaBhxLgWqLxjAyLcLBdb2FVtAMJx%2FpPQzwpxKIrfx0g53chfkNuLuBdU6rawQOFsXQtZD7NJHxLYkEZAbdgmfUuRaeG3d8EyRe2w%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9a80e98048c1b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:7.4.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"6bb61e3b7bce0931da574d19d1d82c88","sha1":"7984b0a0e139cabadb5afc7756d473fb34d23819","sha256":"1bad6b8cf97131fceab8543e81f7757195fbb1d36b376ee994ad1cf17699c464","sha512":"4fcdd8c15addb15f1e994008677c740848168cd8d32e92d44301ea12b37a93fbd9f0a0468d04789e1f387b395509bd3b998e8aad5e02dd2625f0aac661fb1100","ssdeep":"","tlshash":"c71000000c00000000000000000000000000000c00000000000000000000000000000c","first_seen":"2023-03-13T02:42:03Z","last_seen":"2026-04-07T02:32:53.855577Z","times_seen":2038,"resource_available":true,"data":null}},"time_used":654,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":653,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/fluidplayer.js","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/npl.php/?video=SisBreeder1\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder1.jpg","date":"2025-12-03T06:12:23.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /fluidplayer.js HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sat, 09 Nov 2024 19:22:41 GMT\r\npriority: u=3,i=?0\r\netag: \"672fb681-33d63\"\r\ncontent-encoding: gzip\r\nage: 618\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DS90GmjVFXdML4jGZcWe%2BEyv5evdk9CHBVd8aCrcB%2BHsGIEOArfaBQSdR2uDJSfuNXbTrOnNZScn9JCk2URc%2FBZlXhfx1aVojaekh68%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e9806916b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":212323,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (62756)","md5":"7c641be6eeba84b08d4fa8f35040630d","sha1":"6303d126a92797c53ff71ff8f57e3c4154388b07","sha256":"f7d007973bc56beb44fe69827a1feba196bffc0dd4097e8c28853a9bce4365b4","sha512":"464730a99a83a59f71df4cba0548aad96f5b44d6626b3419e3b58d87c307c873402245ff749ff7cc79ddfb753e06fe1ca3d599463d6fd1d15642196990efa5d6","ssdeep":"6144:w0okalkmaeu66EnF4ag7/CbSsRPvPYXVKwSpHGf9OSLHTF2HYeVyW:lag7/CbhRPv49nF2HYe0W","tlshash":"5424098e3a44b6344ccb655fb7afd211327ca91a6c12712ab417fc8dd3e8489d413bda","first_seen":"2023-10-22T06:32:02Z","last_seen":"2026-03-17T09:50:49.595303Z","times_seen":49,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/a7/creatives/39/1493/809369/959092/959092_logo.png","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://a.adtng.com/get/10000867?time=1583262438188","date":"2025-12-03T06:12:23.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /a7/creatives/39/1493/809369/959092/959092_logo.png HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: image/png\r\nlast-modified: Mon, 10 Aug 2020 12:23:42 GMT\r\netag: \"3b88-5ac85066d2f80\"\r\nexpires: Mon, 30 Mar 2026 18:17:06 GMT\r\ncache-control: max-age=10718471, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\nage: 566188\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nx-served-by: cache-ams2100092-AMS, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 63, 0\r\nx-timer: S1764742344.876705,VS0,VE1\r\naccess-control-allow-origin: *\r\ncontent-length: 15240\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":15240,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 100, 8-bit/color RGBA, non-interlaced","md5":"dd62382e28ee56f4651b798c655d6a1c","sha1":"fa17f2eb69aa3176f65175288f8d8158af62098f","sha256":"d0acc022a328a7ddd1d80b66169dee62849710cdadbb686b538cb972569f97b0","sha512":"912b5a8e4830a6ae54fbd766f8f686267f94701829f1b5a2e2a499615026ed23a5509f242ebb2b9a6b17053c7810957ee8b1e3e74732065700bc51a6cf822404","ssdeep":"48:zO/6+MDk29WJsEv5/eWRjBCURKQLpixN+Y97sc5iE71JvLfpCfpCIfpCfpCIfpCh:SSPkEWmapdWxNX7sc5Z1VFababaH","tlshash":"09623224bcf27ba8d48996322cd524074c374683e9c19d4ab7de8c272f467de5c1f1a6","first_seen":"2023-05-09T06:58:38Z","last_seen":"2026-03-23T02:41:56.973585Z","times_seen":25,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":50,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/lato/v25/S6u9w4BMUTPHh6UVSwiPGQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/lato/v25/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 23040\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 27 Nov 2025 09:54:26 GMT\r\nexpires: Fri, 27 Nov 2026 09:54:26 GMT\r\ncache-control: public, max-age=31536000\r\nage: 505078\r\nlast-modified: Mon, 15 Sep 2025 17:11:31 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23040,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23040, version 1.0","md5":"de69cf9e514df447d1b0bb16f49d2457","sha1":"2ac78601179c3a63ba3f3f3081556b12ddcaf655","sha256":"c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49","sha512":"4aebb7e54d88827d4a02808f04901c0d09b756c518202b056a6c0f664948f5585221d16967f546e064187c6545acef15d59b68d0a7a59897bd899d3e9dda37b1","ssdeep":"384:adpABC4a0HkBpR1HWtGu06B6lsoAKiwY0HcLKglV6Z+DVb35PJZDdiZeJ1vqYg:0AHa0Ezf2tZn6lsoABwTKK46ZQb3V7wD","tlshash":"fca2e1c05cc1e2d4ae02daf7fda5a4eab4e2f01123a8f65f8f114b75d505993640fe01","first_seen":"2023-04-05T13:28:45Z","last_seen":"2026-04-07T06:16:54.072157Z","times_seen":136263,"resource_available":true,"data":null}},"time_used":396,"timings":{"blocked":184,"dns":0,"connect":39,"send":0,"wait":11,"receive":2,"ssl":150},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/page.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.addtoany.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 11:09:43 GMT","end":"Thu, 22 Jan 2026 12:09:34 GMT"},"fingerprint":{"sha1":"3F:6D:53:3B:25:E4:B5:69:34:6D:82:6E:A3:EA:44:C4:1A:02:CB:9F","sha256":"CF:76:D7:4B:B7:BF:99:66:AA:52:8E:58:28:41:BB:B8:E6:AA:2A:BC:57:93:41:D8:2A:B5:3E:F5:FD:49:E5:C3"}}},"request":{"raw":"GET /menu/page.js HTTP/1.1\r\nHost: static.addtoany.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 3179\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=86400, stale-while-revalidate=30, public\r\netag: \"dd9c934d8cf51a92e622ab2f377d1ee1\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TYZJI5zB8Ala5GdCFtRKjHA9fMiXg9jMo%2FO5XbDsGGupcLg8Dx1qMuEPXJUnYOfY0D3LpMeUOmz8fXKAPeKZCnmQw967zSsSBs5rYAGtWdZs\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\nage: 5777\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9a80e97ce8dfb4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3179,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3179), with no line terminators","md5":"e9a3b98e2acbdadac054fdc26332edf6","sha1":"e79c2933e456e2bc1031ad2bb59c006a8b602090","sha256":"fcb4248858836c831fd9ab8fa4c5a8fe0b8cd038c804fa6cc44a5e9004e163b6","sha512":"d6c64f6804ad98d601ea30808b63008698e9c199892da2b587e61fabb4a35de8badff61b02534234d8ca1ad09945849433a19dca3cdb5215d672ebfc1782c564","ssdeep":"","tlshash":"4861b74f774ea8734a5736bac19fb60f2223731e5c6588048914e4d449bcec6501fa7e","first_seen":"2025-10-23T06:03:39.971585Z","last_seen":"2026-04-07T01:03:10.185945Z","times_seen":16689,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":13,"dns":0,"connect":1,"send":0,"wait":6,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\netag: W/\"496f57bbeca633ccf8354b8ecb4\"\r\nexpires: Tue, 02 Dec 2025 12:39:10 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH34yMAAAwBuUwKAQH3AQAAAAwBWd59LgG3HQAAAA\r\nx-77-nzt-ray: 2a494a15fa7f8167ecd42f697660570d\r\nx-77-cache: HIT\r\nx-77-age: 9187\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185377,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6ccfacfc946099bf13c55ea4504a60df","sha1":"496f57bbeca633ccf8354b8ecb4d6de515eb959f","sha256":"8202b5ad457a6424d9ce609d50ed051a005fff5b84a74996c8160fab9cb83c9c","sha512":"320e02b5b07a12deb8bd7e60dcc7356d0e827ad4b5591704c4543804ac5517574e0ddd48984c41d795fa773aede258b55089bbb34b9db2929c7e889f732450b2","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisGEolY4o/CXMXpo:U+28VOk262lElwnRjfs4s7hpo","tlshash":"4e045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-02T09:42:15.813455Z","last_seen":"2025-12-11T11:32:32.79372Z","times_seen":269,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":51,"dns":34,"connect":2,"send":0,"wait":1,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\netag: W/\"496f57bbeca633ccf8354b8ecb4\"\r\nexpires: Tue, 02 Dec 2025 12:39:10 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH34yMAAAwBuUwKAQH3AQAAAAwBWd59LgG3HQAAAA\r\nx-77-nzt-ray: 2a494a15fa7f8167ecd42f69ca762e18\r\nx-77-cache: HIT\r\nx-77-age: 9187\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185377,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6ccfacfc946099bf13c55ea4504a60df","sha1":"496f57bbeca633ccf8354b8ecb4d6de515eb959f","sha256":"8202b5ad457a6424d9ce609d50ed051a005fff5b84a74996c8160fab9cb83c9c","sha512":"320e02b5b07a12deb8bd7e60dcc7356d0e827ad4b5591704c4543804ac5517574e0ddd48984c41d795fa773aede258b55089bbb34b9db2929c7e889f732450b2","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisGEolY4o/CXMXpo:U+28VOk262lElwnRjfs4s7hpo","tlshash":"4e045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-02T09:42:15.813455Z","last_seen":"2025-12-11T11:32:32.79372Z","times_seen":269,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/v1/api.php","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"POST /v1/api.php HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 513\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":513,"data":"{\"user\":{\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"language\":\"en-US\",\"referer\":\"https://ahegao.online/sis-breeder-episode-1-2/\",\"consumer\":\"ad-provider\",\"gdpr\":{\"gdpr\":0},\"screen_resolution\":\"1280x1024\",\"window_orientation\":\"landscape\",\"cookies\":[],\"scr_info\":\"YXN5bmN8fDM%3D\"},\"zones\":[{\"custom_targeting\":{},\"id\":2583599,\"extra_params\":{\"first_request\":true,\"zone_type\":2}},{\"custom_targeting\":{},\"id\":2583639,\"extra_params\":{\"first_request\":true,\"zone_type\":2}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 03 Dec 2025 06:12:23 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://ahegao.online\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Authorization, Content-Type\r\nAccess-Control-Request-Method: POST\r\nSet-Cookie: __uvt=s%3A32%3A%22d6721dbfb0bff642201d0440b386e129%22%3B; expires=Fri, 03 Dec 2027 06:12:23 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7758,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9c9ed7af2a1bb01d4cb803f98bbdce5b","sha1":"3b5d5d2740fcb914fe96d5431986dc01431d8f91","sha256":"cd1b4ab7b2e3fea6518b10b2b29ad3c245cdaa25814e0a423313da77860c7475","sha512":"d0eef74cb28bc871e3a425bf8f0dfe7d0c2d5aff14bcc70301e462750eac8b4ff1e53b4d5a062d94680dabb10b89e80dc88cbf0b98bf38f706f469a2541331c2","ssdeep":"192:DOwT/eqaO2Vl3r3CkG7MpsLeri8ISIhUV1/7VlSKAp1fQXjWb:i2r0LiyYfyjWb","tlshash":"aff1b637e68510f8a2924f805de77bbcec7c600bd3118d716b84ba2593c8ae24667339","first_seen":"2025-12-03T06:12:56.393646Z","last_seen":"2025-12-03T06:12:56.393646Z","times_seen":1,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":33,"dns":1,"connect":28,"send":0,"wait":152,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/tumblr.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.addtoany.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 11:09:43 GMT","end":"Thu, 22 Jan 2026 12:09:34 GMT"},"fingerprint":{"sha1":"3F:6D:53:3B:25:E4:B5:69:34:6D:82:6E:A3:EA:44:C4:1A:02:CB:9F","sha256":"CF:76:D7:4B:B7:BF:99:66:AA:52:8E:58:28:41:BB:B8:E6:AA:2A:BC:57:93:41:D8:2A:B5:3E:F5:FD:49:E5:C3"}}},"request":{"raw":"GET /menu/svg/icons/tumblr.js HTTP/1.1\r\nHost: static.addtoany.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.addtoany.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\naccess-control-allow-origin: *\r\ncache-control: max-age=7776000, stale-while-revalidate=30, public\r\netag: W/\"e16b8a825507e00526e7b57d10724eae\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=rh5E6FCfbGGH%2FSKb1YJOnBIAg1Gkv8ZSmE5sWzeVBZZBm1N0MDj11%2FFCK5QzD29XJr4R7aVq%2BQq1W%2BCMTlhawEKwG0JwurPGbDkg%2Byb7eYrMYVzPyNjC5djESebIKRpwJC%2B0zQ5O1nrTC1b0AFsY%2FEIH\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncf-cache-status: HIT\r\nx-accel-buffering: yes\r\nage: 618\r\ncf-ray: 9a80e9801e260b02-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":358,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (358), with no line terminators","md5":"69da5ce7bc12ff6a3574b419e52cc5bb","sha1":"49f624343a8f70e504397e152d4d4002c1d81e30","sha256":"2babafd803a9de8606d0b04be90894c4bd3c69b7788380e644f3eaa3722aaead","sha512":"2b713e2e0ebb3e0fd1be067177100d779dbc934888fb3b5eda2c51115a3f3e15006887fbaa5272e0ad16b17219547992c7eabd9f2284f55660031fd4cbc90a4b","ssdeep":"","tlshash":"19e026a81664edc4cf7306bb871e21cf623a74ae21cd8ac29ab848b95c764399487507","first_seen":"2024-04-25T14:16:00Z","last_seen":"2026-04-06T10:34:36.332227Z","times_seen":451,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/vk.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.addtoany.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 11:09:43 GMT","end":"Thu, 22 Jan 2026 12:09:34 GMT"},"fingerprint":{"sha1":"3F:6D:53:3B:25:E4:B5:69:34:6D:82:6E:A3:EA:44:C4:1A:02:CB:9F","sha256":"CF:76:D7:4B:B7:BF:99:66:AA:52:8E:58:28:41:BB:B8:E6:AA:2A:BC:57:93:41:D8:2A:B5:3E:F5:FD:49:E5:C3"}}},"request":{"raw":"GET /menu/svg/icons/vk.js HTTP/1.1\r\nHost: static.addtoany.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.addtoany.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: max-age=7776000, stale-while-revalidate=30, public\r\netag: W/\"f0929767d4055d34e4c94493038aeee6\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=R5e73ZPToicFpsoYsNF9Io3dTezb3C77xYzTKAyUQ6hswZzx63LfNvvS27iTJAChavdC5zoGICvOHfwsDUhe1Ma624Hkan9hCHUQ4jnRC6HNKsdOSIbyhxN7LwwVNqTqylZbwq%2Fr5R3tljjapeoUHT9m\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncf-cache-status: HIT\r\nx-accel-buffering: yes\r\nage: 618\r\ncf-ray: 9a80e9801e280b02-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1012,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (1012), with no line terminators","md5":"c04dea781d39cda7192e16e0210aebe1","sha1":"53387a72b5046d96cbc057fbe8397ee867faeaea","sha256":"d5253661fb06ef994e0abfc00a99ee5fe2ed3971094b485a8a94bf9332877166","sha512":"7f951308152a101a6470acce08d82330f3383eabaedc1f3bb580f1d42a725dc684304aeefb8bb7a01c4095d385d4d1315b7654d30b0fa2086a50ca7888ceb418","ssdeep":"","tlshash":"d0111f99432087006ed7c4bccf00ece6653b506e00b8a7c5437d9a7cd5da9daed0445a","first_seen":"2023-11-02T13:28:09Z","last_seen":"2026-04-06T19:05:39.562023Z","times_seen":621,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/fluidplayer.js","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/npl.php/?video=SisBreeder2\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder2.jpg","date":"2025-12-03T06:12:23.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /fluidplayer.js HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sat, 09 Nov 2024 19:22:41 GMT\r\npriority: u=3,i=?0\r\netag: \"672fb681-33d63\"\r\ncontent-encoding: gzip\r\nage: 618\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DXAnY%2BV8DTHc5DMooEvj6XNL259RzeAyh4w6kg2oznvAE9qZOOYcboon6xsaKN9eFW6IFzNAFH%2F8dFuUfIiTHKmA6mbTavHHvZfMn%2Bg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e9808932b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":212323,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (62756)","md5":"7c641be6eeba84b08d4fa8f35040630d","sha1":"6303d126a92797c53ff71ff8f57e3c4154388b07","sha256":"f7d007973bc56beb44fe69827a1feba196bffc0dd4097e8c28853a9bce4365b4","sha512":"464730a99a83a59f71df4cba0548aad96f5b44d6626b3419e3b58d87c307c873402245ff749ff7cc79ddfb753e06fe1ca3d599463d6fd1d15642196990efa5d6","ssdeep":"6144:w0okalkmaeu66EnF4ag7/CbSsRPvPYXVKwSpHGf9OSLHTF2HYeVyW:lag7/CbhRPv49nF2HYe0W","tlshash":"5424098e3a44b6344ccb655fb7afd211327ca91a6c12712ab417fc8dd3e8489d413bda","first_seen":"2023-10-22T06:32:02Z","last_seen":"2026-03-17T09:50:49.595303Z","times_seen":49,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/965366/08a64802b70833682db697ed64ff192941d6e3d9.webp","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/965366/08a64802b70833682db697ed64ff192941d6e3d9.webp HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8990\r\nlast-modified: Tue, 11 Nov 2025 10:24:06 GMT\r\netag: \"69130ec6-231e\"\r\nexpires: Wed, 11 Nov 2026 10:41:16 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-served-by: hap01-sec02-prg1-1\r\nx-77-nzt: EwwBX63NDQH3Tr8UAAwBuUwKEwH3OAIIAAwBJRPCNAG3dgAAAA\r\nx-77-nzt-ray: 2a494a157e43766eedd42f694b80390b\r\nx-77-cache: HIT\r\nx-77-age: 1359694\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":8990,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e02c979c05e061f9521c05176caef48f","sha1":"08a64802b70833682db697ed64ff192941d6e3d9","sha256":"be9efebbf4c7a3a9932b666adf3a175906235edfa4e4e7bcb475d1c7f027525a","sha512":"3e36b2ad6f8b71fa75cd024657601e7abe61c035de627b2772426fd7b6550143b83e6bb0d234fd05c294dc16057f54713ae397aea70bbd93d152d26eb410cae4","ssdeep":"192:xBjsLSyx1gAmJeu+WuUVRtAACS4GzNoyPFACrJfA33nEyQZhv9x9qoeJoJ7:ToLSe0nRCAX7zRPFZrJfAnEHrgQp","tlshash":"2202aeca643ee0029a514e202911ac39f62480fdb4dae752304be5a4d063737fd76cae","first_seen":"2025-11-19T05:44:59.30743Z","last_seen":"2025-12-04T06:38:45.033354Z","times_seen":14,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":78,"dns":34,"connect":2,"send":0,"wait":1,"receive":1,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sister-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T06:12:22.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /sister-breeder-episode-1-2/ HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Wed, 03 Dec 2025 06:12:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://ahegao.online/sis-breeder-episode-1-2/\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pp%2BI9NDLwMM%2FZ%2BZN7qqL1HBM5iwYGIJx3lyFNa9pOkm7xE9qnjQ85tj0qrnUX2Dyyyjz9zItuqygtw1pV4Zm9I3HS3wvdNd3H7VH\"}]}\r\nx-powered-by: PHP/7.4.20\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: no-cache, must-revalidate, max-age=0, no-store, private\r\nx-redirect-by: WordPress\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9a80e976dd750afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:7.4.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":37401,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-07T06:11:49.187712Z","times_seen":13450766,"resource_available":true,"data":null}},"time_used":747,"timings":{"blocked":35,"dns":21,"connect":1,"send":0,"wait":673,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/cache/autoptimize/css/autoptimize_6ebe74c29829631e6768afb8373a40cc.css","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/cache/autoptimize/css/autoptimize_6ebe74c29829631e6768afb8373a40cc.css HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Mon, 25 Aug 2025 13:29:38 GMT\r\npriority: u=2,i=?0\r\netag: \"68ac6542-35a12\"\r\ncontent-encoding: gzip\r\nage: 672\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rUfg5kyDAZ%2BsvjEL596x1H8lTN7QF%2F4LuybHsW%2FjNdkjuIeqZBWeFGleZiSqRArIRxb6zPHNaF%2FNh8wr%2FLXz7EvYwr2YTGFyMCmKBBM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97cbaa0b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":219666,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (35054)","md5":"11e1ad64ddaa8d222ca27fa4fe29d483","sha1":"94f553be3b558de26bdca2841d90979c9dfaf100","sha256":"61d7ce1413de264cf4339fc8da55aad8b914096dac8fc6a8bff54da6cf6bd4f0","sha512":"953f51bd1eb356f218694777fa8071da84d9a9934c60cf4bd3bed0bf419ea5df7ddbf466ef8006c7e59a170f40e0941a1a6db352ce060d3686660ca6c75b0499","ssdeep":"6144:S71iQg5MG7x+qehvP0x2pck2lAWuyFS22K:S71iQg5MG7x+qehvP0x2pck2lZu4S2B","tlshash":"d024b4a093b45cf9377bc72baf88b2586122fa11c1465fe6f06ae45855cc68509e3f0f","first_seen":"2025-12-03T06:12:56.398371Z","last_seen":"2025-12-03T06:12:56.398371Z","times_seen":1,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/npl.php/?video=SisBreeder1\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder1.jpg","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.268Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /npl.php/?video=SisBreeder1\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder1.jpg HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nx-powered-by: PHP/7.4.20\r\ncache-control: max-age=1000\r\nexpires: Wed, 03 Dec 2025 06:29:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tMTok7JgGQW5Q9YKhxj4GsLUAyk1nN6zHmZVk%2BggmxRsqla2WllU1w1Dbo7MxJrP1x%2F9l1EbHcKfJ8qQVUubwwZaiFpDjnn0%2Fh3HG68%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a80e97d6bdbb1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:7.4.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1287,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"a4b2bfcb87f05812bb2c0f42b150d82b","sha1":"045e9d079eeb7b5febc917bbdeac168ad8045c0b","sha256":"3612a355a04cafa9efbd58a0907a37749438574c6f05795f55d0c215d8464e66","sha512":"2a20104c13dda50008030e64c7f32efce8d35a71fd12b185ee738d84dda25f00510af95eb6f8de28fed1d103ebdb76e646cc4256eb7abd7ee2267eb0283c10c7","ssdeep":"","tlshash":"cf215457d90c94ba83f085ac5e7cb38c49bfd05685946cfcf845b04e4aedb76508b2e4","first_seen":"2025-12-03T06:12:56.399733Z","last_seen":"2025-12-03T06:12:56.399733Z","times_seen":1,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/themes/oria/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/themes/oria/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/wp-content/cache/autoptimize/css/autoptimize_6ebe74c29829631e6768afb8373a40cc.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-length: 77160\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Thu, 22 Feb 2018 13:30:36 GMT\r\netag: \"12d68-565cd0c807700\"\r\naccept-ranges: bytes\r\nage: 671\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PIbgteXFjwWzeVyHEX7fRQOwUvjIXu%2BHlRaDW03PBTdUuJVdEeLy1ePEUzHz%2BD9hB0zyxbt75f%2Bnvo9FCT51uIDmcC%2BnXdzhyAQnVjQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97e4d6ab1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-07T06:12:46.214637Z","times_seen":416911,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.magsrv.com/ad-provider.js","fqdn":"a.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.420Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /ad-provider.js HTTP/1.1\r\nHost: a.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\netag: W/\"496f57bbeca633ccf8354b8ecb4\"\r\nexpires: Tue, 02 Dec 2025 12:39:10 GMT\r\ncache-control: max-age=10800\r\nx-robots-tag: noindex, follow\r\naccess-control-allow-origin: *\r\nx-77-nzt: EwwBX63NDQH34yMAAAwBuUwKAQH3AQAAAAwBWd59LgG3HQAAAA\r\nx-77-nzt-ray: 2a494a15fa7f8167ecd42f69f1fe3818\r\nx-77-cache: HIT\r\nx-77-age: 9187\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":185377,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39040)","md5":"6ccfacfc946099bf13c55ea4504a60df","sha1":"496f57bbeca633ccf8354b8ecb4d6de515eb959f","sha256":"8202b5ad457a6424d9ce609d50ed051a005fff5b84a74996c8160fab9cb83c9c","sha512":"320e02b5b07a12deb8bd7e60dcc7356d0e827ad4b5591704c4543804ac5517574e0ddd48984c41d795fa773aede258b55089bbb34b9db2929c7e889f732450b2","ssdeep":"3072:cWYjf7+28VOk2DG2cUMaElwnRlqI1fsBHisGEolY4o/CXMXpo:U+28VOk262lElwnRjfs4s7hpo","tlshash":"4e045c993792307441d3a11daaff53093371506ab80f4884bb4dd8a427adeea51a3ffd","first_seen":"2025-12-02T09:42:15.813455Z","last_seen":"2025-12-11T11:32:32.79372Z","times_seen":269,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"a.magsrv.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/a7/creatives/39/524/800869/996559/996559_video.mp4","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://a.adtng.com/get/10009643?time=1583262877801","date":"2025-12-03T06:12:24.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /a7/creatives/39/524/800869/996559/996559_video.mp4 HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: openresty/1.19.9.1\r\ncontent-type: video/mp4\r\nlast-modified: Mon, 10 May 2021 13:15:30 GMT\r\netag: \"58b48-5c1f9925ae080\"\r\nexpires: Sat, 04 Apr 2026 04:59:38 GMT\r\ncache-control: max-age=10797068, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\nage: 260634\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\nx-served-by: cache-ams2100092-AMS, cache-hel1410033-HEL\r\nx-cache: HIT, MISS\r\nx-cache-hits: 16, 0\r\nx-timer: S1764742344.110520,VS0,VE26\r\naccess-control-allow-origin: *\r\ncontent-range: bytes 0-363335/363336\r\ncontent-length: 363336\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":180101,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"64da531e58d96cf365dcd21817dfb199","sha1":"ef61dd18ae6cefcc8cabfff93427a1a579972386","sha256":"7a1868e6bcec7d3dad6abea37b86cdf21dc65973036a1da5d43b7e8161dc09fd","sha512":"bf5eeee7aed49e18fac1e0a0e8d54f2f397efd14fe3e634ee90eb4f38128009c04352b9bd5b5d79f995ce50de77db284ccef3d44003a1709ed76e1104d41922e","ssdeep":"3072:/ZSKz9wk9PBrIZCUIjkRHzmFqsMkzO5RiFTdX/mvk3aSA45y7bBO:/Z9vWI+KnbQRiFTdX+fxTFO","tlshash":"4504125297c60d0bd271b97912b867046b77d0686b0fc31f3bb4a1e8b5831e95f239c8","first_seen":"2025-12-03T06:12:56.401661Z","last_seen":"2025-12-03T06:12:56.401661Z","times_seen":1,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA11P20oDQQz9FX9gh9xmdtNnfVWo9APWvVTBtmBBFM7Hm5laFefAJDm5nERIcsfSkd4Qb1g2onBOTskkcTbcP2xhjPF52Y+ndDq+vhwXeMlaCtREBkL4NDAkD1rUwUzo3SIgsOQiPbvBCAoKSFaz6iUiRk/YPd7ibrcFVz25GgG4iYMHWPgcUh9MUnt1nVjzmn1l96fimctgLrSYL8JjiXL6tzJdkNglR1quRKCr1cqmEovFIzR6PH8eJ+CnLNvFtDukDqh9+DPoF/6tFhe2j1t8Todxf357T9PpEFTtTXFdDLrkG9ecRSdae5PJyzDbbL26TJTrhnkddf4Cv5fJoLcBAAA=\u0026cb=e2e_692fd4c7c8cc01.31777084","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.248","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA11P20oDQQz9FX9gh9xmdtNnfVWo9APWvVTBtmBBFM7Hm5laFefAJDm5nERIcsfSkd4Qb1g2onBOTskkcTbcP2xhjPF52Y+ndDq+vhwXeMlaCtREBkL4NDAkD1rUwUzo3SIgsOQiPbvBCAoKSFaz6iUiRk/YPd7ibrcFVz25GgG4iYMHWPgcUh9MUnt1nVjzmn1l96fimctgLrSYL8JjiXL6tzJdkNglR1quRKCr1cqmEovFIzR6PH8eJ+CnLNvFtDukDqh9+DPoF/6tFhe2j1t8Todxf357T9PpEFTtTXFdDLrkG9ecRSdae5PJyzDbbL26TJTrhnkddf4Cv5fJoLcBAAA=\u0026cb=e2e_692fd4c7c8cc01.31777084 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nCookie: __uvt=s%3A32%3A%22d6721dbfb0bff642201d0440b386e129%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 03 Dec 2025 06:12:24 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://ahegao.online\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-07T06:11:49.187712Z","times_seen":13450766,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":85,"dns":1,"connect":26,"send":0,"wait":29,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/uploads/2016/05/cropped-hana_by_imarx67-d8t6y6q-300x300.png","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/uploads/2016/05/cropped-hana_by_imarx67-d8t6y6q-300x300.png HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nCookie: _ga_FYJMCF9B38=GS2.1.s1764742344$o1$g0$t1764742344$j60$l0$h0; _ga=GA1.1.667334147.1764742344\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\ncontent-type: image/png\r\ncontent-length: 117758\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nlast-modified: Fri, 10 Jun 2016 01:12:21 GMT\r\netag: \"575a13f5-1cbfe\"\r\naccept-ranges: bytes\r\nage: 1379\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Qc9ejTogGMZ%2B1UOTtF7a5e6VMR%2BVv6d2RGvvE%2BmLJ8k8HVN%2B7B8eLMOi0KnyvyGbdROqMJKVu8RPoP74dhdkQwr6Ci4g6jfmVKobYVs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e9846fcbb1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":117758,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"6ea4e6bb88b4f27836c5f937c81194fa","sha1":"4ab2b899ee58ea8e95f2a69e81703c94b5c0f31a","sha256":"51cc64c9bc5d3ee51ddda274a7ad06eaa400c76439e911c03d4e606d6d1cbd6c","sha512":"fd953aab4cd76958f83c278aea6d012382c52526750200335015edf3bafcff27c658fc0effc83d99160f438d3f8f12d8ff0a7d816fb01b1657a089dc210c512e","ssdeep":"3072:3GP+rlYlMIikAkK9clpu957S8d/ot9V0VNnEBDDPw1mGn42NX:2mylLKkKspa7FAtzOEhC4I","tlshash":"42b312c684c182ffb26894ef008c471c2d915ead53c8924e767417efb934eab11d667b","first_seen":"2025-11-17T06:41:31.114854Z","last_seen":"2026-02-28T15:38:34.004567Z","times_seen":4,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10000867?time=1583262438188","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AA:9C:09:B0:15:A1:0B:DA:1E:24:2A:BC:FB:1E:C8:F2:28:27:96:B6","sha256":"BB:A4:BD:A7:85:B4:BE:F6:6B:75:DD:E6:F5:7C:F3:C5:BF:B2:38:FA:6D:10:F1:1B:81:19:E4:9B:74:53:CA:9C"}}},"request":{"raw":"GET /get/10000867?time=1583262438188 HTTP/1.1\r\nHost: a.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: text/html\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With\r\ncontent-encoding: gzip\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version\r\nalt-svc: h3=\":443\"; ma=3600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21626,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (21626), with no line terminators","md5":"1c3d9cdf68bbd6814eaa0133f87fbcee","sha1":"eaf2aac8daa8b2d42e691dae30d751ed91556346","sha256":"e408de6889ee1f7cb132ce4272206a1abc231be35de3f55606a83a8c303f8963","sha512":"41a322dbb04954c46da14c875ced238cce5e4a7c20db5516b44d5eaf2cbc7b72cfac7bf39a7a48d64108d1f44d44e49adbf52d6f61c7d6465e10dafbd76562d0","ssdeep":"192:HQHrMA8yf+yXDvqzaFASu/C4aVrrKVlvJ31gr0S9l1AM+iqFd+tUS0Mt98OBAxbN:ErMA8yf+c6sARC4tSr0pdCDtdMuGtN","tlshash":"f3a2f97e3142b465a53715b290af120e3f359993b848c480c4e6d8e57d28d7ea37baac","first_seen":"2025-12-03T06:12:56.404182Z","last_seen":"2025-12-03T06:12:56.404182Z","times_seen":1,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":203,"dns":9,"connect":21,"send":0,"wait":28,"receive":0,"ssl":166},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/uploads/2025/06/hentaisteam.mp4","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.591Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/uploads/2025/06/hentaisteam.mp4 HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 470287\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Thu, 26 Jun 2025 14:09:26 GMT\r\netag: \"72d0f-6387a1bee25a5\"\r\nage: 13209133\r\ncache-control: max-age=31536000\r\nexpires: Fri, 03 Jul 2026 09:00:10 GMT\r\ncontent-range: bytes 0-470286/470287\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZFs7gP3r5VbXpVFG29JeW%2B2mFWm1fXTaXtvjPdr9wfpiw2q04B0zeGvdDyltBTiiM5REEB518SQ7TizhWxyvNkuigERcz7ofSxJ1dR0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97efe99b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":470287,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"dbd563522a8fc71da5664a36266cc3a9","sha1":"110b7b0f9ca12a49653aa634f2eed50460c1a6fe","sha256":"441a5ff39596bb5b6bd4e7a9da68f156f7610690c94508591b95c93d56a557d0","sha512":"736dca0bdb5e88810d480ab37e7df2eab78311628079f8dbee2ae12964c14ddc551f08b856bf543f19af0b5a54ac05f89326f062ef5de3d59196ad33bf0f1707","ssdeep":"12288:Smk/Zwap46egv0LvVZvcnoRhaoglgoLRxwoZ:Sm8rfKPh2xhLRxwoZ","tlshash":"eca423292f7525cef968127cdca7c3453be5d7245f4291aa73803a40fcb4a85da329cb","first_seen":"2025-11-17T06:41:31.135396Z","last_seen":"2026-02-28T15:38:34.030001Z","times_seen":3,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/twitter.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.addtoany.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 11:09:43 GMT","end":"Thu, 22 Jan 2026 12:09:34 GMT"},"fingerprint":{"sha1":"3F:6D:53:3B:25:E4:B5:69:34:6D:82:6E:A3:EA:44:C4:1A:02:CB:9F","sha256":"CF:76:D7:4B:B7:BF:99:66:AA:52:8E:58:28:41:BB:B8:E6:AA:2A:BC:57:93:41:D8:2A:B5:3E:F5:FD:49:E5:C3"}}},"request":{"raw":"GET /menu/svg/icons/twitter.js HTTP/1.1\r\nHost: static.addtoany.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.addtoany.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\naccess-control-allow-origin: *\r\ncache-control: max-age=7776000, stale-while-revalidate=30, public\r\netag: W/\"af2b829f9b79fabec7c0148a8b7e444b\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=x7rwyzibH2gnwTQp8PSbFYNlHi5OygqJkYANgTf%2FbjUEVYGJf87qQEK5ASwCL8jFwDUB97Iygib8vAVcr0b40i5HgzJL9hXVcnCfLOk7RKXuxb0PRM21wPItoAt8NBQEhnf1ADRp\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncf-cache-status: HIT\r\nx-accel-buffering: yes\r\nage: 618\r\ncf-ray: 9a80e9800e240b02-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":645,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (645), with no line terminators","md5":"ca05cf90bd32d6134c0b92464c343f9a","sha1":"187feb5cc71d225717838268487a0abc9b8d405c","sha256":"3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636","sha512":"d36553644d3a52a96dbf733c7eb766deda074c926f44514001633dd0a3ea2b84d1a835f207bcd9772e33b2a8c086616cebf6119a3d802134636ef7c53e92dec0","ssdeep":"","tlshash":"8bf0ddfe277c60dc28234baacb15e5591b2d30ba3b8051c3061c87b0488791ce503d42","first_seen":"2024-04-12T16:11:45Z","last_seen":"2026-04-07T06:31:11.721072Z","times_seen":4031,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/reddit.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.addtoany.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 11:09:43 GMT","end":"Thu, 22 Jan 2026 12:09:34 GMT"},"fingerprint":{"sha1":"3F:6D:53:3B:25:E4:B5:69:34:6D:82:6E:A3:EA:44:C4:1A:02:CB:9F","sha256":"CF:76:D7:4B:B7:BF:99:66:AA:52:8E:58:28:41:BB:B8:E6:AA:2A:BC:57:93:41:D8:2A:B5:3E:F5:FD:49:E5:C3"}}},"request":{"raw":"GET /menu/svg/icons/reddit.js HTTP/1.1\r\nHost: static.addtoany.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.addtoany.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: max-age=7776000, stale-while-revalidate=30, public\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4BDbbglvkLi1vMlinPOGDLxoFpghR%2Ba9PcRvlZlCTQYUyh%2BfUGPX%2FMghhvccRuBzayELMgpu%2Fs8DrlIgFPE75%2B2fJjoPUnUDqp1oLHsBDwR4%2FbNp%2FDydwgNjWg%3D%3D\"}]}\r\netag: W/\"1fe5b5008de689ce6464d7bcb07e742c\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 14468\r\ncf-ray: 9a80e9801e270b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":893,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (893), with no line terminators","md5":"408cc755e613b4f00fbe10d7411ed087","sha1":"14341990ed687477b3addbdd1a3b50ae8a98589b","sha256":"68ed9b82b62d45cf5d12587a7e9566a4ddeb94d69bcb225e9e3c7268c76b3cbb","sha512":"713379c452034896501703ce09391f7ddfb3b0053276ff0dd1a499eeb3c99ebed97ce8fd77e4910d962ba4ef4d8f1d23dfe7c51a0b7d0537baabd5be5cf05a01","ssdeep":"","tlshash":"891125fe471c94ec0ea36ae9af168059531fd875359b07b01a6fdbf92543008c407a92","first_seen":"2024-04-16T17:58:32Z","last_seen":"2026-04-07T03:20:01.337093Z","times_seen":2615,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.adtng.com/get/10009643?time=1583262877801","date":"2025-12-03T06:12:23.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 02 Nov 2018 14:17:11 GMT\r\netag: \"13a3-579af30f7688b\"\r\nexpires: Thu, 24 Apr 2025 01:07:43 GMT\r\ncache-control: max-age=10488628, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 1335538\r\nx-served-by: cache-ams2100110-AMS, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 55, 18772\r\nx-timer: S1764742344.888193,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 5027\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":5027,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5027), with no line terminators","md5":"5e5817bcf4c82c7c85d1d88636d221ce","sha1":"b5c32cc6c931c33c1297884016e13d3b9a5bf261","sha256":"6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c","sha512":"08176e8fd06443f72738a279e22a28b4fd340e22d1abbf9a04f131286598cf1be98a79cbe776b37380fa3d6d396e431e3d8ba38f0b73fb0f3261b8753dccf706","ssdeep":"96:SyJLyojtnYt2b4PIdQXahVCzS3u7CuEi7rh2dC2+A4coFLULlpUsPK:rmXax3GCri7rpA4TFejC","tlshash":"1ea18301197529364cf82561911f2e6f42a286255a9bbca1c3c2fe44fcf5e53145bff3","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-07T06:22:11.787139Z","times_seen":2325,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":61,"dns":28,"connect":29,"send":0,"wait":14,"receive":1,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA11Q20oEMQz9FX9gS6697LPPCoof0K0z64I7AzuyKOTjbbqgYg9NSpqTnISAdIe0A74D3CPtSaxgKBCEAqrYw+OTCVp9m451DevyflomE87CyViIMphyhIxGzIiipgiWOKVYsiGSohaKJmBs0EHKIv4KAGgJ7OX5flx0gHXrPY3AxCO9wycCOYXnhqyzlhlLOcSiGLMUgknKRFhjT4d/SqFLiEm9bZaYe1dR8ro0xNywcx6jMHVl/YCNcN2+lmb2k6bx5sYg5AWcZ38K/aLcfOgjdiMjE2wL53rcLtfQ1nMPOTdgGSJ9VOlLutbLqX6c1mX8O8k419xanA+xtXwAX/JrlDhPLanmLN++5vR/xAEAAA==\u0026cb=e2e_692fd4c823d0c1.43485911","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA11Q20oEMQz9FX9gS6697LPPCoof0K0z64I7AzuyKOTjbbqgYg9NSpqTnISAdIe0A74D3CPtSaxgKBCEAqrYw+OTCVp9m451DevyflomE87CyViIMphyhIxGzIiipgiWOKVYsiGSohaKJmBs0EHKIv4KAGgJ7OX5flx0gHXrPY3AxCO9wycCOYXnhqyzlhlLOcSiGLMUgknKRFhjT4d/SqFLiEm9bZaYe1dR8ro0xNywcx6jMHVl/YCNcN2+lmb2k6bx5sYg5AWcZ38K/aLcfOgjdiMjE2wL53rcLtfQ1nMPOTdgGSJ9VOlLutbLqX6c1mX8O8k419xanA+xtXwAX/JrlDhPLanmLN++5vR/xAEAAA==\u0026cb=e2e_692fd4c823d0c1.43485911 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nCookie: __uvt=s%3A32%3A%227a1779f3d0c13fc55d98f2ceca453a49%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 03 Dec 2025 06:12:24 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://ahegao.online\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-07T06:11:49.187712Z","times_seen":13450766,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/lato/v25/S6uyw4BMUTPHjx4wXg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/lato/v25/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 23580\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 26 Nov 2025 12:31:08 GMT\r\nexpires: Thu, 26 Nov 2026 12:31:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 582076\r\nlast-modified: Mon, 15 Sep 2025 17:09:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23580,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23580, version 1.0","md5":"e1b3b5908c9cf23dfb2b9c52b9a023ab","sha1":"fcd4136085f2a03481d9958cc6793a5ed98e714c","sha256":"918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537","sha512":"b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828","ssdeep":"384:dRkIAJ8pVwWTW5VVjdVn8+2yvAMdriCEOY0kfW9GkAPqpPHi2vUuUSzB8:dKIAJ8pVHTZ+riY9oCpPHiodUeK","tlshash":"91b2e1ce5d546e3a8028213785c17b488273572e9edf42c6dd83a6263a7092cfd3d96e","first_seen":"2023-04-05T13:28:45Z","last_seen":"2026-04-07T06:16:54.078061Z","times_seen":185657,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":99,"dns":0,"connect":7,"send":0,"wait":9,"receive":5,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vainanalyst.com/YBm.xCvDYE2_tGlHcInJN-DLaMGNVOj_aQ2RVSyTP-2VlWjXPYX_BazbJcmd9-0fPgUhNin_Skkl9mUne-EplqKrWsW_5uKvdwlxl-XzUAmBlCZ_VEzFVGrHS-2JlKBLeME_1OUPZQzRJ-PTRUFVEWx_TYWZpanbd-0d5eHfTgT_RiZjVkElp-pnWoWppqn_Mskt5uqvV-XxdyZzaAl_UC0DTEUFR-FHeIUJ5KX_WMmN1OOPV-ERRSITcUW_JWfXSYkZJ-qbacid4eu_Zg0hUitjJ-nlJmynaoW_Qq9rZsjtQ-zvZwjxhyj_YAmBECwDO-DFIGxHZIG_QKyLYMmNY-1PMQWRQS1_ZUTVJWjXN-WZVahbZcW_UexfZgmhY-mjdknlQm9_MoTpcq2rN-Dtcu0vMwj_My0zMAyB0-xDZEmFEGz_YITJMK4LO-GNYO0PMQT_hSiTOUTVM-xXYYjZNal_NcWdMe5fO-WhMizjNkj_AmynOoWpQ-2rNsCtZu6_bw2x5ylza-WBQC9DNED_EGyHNIzJI-2LMMCN0O0_MQTRIS3TM-jVYWxX?b=5","fqdn":"vainanalyst.com","domain":"vainanalyst.com","tld":"com"},"ip":{"addr":"88.85.68.219","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:25.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vainanalyst.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 13:07:13 GMT","end":"Wed, 25 Feb 2026 13:07:12 GMT"},"fingerprint":{"sha1":"99:BD:66:42:10:C5:A1:76:76:6F:1C:1F:0C:B1:D0:1B:8A:57:D3:9C","sha256":"C8:D6:34:34:22:11:0C:79:54:D9:97:84:8E:86:4B:4D:B2:A2:7E:0B:E2:61:7E:23:00:ED:04:82:EF:E2:E9:F1"}}},"request":{"raw":"GET /YBm.xCvDYE2_tGlHcInJN-DLaMGNVOj_aQ2RVSyTP-2VlWjXPYX_BazbJcmd9-0fPgUhNin_Skkl9mUne-EplqKrWsW_5uKvdwlxl-XzUAmBlCZ_VEzFVGrHS-2JlKBLeME_1OUPZQzRJ-PTRUFVEWx_TYWZpanbd-0d5eHfTgT_RiZjVkElp-pnWoWppqn_Mskt5uqvV-XxdyZzaAl_UC0DTEUFR-FHeIUJ5KX_WMmN1OOPV-ERRSITcUW_JWfXSYkZJ-qbacid4eu_Zg0hUitjJ-nlJmynaoW_Qq9rZsjtQ-zvZwjxhyj_YAmBECwDO-DFIGxHZIG_QKyLYMmNY-1PMQWRQS1_ZUTVJWjXN-WZVahbZcW_UexfZgmhY-mjdknlQm9_MoTpcq2rN-Dtcu0vMwj_My0zMAyB0-xDZEmFEGz_YITJMK4LO-GNYO0PMQT_hSiTOUTVM-xXYYjZNal_NcWdMe5fO-WhMizjNkj_AmynOoWpQ-2rNsCtZu6_bw2x5ylza-WBQC9DNED_EGyHNIzJI-2LMMCN0O0_MQTRIS3TM-jVYWxX?b=5 HTTP/1.1\r\nHost: vainanalyst.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 06:12:25 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 0\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-07T06:11:49.187712Z","times_seen":13450766,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/get/10009643?time=1583262877801","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AA:9C:09:B0:15:A1:0B:DA:1E:24:2A:BC:FB:1E:C8:F2:28:27:96:B6","sha256":"BB:A4:BD:A7:85:B4:BE:F6:6B:75:DD:E6:F5:7C:F3:C5:BF:B2:38:FA:6D:10:F1:1B:81:19:E4:9B:74:53:CA:9C"}}},"request":{"raw":"GET /get/10009643?time=1583262877801 HTTP/1.1\r\nHost: a.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: text/html\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With\r\ncontent-encoding: gzip\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version\r\nalt-svc: h3=\":443\"; ma=3600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3759,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3759), with no line terminators","md5":"540cc9cb15892f01d4634de1e194ceb5","sha1":"d373bd96d5d1cac19304add1e544d8bb43ee0e5f","sha256":"652966f88c09b685acee389c7fdf985d7e7402ba5138c901c837189974a9bab5","sha512":"3e295f234ad94e9fcb984189c4fc156e22e6a790821e196b6cd59e153d3f15635357f6c532351e12a2837e72129b16cb39ea2fee8435360ed35b1ef87113f9b0","ssdeep":"","tlshash":"1e71b8b11d07fc6cf52110d27d274aac777a115a6581c2a67bddca86cf64dfb48180c9","first_seen":"2025-12-03T06:12:56.409421Z","last_seen":"2025-12-03T06:12:56.409421Z","times_seen":1,"resource_available":false,"data":null}},"time_used":329,"timings":{"blocked":146,"dns":11,"connect":21,"send":0,"wait":32,"receive":0,"ssl":110},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vainanalyst.com/cwDh9.6vbx2G5ilTSkWfQg9gNVD-EbySN-zhI_2/MdCi0I0kMjTsIQ3/MxjnY/xZ","fqdn":"vainanalyst.com","domain":"vainanalyst.com","tld":"com"},"ip":{"addr":"88.85.68.219","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vainanalyst.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 13:07:13 GMT","end":"Wed, 25 Feb 2026 13:07:12 GMT"},"fingerprint":{"sha1":"99:BD:66:42:10:C5:A1:76:76:6F:1C:1F:0C:B1:D0:1B:8A:57:D3:9C","sha256":"C8:D6:34:34:22:11:0C:79:54:D9:97:84:8E:86:4B:4D:B2:A2:7E:0B:E2:61:7E:23:00:ED:04:82:EF:E2:E9:F1"}}},"request":{"raw":"GET /cwDh9.6vbx2G5ilTSkWfQg9gNVD-EbySN-zhI_2/MdCi0I0kMjTsIQ3/MxjnY/xZ HTTP/1.1\r\nHost: vainanalyst.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\naccess-control-allow-origin: *\r\nlast-modified: Wed, 03 Dec 2025 06:12:23 GMT\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\nset-cookie: uniqCookie=f6cf51c54e4b1dc0acbb0880afdba80f; max-age=1767334343; path=/\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38012,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22784)","md5":"231e52ef517f03805f28c923a57fbc72","sha1":"94bd96f6b88d6081460704cf4212280103907ba7","sha256":"2e840ab98c86714d4d997793b7c8a554eea4e517db94497017a69e5e4814bc06","sha512":"98f32bb9493e569c8b478f06ccf051e2f9d6d9f0c0b18629e0696dab11ee8fd0be81e6f218124abb8e4236232f1019526abde9c26e57b454febd3a91e21e3268","ssdeep":"768:QZhdZg7J0OMLfTF9dFaQNp8JY29c6SboEBkleZ2YoOcLhIyPTgLgooDMiG82IGcY:QZ1g7JQLqQNp8Jr9c6SboEBkleZ2qcLC","tlshash":"c203a7c871c3642642eb507d713f7208b23a54655429b028bc79c8e4bcb9e9f8677bbd","first_seen":"2025-12-03T06:12:56.410635Z","last_seen":"2025-12-03T06:12:56.410635Z","times_seen":1,"resource_available":true,"data":null}},"time_used":232,"timings":{"blocked":82,"dns":28,"connect":17,"send":0,"wait":65,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/sm.25.html#type=core\u0026event=load","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.addtoany.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 11:09:43 GMT","end":"Thu, 22 Jan 2026 12:09:34 GMT"},"fingerprint":{"sha1":"3F:6D:53:3B:25:E4:B5:69:34:6D:82:6E:A3:EA:44:C4:1A:02:CB:9F","sha256":"CF:76:D7:4B:B7:BF:99:66:AA:52:8E:58:28:41:BB:B8:E6:AA:2A:BC:57:93:41:D8:2A:B5:3E:F5:FD:49:E5:C3"}}},"request":{"raw":"GET /menu/sm.25.html HTTP/1.1\r\nHost: static.addtoany.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/html; charset=utf-8\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: max-age=315360000, immutable\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L4gpMFbDoUPrU9rCoUW8nMIPiW7CspANoeeaYuoMgbn5SEoo5gyVvZ7zyiM9E1%2BS3F3TIz%2F1NJe51%2B8E3oiQwA4S8B6luemGODVWTybniA%3D%3D\"}]}\r\netag: W/\"551efc5187c9f500b4e394155ba03720\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 26178\r\ncf-ray: 9a80e97e4e190b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":716,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (624)","md5":"41b7ed0cbe240173eea85148fcba633e","sha1":"39acd5fe099974486a1c9ba11ba0fe7be6bc97ca","sha256":"274d4116239b63097bb7c16e56e27cbb5a77be20392fb8e2317c0a0235185cad","sha512":"1ee1d21b138a9f55f823b93d809b3bc58453ddfc3b3ee4d00a1010bbd4ec296546277c6777819cfb744c393ba93fe7578b60ccf0259fd17901f4542714d6c06f","ssdeep":"","tlshash":"c701448bf415382d9673172434e93d89d87e93609c402730b28f62e746c47e75b07b95","first_seen":"2024-01-05T10:14:09Z","last_seen":"2026-04-07T06:32:28.967845Z","times_seen":37250,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.magsrv.com/cimp.php?t=api\u0026data=H4sIAAAAAAAAA11QW2oDMQy8Si8QM3rYXue73y209ADeZZ0G2l1ISkhBh6+8LSXEg42QRh6NGBx3xDvIA2hPvGexQqEgKAeKak/PL6Zk9X0+1DWsy8dxmY2KMLGJMg+wKAkDGcdBYilGBJNh0BKjOQ+AqKnnDA6OotqjAGhSy7C318ftksM/Ba4c4XGXtsymveJCVwL3VmkTSWyxNCplTCVScjXGrGVmqsnpuBsYvwiQnDYV/GPX2UIq7HP5gW3pev5eJrMbYkf8c4FN4756g+6uv07zNW5s2Dl81sP5dAnT+ump3h8odfnuUH1Hl3o61q/jumzl3mNudqRpHpEw5tRyy6W1OaeUs44N7Qf7rZs7wgEAAA==\u0026cb=e2e_692fd4c7c8b845.36575168","fqdn":"s.magsrv.com","domain":"magsrv.com","tld":"com"},"ip":{"addr":"95.211.229.247","port":443,"asn":60781,"as":"LeaseWeb Netherlands B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"magsrv.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Oct 2025 14:35:42 GMT","end":"Sat, 17 Jan 2026 14:35:41 GMT"},"fingerprint":{"sha1":"3E:F6:87:7D:18:68:79:FD:23:76:5D:6C:7B:90:75:64:CC:D7:CA:BB","sha256":"FD:93:B1:1C:F0:69:98:29:DB:E2:76:AD:30:DA:23:6B:BA:BB:04:54:58:11:41:09:09:5B:A4:BC:CB:5A:E3:AF"}}},"request":{"raw":"GET /cimp.php?t=api\u0026data=H4sIAAAAAAAAA11QW2oDMQy8Si8QM3rYXue73y209ADeZZ0G2l1ISkhBh6+8LSXEg42QRh6NGBx3xDvIA2hPvGexQqEgKAeKak/PL6Zk9X0+1DWsy8dxmY2KMLGJMg+wKAkDGcdBYilGBJNh0BKjOQ+AqKnnDA6OotqjAGhSy7C318ftksM/Ba4c4XGXtsymveJCVwL3VmkTSWyxNCplTCVScjXGrGVmqsnpuBsYvwiQnDYV/GPX2UIq7HP5gW3pev5eJrMbYkf8c4FN4756g+6uv07zNW5s2Dl81sP5dAnT+ump3h8odfnuUH1Hl3o61q/jumzl3mNudqRpHpEw5tRyy6W1OaeUs44N7Qf7rZs7wgEAAA==\u0026cb=e2e_692fd4c7c8b845.36575168 HTTP/1.1\r\nHost: s.magsrv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nCookie: __uvt=s%3A32%3A%22d6721dbfb0bff642201d0440b386e129%22%3B\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 03 Dec 2025 06:12:24 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://ahegao.online\r\nAccess-Control-Allow-Credentials: true\r\nX-Robots-Tag: noindex, follow\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-07T06:11:49.187712Z","times_seen":13450766,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s.magsrv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"neverstoprotation.com/bnr/4/89b/fcc3ed/89bfcc3edc37433e0723ac708b861a9b.mp4","fqdn":"neverstoprotation.com","domain":"neverstoprotation.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://neverstoprotation.com/iframe/5ebd27f8848b1?iframe\u0026ag_custom_domain=ahegao.online","date":"2025-12-03T06:12:24.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"neverstoprotation.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 10:12:36 GMT","end":"Mon, 09 Feb 2026 11:11:04 GMT"},"fingerprint":{"sha1":"8E:57:A4:F9:42:DE:67:03:1E:60:65:BC:EA:30:15:D1:4E:3C:F7:E5","sha256":"05:D0:FD:1B:02:E9:D6:41:92:85:78:B2:5F:5B:08:55:51:A6:1C:8B:F6:51:1C:30:62:49:68:3A:4E:D3:85:F1"}}},"request":{"raw":"GET /bnr/4/89b/fcc3ed/89bfcc3edc37433e0723ac708b861a9b.mp4 HTTP/1.1\r\nHost: neverstoprotation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://neverstoprotation.com/iframe/5ebd27f8848b1?iframe\u0026ag_custom_domain=ahegao.online\r\nCookie: c_7a5ddeb5ed541401a4276cd2c24c6c12=1; z_35a9958084703fe607913a4ec4fc0f0e=1\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncache-control: max-age=31536000\r\nx-cache-status: HIT\r\nage: 255341\r\ncf-cache-status: HIT\r\nlast-modified: Sun, 30 Nov 2025 07:16:43 GMT\r\npriority: u=1,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GIpd1ong6RF28K7nF%2B8Y%2FEoQN1tVWMw1zJHp9uj7BbW1kEYZW52c2wB19Raehz0K%2BXjOaU7ByYmssixVFIfF52L5GsopvVPryPjK9YyYku3If9g85Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e9855cb8a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1077466,"size_decoded":0,"mime_type":"video/mp4; charset=utf-8","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"b3a3eaa03e1037b1a0dc4c46f47a27b0","sha1":"38f0a2cf0457c2fef19f84c3e047a4e162b4db70","sha256":"c54fadcc78f54699609f04a0e7b3bc9797bb72e69230e472a7fd75bf9d4602e8","sha512":"b51068ba23a47e00d8ef2999a0564cacb923a13d9f324d35422abb0f970f9b2608f9526243004539ae9771c13f6656a4421c22c0060e0accda1a5acad3ae6e62","ssdeep":"24576:p7ul/zpYYf/abs8zSuaGmRDB76606YBVyWT8z5Kzj:02Zs8zSvhR17669iWz5Uj","tlshash":"7825227e9d8545b7f88cff3e9499c0afe0511296ca1acb0fb94c198523761854bbdc34","first_seen":"2025-09-22T23:11:20.762675Z","last_seen":"2025-12-03T06:12:56.412914Z","times_seen":2,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/npl.php/?video=SisBreeder2\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder2.jpg","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /npl.php/?video=SisBreeder2\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder2.jpg HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nx-powered-by: PHP/7.4.20\r\ncache-control: max-age=1000\r\nexpires: Wed, 03 Dec 2025 06:29:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=arcBiCixrDhXS1rkdP3Z3K%2BHm%2BlR0q5mo%2FiL4uCJ3TRytnPsSVGUPbNSRzMQO13hEx%2FK4ffD24O9o7HMyJ9mwuEmR9NtSDpllWHZ534%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a80e97d6be1b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1287,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"5fcd24693d853b1de8d65f1489fc9af3","sha1":"42a9e01481788b8c45eac59886b88065a7777b25","sha256":"e7ff68734f0aee6e5a2c2acbf879955f9309d5d9251482e441babffe3427cd50","sha512":"fd8ffa61e05804acf0db2695a84b00d825e87652a068ce91f8b4e768c0eda049bf38cbb81e579f5063d9649068645f4979e880203df1870b7727fd74d5289ef8","ssdeep":"","tlshash":"f9215457d90c54ba83f085ac5e7cb38809bfd05685946cfcf845b04e4aedb76508b2e4","first_seen":"2025-12-03T06:12:56.414653Z","last_seen":"2025-12-03T06:12:56.414653Z","times_seen":1,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/uploads/2025/10/Netorareta.mp4","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/Netorareta.mp4 HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 242430\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Thu, 02 Oct 2025 14:44:06 GMT\r\netag: \"3b2fe-6402e0462dbdf\"\r\nage: 5196348\r\ncache-control: max-age=31536000\r\nexpires: Sun, 04 Oct 2026 02:46:35 GMT\r\ncontent-range: bytes 0-242429/242430\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RJaT68fh551G%2BCmpBdfxUrWy%2Fic1YkVS0mbjSSjxE3KOV3WQGsLmAvNM4RvP2adYjzLg9lNgGBnrA%2By2dEVM3tplx5fIrpG6kdBYGgM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97f4f30b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":242430,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"75b08999826d001cf63d0746770394b2","sha1":"473560b32aedda64dffbc37f45999091ac1d4a49","sha256":"3da2e277543b421533a25fa4364422a41c079e45a6d8ffd36c3928e01b3df09b","sha512":"687de6c9130ded67866908e0f8512bc2db27f928a39fa924fe477a8e76ae760444ccd08fa622a315a559c671ffe63a12c1954aecf3e2ec6a655f15db60c8cdf6","ssdeep":"6144:8nnz/Lpc/QBcZxvRS2g1eVNKuIV5+OKUzski:8zDpc4BcZxv7goNKxVQOBsh","tlshash":"0734234a9b70879cd514a67896df93060762f87682c243ef310ff0666d381aa8c933b7","first_seen":"2025-11-17T06:41:31.222111Z","last_seen":"2026-02-28T15:38:34.001378Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.adtng.com/get/10000867?time=1583262438188","date":"2025-12-03T06:12:23.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 02 Nov 2018 14:17:11 GMT\r\netag: \"13a3-579af30f7688b\"\r\nexpires: Thu, 24 Apr 2025 01:07:43 GMT\r\ncache-control: max-age=10488628, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 1335538\r\nx-served-by: cache-ams2100110-AMS, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 55, 18771\r\nx-timer: S1764742344.883228,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 5027\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5027,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5027), with no line terminators","md5":"5e5817bcf4c82c7c85d1d88636d221ce","sha1":"b5c32cc6c931c33c1297884016e13d3b9a5bf261","sha256":"6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c","sha512":"08176e8fd06443f72738a279e22a28b4fd340e22d1abbf9a04f131286598cf1be98a79cbe776b37380fa3d6d396e431e3d8ba38f0b73fb0f3261b8753dccf706","ssdeep":"96:SyJLyojtnYt2b4PIdQXahVCzS3u7CuEi7rh2dC2+A4coFLULlpUsPK:rmXax3GCri7rpA4TFejC","tlshash":"1ea18301197529364cf82561911f2e6f42a286255a9bbca1c3c2fe44fcf5e53145bff3","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-07T06:22:11.787139Z","times_seen":2325,"resource_available":true,"data":null}},"time_used":168,"timings":{"blocked":58,"dns":33,"connect":26,"send":0,"wait":16,"receive":1,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js","fqdn":"hw-cdn2.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.adtng.com/get/10009643?time=1583262877801","date":"2025-12-03T06:12:23.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:67:8C:D2:F3:88:16:3D:99:D4:20:FD:1B:49:11:66:D1:6A:9F:43","sha256":"1A:A3:49:5D:8F:EA:EA:8E:F5:2F:82:5F:FF:33:C6:FF:50:0C:CF:FF:CA:65:5C:0A:74:2F:DB:27:1B:12:CF:EA"}}},"request":{"raw":"GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1\r\nHost: hw-cdn2.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 05 Apr 2022 20:54:54 GMT\r\netag: \"41f5-5dbee74f4a3c8\"\r\nexpires: Fri, 25 Apr 2025 21:03:14 GMT\r\ncache-control: max-age=10646761, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 944458\r\nx-served-by: cache-ams21065-AMS, cache-hel1410024-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 70, 1614\r\nx-timer: S1764742344.908807,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 16885\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":16885,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16885), with no line terminators","md5":"48c80c7c28b5b00a8b4ff94a22b72fe3","sha1":"d57303c2ad2fd5cedc5cb20f264a6965a7819cee","sha256":"6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356","sha512":"c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658","ssdeep":"192:/u+H3An7ybVSpBjen6K1GegJjgF+TDg91wTr1PH3kV/LQB3OJIuq/Y4RBF4B3ve:/vAvUxEtkmZZY4RBF4hve","tlshash":"4572954c7250f0f743c39522413f120ff3369898b15a90687369d8fa6cb889e6267f79","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-07T06:22:11.761861Z","times_seen":2343,"resource_available":true,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":24,"connect":29,"send":0,"wait":13,"receive":3,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-FYJMCF9B38\u0026cx=c\u0026gtm=4e5bj1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:33:43 GMT","end":"Mon, 19 Jan 2026 08:33:42 GMT"},"fingerprint":{"sha1":"4E:9E:D1:61:E4:7D:C2:8A:B6:AD:D2:31:C7:07:01:E4:DB:A0:A7:A9","sha256":"C5:DD:D4:CA:97:B7:B5:8C:B4:99:E8:56:30:AC:1B:F0:FD:7C:5A:FD:19:ED:13:D0:27:D6:0B:76:C7:C7:A0:66"}}},"request":{"raw":"GET /gtag/js?id=G-FYJMCF9B38\u0026cx=c\u0026gtm=4e5bj1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\nexpires: Wed, 03 Dec 2025 06:12:24 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 141940\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":425186,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5911)","md5":"29e725cc986857c4ce3bbc18a803a658","sha1":"fe0ccf3eb8bc6d4b4ec4eda6653c0e9bdde4b90a","sha256":"2bade9de05948989dda953a327a3292d6c7e6defea1e9263052224008011fe6a","sha512":"605a2c4909330aa3b9beff9155b5ca0cc74bb0bd8b23466e07d30e2135679c6c3c8226277868da3dac05752cacdf36884b3e7034e81b7a8948429a63ca3bba07","ssdeep":"6144:1iWgKOtdDUI23EBULUVW66O7GQEO71skIaV0sBLatgFvu:1B3O3UHEBUfO71KgM","tlshash":"cf9418ce73d674225396f078502f018ba57b28a2b44cc896f1c9cde52e74a9a4277f7c","first_seen":"2025-12-03T06:12:56.418006Z","last_seen":"2025-12-03T06:12:56.418006Z","times_seen":1,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"neverstoprotation.com/iframe/5ebd27f8848b1?iframe\u0026ag_custom_domain=ahegao.online","fqdn":"neverstoprotation.com","domain":"neverstoprotation.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"neverstoprotation.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 10:12:36 GMT","end":"Mon, 09 Feb 2026 11:11:04 GMT"},"fingerprint":{"sha1":"8E:57:A4:F9:42:DE:67:03:1E:60:65:BC:EA:30:15:D1:4E:3C:F7:E5","sha256":"05:D0:FD:1B:02:E9:D6:41:92:85:78:B2:5F:5B:08:55:51:A6:1C:8B:F6:51:1C:30:62:49:68:3A:4E:D3:85:F1"}}},"request":{"raw":"GET /iframe/5ebd27f8848b1?iframe\u0026ag_custom_domain=ahegao.online HTTP/1.1\r\nHost: neverstoprotation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nset-cookie: c_7a5ddeb5ed541401a4276cd2c24c6c12=1; Expires=Thu, 04-Dec-25 06:12:24 GMT; Domain=neverstoprotation.com; Path=/; Secure; SameSite=None\nz_35a9958084703fe607913a4ec4fc0f0e=1; Expires=Thu, 04-Dec-25 06:12:24 GMT; Domain=neverstoprotation.com; Path=/; Secure; SameSite=None\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lL41LT9yOtHqBlndZcamNR7cpbf1uuTNzRkb6wql6mqTyOrI%2FyHgT7cdubQTEFUTAhulnhWFQv44LNaKX%2B8fuCgkowaGK3TNNlk1t%2FInCwfij0k%3D\"}]}\r\ncf-ray: 9a80e9833e3a56ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1183,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1182)","md5":"330509d0a0321452937114ef68af4102","sha1":"4377766317d57d406dc22e45c916677cb4d1f9d6","sha256":"aad5915f6868ad033f50f18ccb40c6e169c8684699dc765f76497d026ab16c72","sha512":"d44004774ab8abe2107fad8004dfff0e245ddcefbd7c45bd44e2338a50af02068e5849e827de1ba62110a91169e6988dfdacc10a74e00e89ca4fd481c8900f64","ssdeep":"","tlshash":"aa2174b591d1b86ddc2282c4cd6246cc332bc3194a8c7e449e4a72f2a00d4df66173ec","first_seen":"2025-12-03T06:12:56.419222Z","last_seen":"2025-12-03T06:12:56.419222Z","times_seen":1,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":72,"dns":22,"connect":4,"send":0,"wait":104,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/plugins/kk-star-ratings/gray.png","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/plugins/kk-star-ratings/gray.png HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/wp-content/cache/autoptimize/css/autoptimize_6ebe74c29829631e6768afb8373a40cc.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: image/png\r\ncontent-length: 364\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Tue, 05 Dec 2023 17:40:58 GMT\r\netag: \"656f60aa-16c\"\r\naccept-ranges: bytes\r\nage: 617\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DSFe08SFs8%2BW%2BeI7KJC5rqa5%2Bo9MRTAFyPZczEKxPmz0j9z%2F213O4OOySjwRjoDUDbfWDxNyATtVyNbvWc0kQ1tNvoI6sMpLiWk0J%2Fw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97dac8cb1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":364,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit colormap, non-interlaced","md5":"87ec22b22a9f1f2e64e1be0ed6b1394d","sha1":"57d2012faed800002f5e5f804f0dca213a8407cd","sha256":"81cfd348c73fc29458213c0f67e0d677ed2fc17704501e45b7723fb18eac8607","sha512":"69ea3c9d2d8df20bf710b4982e448ce7135d3a1aad55dbe57370c40633ea1787af4df85360112e3353f5e9e565327e20aff0f7487271e466ec974f5e1991434f","ssdeep":"","tlshash":"27e0c0deb2388c35b7bb0133497c1293a622a4a70c08551764a4c5d05be270a9ed4bb0","first_seen":"2023-10-15T12:42:02Z","last_seen":"2026-02-10T12:22:05.668339Z","times_seen":38,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.mysteriousimprovement.com/ecc874/8432b5c32887.js","fqdn":"www.mysteriousimprovement.com","domain":"mysteriousimprovement.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.mysteriousimprovement.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 07:05:05 GMT","end":"Sun, 01 Mar 2026 07:05:04 GMT"},"fingerprint":{"sha1":"25:FF:72:C9:84:1F:71:3B:23:E6:0D:E6:D3:CD:8F:25:1D:14:1A:E4","sha256":"1E:A4:05:8F:AD:A8:A9:DC:13:2C:96:AC:CD:B0:34:57:05:F5:9B:D4:A5:9C:66:00:59:0F:03:49:CD:40:92:73"}}},"request":{"raw":"GET /ecc874/8432b5c32887.js HTTP/1.1\r\nHost: www.mysteriousimprovement.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\ncache-control: max-age=172800\r\ncontent-encoding: gzip\r\nexpires: Fri, 05 Dec 2025 06:12:23 GMT\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103683,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"e75be77cc28e1a0b2ba17d21010ed4e6","sha1":"a95fd5a5354710979b3438d136a0c385d9bdb421","sha256":"df0d6945ef99d5d815c4860c06e855a54e09246704730a8e6b3eeb4616ae91d6","sha512":"ca7f0317944ea65357e6d2390a79b012c98f9f95365be840677136b4ac95af703e665a7639aa4adbd335ff2d072dc2e69a15697678b3748566305027bf7db099","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvD0:OijxEQq3P5Enne9zkWHLm","tlshash":"b0a33461350b64fd2ad0c1e7eb6b20886c295810e469cca1ecd1d7c7d6eb8e3429b5f7","first_seen":"2025-12-01T09:43:27.5577Z","last_seen":"2025-12-03T06:12:56.421063Z","times_seen":38,"resource_available":true,"data":null}},"time_used":154,"timings":{"blocked":38,"dns":23,"connect":21,"send":0,"wait":38,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js","fqdn":"hw-cdn2.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.adtng.com/get/10009643?time=1583262877801","date":"2025-12-03T06:12:23.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:67:8C:D2:F3:88:16:3D:99:D4:20:FD:1B:49:11:66:D1:6A:9F:43","sha256":"1A:A3:49:5D:8F:EA:EA:8E:F5:2F:82:5F:FF:33:C6:FF:50:0C:CF:FF:CA:65:5C:0A:74:2F:DB:27:1B:12:CF:EA"}}},"request":{"raw":"GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1\r\nHost: hw-cdn2.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 05 Apr 2022 20:54:54 GMT\r\netag: \"41f5-5dbee74f4a3c8\"\r\nexpires: Fri, 25 Apr 2025 21:03:14 GMT\r\ncache-control: max-age=10646761, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 944458\r\nx-served-by: cache-ams21065-AMS, cache-hel1410024-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 70, 1613\r\nx-timer: S1764742344.876006,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 16885\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":16885,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16885), with no line terminators","md5":"48c80c7c28b5b00a8b4ff94a22b72fe3","sha1":"d57303c2ad2fd5cedc5cb20f264a6965a7819cee","sha256":"6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356","sha512":"c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658","ssdeep":"192:/u+H3An7ybVSpBjen6K1GegJjgF+TDg91wTr1PH3kV/LQB3OJIuq/Y4RBF4B3ve:/vAvUxEtkmZZY4RBF4hve","tlshash":"4572954c7250f0f743c39522413f120ff3369898b15a90687369d8fa6cb889e6267f79","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-07T06:22:11.761861Z","times_seen":2343,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":68,"dns":32,"connect":13,"send":0,"wait":15,"receive":2,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic%7COswald%3A300%2C700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css?family=Lato%3A400%2C700%2C400italic%2C700italic%7COswald%3A300%2C700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 03 Dec 2025 06:12:24 GMT\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6940,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"591062c1793f6bc98f520bbfe59ab3d7","sha1":"2653f24d53efdbdfef59f2353f63300aa19bc63b","sha256":"36ea5c7acfea177fa0068e8730e7a9503fc799bded1f73aeb0148ab6119c1715","sha512":"0f0ab768e51935dbab4b03adf53210b89944328accc7f1055e1c7ed122833d74a39954b04930e3a984777992ecd3b9e6d6d2ee89ff338877020a7227a3b8ab28","ssdeep":"192:4Ow3Oir/i3r/M71D5MMK2LV+hoQKSLB6hst:4Fx7u710pg5","tlshash":"93e1fe92046fa440ef871cc133ce7e32ae4ea2513455c979affe18d8ecaad255365b4c","first_seen":"2025-11-17T06:41:31.128687Z","last_seen":"2026-02-28T15:38:34.002716Z","times_seen":4,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":136,"dns":11,"connect":7,"send":0,"wait":20,"receive":0,"ssl":127},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/a2a.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.addtoany.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 11:09:43 GMT","end":"Thu, 22 Jan 2026 12:09:34 GMT"},"fingerprint":{"sha1":"3F:6D:53:3B:25:E4:B5:69:34:6D:82:6E:A3:EA:44:C4:1A:02:CB:9F","sha256":"CF:76:D7:4B:B7:BF:99:66:AA:52:8E:58:28:41:BB:B8:E6:AA:2A:BC:57:93:41:D8:2A:B5:3E:F5:FD:49:E5:C3"}}},"request":{"raw":"GET /menu/svg/icons/a2a.js HTTP/1.1\r\nHost: static.addtoany.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.addtoany.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\naccess-control-allow-origin: *\r\ncache-control: max-age=7776000, stale-while-revalidate=30, public\r\netag: W/\"0aca4ea1e5f8f250126a8e0c597dd969\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=reSQ1NBKze5S55P7BHQJMZ5ndcD6U9zEccU5PsWxqcuBFMfS%2FaMVEm6sm%2BTbXP%2FLHYLTtetJPkxPx4C4AKOFwxS92Gs5vhg9buqFJ9MtJjgQlRaTPS4vncRCQddck4KWYLXnWMHc\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncf-cache-status: REVALIDATED\r\nx-accel-buffering: yes\r\ncf-ray: 9a80e9801e290b02-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":182,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"baf0595a19bdc7f7497b74731d2166c4","sha1":"fd5714384c52fc0338083574434d12328313896c","sha256":"3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43","sha512":"da0e15a709b3d043e8cd9e4f97cf70d8c1addc2a7d90b6bb11d71cd72aba9133e5b9388528691cf6a354a6aaa346045f64d82b947883057471e1f1a2fdbd1901","ssdeep":"","tlshash":"74c01291501575418c1342fb475e500b167120bd015c14ca36a881f9595613f8c42fc3","first_seen":"2023-03-08T14:25:33Z","last_seen":"2026-04-07T06:31:11.78136Z","times_seen":14600,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3dhq1.org/video/SisBreeder1.mp4","fqdn":"3dhq1.org","domain":"3dhq1.org","tld":"org"},"ip":{"addr":"151.80.18.202","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ahegao.online/npl.php/?video=SisBreeder1\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder1.jpg","date":"2025-12-03T06:12:24.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"3dhq1.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 15:36:40 GMT","end":"Mon, 19 Jan 2026 15:36:39 GMT"},"fingerprint":{"sha1":"A7:72:84:DC:4C:CB:FA:63:B3:46:7B:CD:E3:07:E1:B7:7A:98:34:5C","sha256":"29:7C:44:E1:82:BE:33:4D:AD:67:42:47:1E:74:2A:D9:B6:63:31:6D:AD:80:86:27:D6:E9:09:2E:C8:80:85:1B"}}},"request":{"raw":"GET /video/SisBreeder1.mp4 HTTP/1.1\r\nHost: 3dhq1.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 206 Partial Content\r\nDate: Wed, 03 Dec 2025 06:12:24 GMT\r\nServer: Apache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, close\r\nLast-Modified: Fri, 10 Oct 2025 13:45:10 GMT\r\nETag: \"1537b051-640ce2058e300\"\r\nAccept-Ranges: bytes\r\nContent-Length: 355971153\r\nContent-Range: bytes 0-355971152/355971153\r\nContent-Type: video/mp4\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":39866,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"aa834fd98044ac25705bffba73b6b820","sha1":"c1b5549b9220e5f7b4255153b44fcc176463091f","sha256":"142aa683f9b066edc0aa0b41a537a0f0634a03a83f858a8866d66d9de68f287b","sha512":"27e1ea1391090376eeb4e2e083a71811c53bddf042624606c7d293d630938946eb73b694a0674c0c0830fa7b765a6cd344af3d41b53c558ef676c1582032c225","ssdeep":"768:PPRnUYnjauOs6zyR/mXgd0B74p6dm5HuS3lmMPXLZXVgyYnCj+971:HFjks2Ycgq20m5f38MP1XVgvnn1","tlshash":"3a03e092ecd8d1d9cc78013a86633b9a60289343b7cff7e766130234998ad5c89e5429","first_seen":"2025-12-03T06:12:56.423512Z","last_seen":"2025-12-03T06:12:56.423512Z","times_seen":1,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":53,"dns":63,"connect":25,"send":0,"wait":39,"receive":57,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/a7/creatives/39/524/800869/996021/996021_banner.png","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://a.adtng.com/get/10009643?time=1583262877801","date":"2025-12-03T06:12:23.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /a7/creatives/39/524/800869/996021/996021_banner.png HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: image/png\r\nlast-modified: Wed, 05 May 2021 15:39:45 GMT\r\netag: \"1e361-5c1970106d240\"\r\nexpires: Mon, 16 Mar 2026 23:46:41 GMT\r\ncache-control: max-age=10451709, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\nage: 1489251\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nx-served-by: cache-ams21051-AMS, cache-hel1410033-HEL\r\nx-cache: HIT, MISS\r\nx-cache-hits: 124, 0\r\nx-timer: S1764742344.876999,VS0,VE26\r\naccess-control-allow-origin: *\r\ncontent-length: 123745\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":123745,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=2, software=Adobe After Effects CC 2018 (Windows), datetime=2021:05:05 09:50:17], baseline, precision 8, 300x250, components 3","md5":"2b4efa019f3e6f8ed46a9e8aaf0d27d2","sha1":"38987c5005d224dbf92ed4ffc259cec654a0f995","sha256":"2a7b2b42fea7d8e1924131f86cb9151c3a2271a82fc6b65a0a0ed520e5b4144e","sha512":"ad1ebc641f90ef89619dc389d41201af6a3279b7dbff188a9f776627393d2ee8b3a88f0f262135e54a02a00ae2f450d3e3a19eee5b243411d2caca79859c05ce","ssdeep":"1536:16nxjYTB8/k5pEoR3efFB3Qyb5cSREEPtgZjT8M8ziId5eho3BvhALmiyVDffEp1:sjYTBvXefFJnkTozNooRvhStODcZAeX","tlshash":"c8c38c446b530541f68df2e8d8f9e461dbf75ea48de09046f8cec83a5f0513a8d9a0eb","first_seen":"2025-11-17T06:41:31.209046Z","last_seen":"2025-12-03T06:12:56.424806Z","times_seen":2,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":70,"dns":0,"connect":0,"send":0,"wait":39,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/uploads/2025/10/SisBreeder2.jpg","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ahegao.online/npl.php/?video=SisBreeder2\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder2.jpg","date":"2025-12-03T06:12:23.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/SisBreeder2.jpg HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 108615\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Thu, 02 Oct 2025 15:14:10 GMT\r\netag: \"68de96c2-1a847\"\r\naccept-ranges: bytes\r\ncache-control: max-age=691200\r\ncf-cache-status: REVALIDATED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OnMyGz%2FJdN6oWv78YwM5i11jLKTRgoG1QGQHSol%2F5vGyBCOBo%2FUvwtKXS%2BeR2NUEKIXrPE%2BJz1oh%2Fj1GeK%2FxyETHfdyTRH2LX1z2c2U%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e9813a36b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":108615,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3, manufacturer=6414ths 770rns, software=Video Thumbnails Maker v15.3.0.0a, copyright=SUU Design], baseline, precision 8, 827x475, components 3","md5":"dfb47033a8e99be17ee972c2f6c17899","sha1":"a884c62bea6666cadf53fc6aa461c84541c9e5ce","sha256":"37b128bb55ccce916c4f76b5fba204b13f577e5bfd166f9d33a5b72f6b3b1d13","sha512":"689c0978fa5fd87fb8788ae7da81cb5ec057e5847b118900854eb9454c84d6e1e98fd58a8a400f44354c383f509ec734c594918b825a578cd96f8cab372be3a3","ssdeep":"3072:c3XcUfymmJd0zk334h1zQFdOze4MLcdGQ:ciV0zM47TMq","tlshash":"25b302681d7c2225bbaea575540d4821fe269790b2f0792f0f90387dbfe36d5360fa42","first_seen":"2025-12-03T06:12:56.426131Z","last_seen":"2025-12-03T06:12:56.426131Z","times_seen":1,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/a7/creatives/39/524/800869/996559/996559_logo.png","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://a.adtng.com/get/10009643?time=1583262877801","date":"2025-12-03T06:12:23.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /a7/creatives/39/524/800869/996559/996559_logo.png HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: image/png\r\nlast-modified: Mon, 10 May 2021 13:11:17 GMT\r\netag: \"3cf3-5c1f983466740\"\r\nexpires: Fri, 13 Mar 2026 13:45:57 GMT\r\ncache-control: max-age=10485524, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\nage: 0\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nx-served-by: cache-ams21030-AMS, cache-hel1410033-HEL\r\nx-cache: HIT, MISS\r\nx-cache-hits: 1, 0\r\nx-timer: S1764742344.876826,VS0,VE82\r\naccess-control-allow-origin: *\r\ncontent-length: 15603\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":15603,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced","md5":"2aaacb14c0816c811151f7e5ad369e9f","sha1":"2b51b630dcbbdcd9cb0e9c298a5d4323de0f19f5","sha256":"c6f084bf2cbf871312c3c508455dfeff2bb11dc8909d98ab1a43897b16bedf4e","sha512":"45f30cf46bf21fe131b4a497d42ce6c21f967a74d1db6fa5da078a495d5f0de1962685e1a5bf96cbcfa252bc1786a0ea9371e677214d739acc4d4050c43d7026","ssdeep":"96:7SPkEWmYwzmSxNX7sc5Boa0a0a0a0a0a0a0a0T:7SPk6jmQga0a0a0a0a0a0a0a0T","tlshash":"4262a924a8f637dcd4c581721ca494025c3aa683e8c19d49b7de4c276fca7da6c0f07b","first_seen":"2023-04-23T00:15:16Z","last_seen":"2026-03-27T21:40:30.556477Z","times_seen":153,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":49,"dns":0,"connect":0,"send":0,"wait":96,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/cache/autoptimize/js/autoptimize_82037ecf4ef1c6c51fabf6ebd29cc865.js","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/cache/autoptimize/js/autoptimize_82037ecf4ef1c6c51fabf6ebd29cc865.js HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Mon, 25 Aug 2025 13:29:39 GMT\r\npriority: u=3,i=?0\r\netag: \"68ac6543-176fd\"\r\ncontent-encoding: gzip\r\nage: 617\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m17intUYfH8Dwg01XoRwkMc%2BC56UgqpMECQb%2BYScGMt%2FWIVuzYO13FM3HhjM0twbHHSHN5dJkim0C20zC2hLdQWPcjovubs%2BCcMtlUk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97ccab7b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95997,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23966)","md5":"b31ab65ba799273a61c383d591a1d807","sha1":"3c15a7672c58fd74d9055597b2a44b1b957044fd","sha256":"aa744f374fb182ed6882838439269e029bf708e0ee7b232590257925e2c32ecb","sha512":"ba8debfba974ff53d0e4d9bd3c2c149c8c6151a538abd7bc4945675bb7c9894a3ae3ab77afad7d907a9e0810a8811549f0637ae85182c822c0e9cb3cb5121508","ssdeep":"1536:0rP7Q+hBMCMrFXXPhJ0Ixkgxb2RdtIP4NnrROavPFzULNuIxQ8OQth8ZqfBk5sX2:0rPU+8Prpb0KadtIP4NnsRxzhth8ZWX2","tlshash":"4e93194f7310322646abb1ba916f020f7137a66da906805cb17ad8eb5d7d84e6133f7c","first_seen":"2025-11-17T06:41:31.153967Z","last_seen":"2025-12-03T06:12:56.428218Z","times_seen":2,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js","fqdn":"hw-cdn2.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"151.101.67.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.adtng.com/get/10000867?time=1583262438188","date":"2025-12-03T06:12:23.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:67:8C:D2:F3:88:16:3D:99:D4:20:FD:1B:49:11:66:D1:6A:9F:43","sha256":"1A:A3:49:5D:8F:EA:EA:8E:F5:2F:82:5F:FF:33:C6:FF:50:0C:CF:FF:CA:65:5C:0A:74:2F:DB:27:1B:12:CF:EA"}}},"request":{"raw":"GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1\r\nHost: hw-cdn2.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 05 Apr 2022 20:54:54 GMT\r\netag: \"41f5-5dbee74f4a3c8\"\r\nexpires: Fri, 25 Apr 2025 21:03:14 GMT\r\ncache-control: max-age=10646761, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 944458\r\nx-served-by: cache-ams21065-AMS, cache-hel1410024-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 70, 1615\r\nx-timer: S1764742344.909132,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 16885\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16885,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16885), with no line terminators","md5":"48c80c7c28b5b00a8b4ff94a22b72fe3","sha1":"d57303c2ad2fd5cedc5cb20f264a6965a7819cee","sha256":"6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356","sha512":"c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658","ssdeep":"192:/u+H3An7ybVSpBjen6K1GegJjgF+TDg91wTr1PH3kV/LQB3OJIuq/Y4RBF4B3ve:/vAvUxEtkmZZY4RBF4hve","tlshash":"4572954c7250f0f743c39522413f120ff3369898b15a90687369d8fa6cb889e6267f79","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-07T06:22:11.761861Z","times_seen":2343,"resource_available":true,"data":null}},"time_used":212,"timings":{"blocked":82,"dns":26,"connect":29,"send":0,"wait":16,"receive":3,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.adtng.com/track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiNTI0Iiwic2lkIjoiMTAwMDk2NDMiLCJuaWRzIjoiNTIxNDIiLCJkeW5fZG1uIjoiIiwiY3JpZCI6Ijk5NjU1OSIsInN2IjoiNjI5MCIsInJlZl9kbW4iOiJhaGVnYW8ub25saW5lIiwiZXh0X2NpZCI6IiIsInRzbmFtZSI6IkFGRiIsImNyYyI6IjYiLCJjbiI6IjMwMFgyNTBfTlRLX0hIX0pTIiwibmlkIjoiNTIxNDIiLCJleHRfcHViIjoiIiwiY3JwIjoiMTYuNjciLCJ0aWQiOiIyIiwiaXQiOiIwM1wvRGVjXC8yMDI1OjA2OjEyOjIzICswMDAwIiwiY2MiOiIxIiwic25jaWQiOiIxMDk2MjUiLCJjaWQiOiIzODE4MyIsImV4dF91aWQiOiIiLCJjcCI6IjEwMCIsInNuY2NpZCI6IjIxNjQyODIiLCJpaWQiOiIxNDE5ZDNmNmRiMzE0M2RjMDg3NDBjZDEyZjFmNTgzMCIsImV4dF9paWQiOiIifQ==?unique_view=1","fqdn":"a.adtng.com","domain":"adtng.com","tld":"com"},"ip":{"addr":"66.254.114.171","port":443,"asn":29789,"as":"REFLECTED","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://a.adtng.com/get/10009643?time=1583262877801","date":"2025-12-03T06:12:24.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adtng.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 30 Jun 2025 00:00:00 GMT","end":"Tue, 28 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:67:8C:D2:F3:88:16:3D:99:D4:20:FD:1B:49:11:66:D1:6A:9F:43","sha256":"1A:A3:49:5D:8F:EA:EA:8E:F5:2F:82:5F:FF:33:C6:FF:50:0C:CF:FF:CA:65:5C:0A:74:2F:DB:27:1B:12:CF:EA"}}},"request":{"raw":"GET /track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiNTI0Iiwic2lkIjoiMTAwMDk2NDMiLCJuaWRzIjoiNTIxNDIiLCJkeW5fZG1uIjoiIiwiY3JpZCI6Ijk5NjU1OSIsInN2IjoiNjI5MCIsInJlZl9kbW4iOiJhaGVnYW8ub25saW5lIiwiZXh0X2NpZCI6IiIsInRzbmFtZSI6IkFGRiIsImNyYyI6IjYiLCJjbiI6IjMwMFgyNTBfTlRLX0hIX0pTIiwibmlkIjoiNTIxNDIiLCJleHRfcHViIjoiIiwiY3JwIjoiMTYuNjciLCJ0aWQiOiIyIiwiaXQiOiIwM1wvRGVjXC8yMDI1OjA2OjEyOjIzICswMDAwIiwiY2MiOiIxIiwic25jaWQiOiIxMDk2MjUiLCJjaWQiOiIzODE4MyIsImV4dF91aWQiOiIiLCJjcCI6IjEwMCIsInNuY2NpZCI6IjIxNjQyODIiLCJpaWQiOiIxNDE5ZDNmNmRiMzE0M2RjMDg3NDBjZDEyZjFmNTgzMCIsImV4dF9paWQiOiIifQ==?unique_view=1 HTTP/1.1\r\nHost: a.adtng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/get/10009643?time=1583262877801\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: openresty\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\ncontent-type: text/html\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With\r\ncontent-encoding: gzip\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version\r\nalt-svc: h3=\":443\"; ma=3600\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-07T06:11:49.187712Z","times_seen":13450766,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/uploads/2025/10/SisBreeder1.jpg","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ahegao.online/npl.php/?video=SisBreeder1\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder1.jpg","date":"2025-12-03T06:12:23.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/SisBreeder1.jpg HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 108922\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Thu, 02 Oct 2025 15:14:07 GMT\r\netag: \"68de96bf-1a97a\"\r\naccept-ranges: bytes\r\ncache-control: max-age=691200\r\ncf-cache-status: REVALIDATED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XQEzdVRlRT2iH1bpr%2FvaU75%2FauHHHwGKWNR3dQCG1dHk%2BsF8GcZTydtK7aINVnlsWn8BCqguGkypsYC%2Bstkofs4O5RE2ucmaJ0kcvew%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e9813a3ab1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":108922,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3, manufacturer=6413ths 770rns, software=Video Thumbnails Maker v15.3.0.0a, copyright=SUU Design], baseline, precision 8, 827x475, components 3","md5":"73e22245be15b43135a21f4e2192b10d","sha1":"83926e3fc51f99ffab8f5b0038876fa42de06319","sha256":"0501ffb2cac37f1e281360608c473baa7f646ecc441d35c2c0eeb8a62b80117b","sha512":"2326418b87fdd12bdc1e609db1131fafbd9b7ccf2ba855ff71c3678e7d7fa5d604097a3df7ffc12926e3dc654037c1f01be7c31ffda149dd257371911f009275","ssdeep":"1536:iZPLbFzAGPyr/3+7aDoZYjO/KoakAcprVPndhSE06g9dP7XzUZfDVl1yMhmOJiI/:+P9z4/3+7aDGbBZ3VhSDBPj2fRLy6xcu","tlshash":"07b312a7152ab1d093499534f8bc0c436105adb4bfc67b0d295ab9fcbec750bc649eb0","first_seen":"2025-12-03T06:12:56.429565Z","last_seen":"2025-12-03T06:12:56.429565Z","times_seen":1,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/facebook.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.addtoany.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 11:09:43 GMT","end":"Thu, 22 Jan 2026 12:09:34 GMT"},"fingerprint":{"sha1":"3F:6D:53:3B:25:E4:B5:69:34:6D:82:6E:A3:EA:44:C4:1A:02:CB:9F","sha256":"CF:76:D7:4B:B7:BF:99:66:AA:52:8E:58:28:41:BB:B8:E6:AA:2A:BC:57:93:41:D8:2A:B5:3E:F5:FD:49:E5:C3"}}},"request":{"raw":"GET /menu/svg/icons/facebook.js HTTP/1.1\r\nHost: static.addtoany.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.addtoany.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: max-age=7776000, stale-while-revalidate=30, public\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QtxSi1RyRIQQJlT0rPWOA%2FsO%2BRZovpMmW%2FpGjkE82l6y2reJSHBrtjVoEd1uwUDRLw%2BI2pW6O%2BUawcpiCAO7Z7SaYCEvbnJA6ERDoZPqtWxPSmyj93s8nQmym3%2FW\"}]}\r\netag: W/\"68925fa8e347041c6006837e73c518bc\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 26024\r\ncf-ray: 9a80e9800e230b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":429,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (429), with no line terminators","md5":"014bcc757e484e12e3aea6c9d768fd4b","sha1":"4c17157d0012f8002e4e6cf77c5f4a9747792cf4","sha256":"4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49","sha512":"b00fab0ce2e56b56c18e0dc54ac3329d77fc18096e63bc2aef34342770f40dac91c10f7a8a9db1dcc5ce42fbafe637fcb1fdd51994ef937aa00923375476d467","ssdeep":"","tlshash":"dae0ab951236d9864d51093ec71fa48fb3b0b67fa1d8298006bc80b289d20fd3e0ba03","first_seen":"2024-04-12T16:11:44Z","last_seen":"2026-04-07T06:31:11.772949Z","times_seen":16908,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js","fqdn":"hw-cdn2.ang-content.com","domain":"ang-content.com","tld":"com"},"ip":{"addr":"151.101.3.52","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://a.adtng.com/get/10009643?time=1583262877801","date":"2025-12-03T06:12:23.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ang-content.com","organization":"AYLO Premium Ltd"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 18 Sep 2025 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:85:31:86:5B:3D:BC:C6:72:9A:EF:DB:90:03:59:87:52:43:B0:5A","sha256":"90:34:33:39:E2:D4:23:D7:93:5E:3D:F6:82:61:E0:CE:2B:1D:64:66:59:0E:7F:95:8A:5B:1B:6D:25:4B:8D:D8"}}},"request":{"raw":"GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1\r\nHost: hw-cdn2.ang-content.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://a.adtng.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.19.9.1\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 02 Nov 2018 14:17:11 GMT\r\netag: \"13a3-579af30f7688b\"\r\nexpires: Thu, 24 Apr 2025 01:07:43 GMT\r\ncache-control: max-age=10488628, stale-while-revalidate=86400, stale-if-error=86400\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 1335538\r\nx-served-by: cache-ams2100110-AMS, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 55, 18770\r\nx-timer: S1764742344.876602,VS0,VE0\r\naccess-control-allow-origin: *\r\ncontent-length: 5027\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.19.9.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":5027,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5027), with no line terminators","md5":"5e5817bcf4c82c7c85d1d88636d221ce","sha1":"b5c32cc6c931c33c1297884016e13d3b9a5bf261","sha256":"6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c","sha512":"08176e8fd06443f72738a279e22a28b4fd340e22d1abbf9a04f131286598cf1be98a79cbe776b37380fa3d6d396e431e3d8ba38f0b73fb0f3261b8753dccf706","ssdeep":"96:SyJLyojtnYt2b4PIdQXahVCzS3u7CuEi7rh2dC2+A4coFLULlpUsPK:rmXax3GCri7rpA4TFejC","tlshash":"1ea18301197529364cf82561911f2e6f42a286255a9bbca1c3c2fe44fcf5e53145bff3","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-07T06:22:11.787139Z","times_seen":2325,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":71,"dns":27,"connect":13,"send":0,"wait":16,"receive":2,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/oswald/v57/TK3iWkUHHAIjg752GT8G.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/oswald/v57/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 28488\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 26 Nov 2025 16:22:50 GMT\r\nexpires: Thu, 26 Nov 2026 16:22:50 GMT\r\ncache-control: public, max-age=31536000\r\nage: 568174\r\nlast-modified: Wed, 10 Sep 2025 16:46:11 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28488,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28488, version 1.0","md5":"22c3b00d2e65fb2c876a292423108958","sha1":"3c61d84659817fef687045bbfa0e1da9568e164b","sha256":"bd73278ee0c50041b91b4c03d1229e35b501637f46b6409e7da2d3a758446ea5","sha512":"33954d8a7ed3c87b3af8577bbae9439b9efba2a64445463d893681dad085bb8630d31c995ce010510a9c732926017dba9d5fd5002d0000ec1488b61889d6ddfe","ssdeep":"384:jlzdJfoB5YJ2kG1CdQegm8m00xr19KB668/BOTqE85gyqvPA34uEomcGvpMwvg84:jlzdyBzhIb0u1QB6vBOv8uvPAovJCs4","tlshash":"cfd2e0195e9673efe4552d3ea830affe91e32aad30507162c5db6c1155c438bc8e4ec4","first_seen":"2025-09-11T19:05:43.498829Z","last_seen":"2026-04-07T06:50:02.34408Z","times_seen":18432,"resource_available":false,"data":null}},"time_used":396,"timings":{"blocked":191,"dns":0,"connect":35,"send":0,"wait":9,"receive":3,"ssl":151},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-77858295-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:33:43 GMT","end":"Mon, 19 Jan 2026 08:33:42 GMT"},"fingerprint":{"sha1":"4E:9E:D1:61:E4:7D:C2:8A:B6:AD:D2:31:C7:07:01:E4:DB:A0:A7:A9","sha256":"C5:DD:D4:CA:97:B7:B5:8C:B4:99:E8:56:30:AC:1B:F0:FD:7C:5A:FD:19:ED:13:D0:27:D6:0B:76:C7:C7:A0:66"}}},"request":{"raw":"GET /gtag/js?id=UA-77858295-1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nexpires: Wed, 03 Dec 2025 06:12:23 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 111053\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":319169,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5911)","md5":"d749f5d6bfbdcb8af25cad951573f468","sha1":"10ed7d488682f151271e4e55a1375b1e53bfa6fd","sha256":"a96a8bda56a8d5a7313fd216dc7c21303b9aa836ff1c9c5f1195fec741c9e1df","sha512":"27e5e21d126259c0ada6d31d0ae6f7b02ffa3a349dff6590d301cf434be19e550f78ba24cbc2feaf97b3c23fcb92cd2b6c0cba5c7da562bddde03327f3626109","ssdeep":"6144:2WgdtyDUI23ju0IVW66O7GQUO7LcUUfecq:lsoUHjuGO7bht","tlshash":"c46409cd73da742243a3a474503f018ba27b69d2f84cc895f186d9d52e70aaa4277f3d","first_seen":"2025-12-03T06:12:56.432099Z","last_seen":"2025-12-03T06:12:56.432099Z","times_seen":1,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":103,"dns":1,"connect":8,"send":0,"wait":31,"receive":24,"ssl":97},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/modules/core.oafg07ee.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.addtoany.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 11:09:43 GMT","end":"Thu, 22 Jan 2026 12:09:34 GMT"},"fingerprint":{"sha1":"3F:6D:53:3B:25:E4:B5:69:34:6D:82:6E:A3:EA:44:C4:1A:02:CB:9F","sha256":"CF:76:D7:4B:B7:BF:99:66:AA:52:8E:58:28:41:BB:B8:E6:AA:2A:BC:57:93:41:D8:2A:B5:3E:F5:FD:49:E5:C3"}}},"request":{"raw":"GET /menu/modules/core.oafg07ee.js HTTP/1.1\r\nHost: static.addtoany.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: max-age=315360000, immutable\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FoFqebPJmOMGpmulY2HRmcSxffl3ZXPVNZzDCXZJengBOa3EOBWVOtTuo6TFaOpVZ%2BxsqqiCirm773CCWSxmqrDsjEIKZnEPvuC4AMIC0bWerUIblOxMLyGx2Q%3D%3D\"}]}\r\netag: W/\"c24c44a1988676fe88781355cb3740b1\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 1393\r\ncf-ray: 9a80e97e5e1a0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":72512,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"7a0efe46283cac93dd3c057bc30548a5","sha1":"e488c97789dd77545c8bcfff0efbaea93f9adbd0","sha256":"292d24e79b1e264ced629c35d3b59a7a83093f972cdd0eac61e7b32189964772","sha512":"a04fd7ce8bc19db42cefa9bcfd3cdcc1b2766f2b89f33a6abb10e67d0853a29cd5715a30aa92de70bdc8b00c2a5cbdb519be310adf8f6bcdc51d1dd1f37cda72","ssdeep":"1536:e8fJLQgdDGsto0AnVnCN2kw3vnNvCAvJd84OZQrKxRNa6upg1fE3i4BQ:VfKg6PvCulOmrKxiNpg1eQ","tlshash":"16635c9f37066937aa1b30e8a8efa508a037275e9e080954f5a5d4b511fdecd3067f2c","first_seen":"2025-10-23T06:03:39.901486Z","last_seen":"2026-04-07T01:03:10.188649Z","times_seen":16592,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.addtoany.com/menu/svg/icons/pinterest.js","fqdn":"static.addtoany.com","domain":"addtoany.com","tld":"com"},"ip":{"addr":"172.66.171.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.addtoany.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 11:09:43 GMT","end":"Thu, 22 Jan 2026 12:09:34 GMT"},"fingerprint":{"sha1":"3F:6D:53:3B:25:E4:B5:69:34:6D:82:6E:A3:EA:44:C4:1A:02:CB:9F","sha256":"CF:76:D7:4B:B7:BF:99:66:AA:52:8E:58:28:41:BB:B8:E6:AA:2A:BC:57:93:41:D8:2A:B5:3E:F5:FD:49:E5:C3"}}},"request":{"raw":"GET /menu/svg/icons/pinterest.js HTTP/1.1\r\nHost: static.addtoany.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.addtoany.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: max-age=7776000, stale-while-revalidate=30, public\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kbM43yQ8pWOgBv6Z7bKUq1uZ3aXHFtmYC63kGdoCp2lzeNe9mkHL6ai9o9Vg46qbhMQrIwjqZuACP4A%2FwLaju61Sz672W7Y7Gx7rR95EOQ%3D%3D\"}]}\r\netag: W/\"b83511f1e536e2440b4e06f3278d8a84\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\nage: 618\r\ncf-ray: 9a80e9801e250b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":892,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (892), with no line terminators","md5":"829f9f104207e6afc27f967b307d594a","sha1":"b7f2a19ff6f22e82eccce298a79a043134a3ccd8","sha256":"af131f38af73817b1fbcd3381d88c95f4123b4b5a58ca4bd0872a68f29cbbf2d","sha512":"26defdd6b42b384b157642e39d8144524484591b32b8e8689b114551fc8c7d69dc11cb903a202ed1c70a86498b08fcac8be9f18e9eb2c5c9ff2dc3d3a0b060df","ssdeep":"","tlshash":"d61100e7471092cc08cdbd6e9f1a149ba71d7cbd2fa901d2150ece7498d3988ec0390a","first_seen":"2024-04-19T15:00:28Z","last_seen":"2026-04-07T04:44:34.70402Z","times_seen":1589,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/uploads/2025/10/SisBreeder1.mp4","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/SisBreeder1.mp4 HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 617137\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nlast-modified: Thu, 02 Oct 2025 15:21:01 GMT\r\netag: \"96ab1-6402e886317b3\"\r\nage: 5318887\r\ncache-control: max-age=31536000\r\nexpires: Fri, 02 Oct 2026 16:44:16 GMT\r\ncontent-range: bytes 0-617136/617137\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UndYH%2BUtPsXQmhpS6ONNrmHsjhYPxwvlZvu6SFCRdRFVp%2F0tPi%2Fm0l3v4Z78PDeyoAgarYzLSaySPdCx%2FdMJJMGrdIce0oW8qudKP1c%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e97efe98b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":617137,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"03b68c2f69c0851f304aa1c3bdb086b1","sha1":"de54bea6cc8e83ff6671faa9ec79ef5347617291","sha256":"931d046ed052f12417c2a393604e25a54430b493895131468d3f073799f4eda2","sha512":"2cd29a14f1f7da7132f163b87a2bd45a70ce6bc928ffdeabc20716381e58613af0edadf09b59a8e05af94017e0b0841840e687e1aeca0cfeacd506cdf8b2fbef","ssdeep":"12288:vp0pvWUChjGHgpDKm3X0NXj5sIn2nHMz4x/T/laq1+6+cao0/Z5Pp:vNfGH/mHYpKpx/gqE6haDhJp","tlshash":"a8d42318f7b80244c4589effbb9107143366c9a91d813f2feca8a918dfbb8395d654d4","first_seen":"2025-11-17T06:41:31.202033Z","last_seen":"2025-12-03T06:12:56.434352Z","times_seen":2,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3dhq1.org/video/SisBreeder2.mp4","fqdn":"3dhq1.org","domain":"3dhq1.org","tld":"org"},"ip":{"addr":"151.80.18.202","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ahegao.online/npl.php/?video=SisBreeder2\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder2.jpg","date":"2025-12-03T06:12:24.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"3dhq1.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 15:36:40 GMT","end":"Mon, 19 Jan 2026 15:36:39 GMT"},"fingerprint":{"sha1":"A7:72:84:DC:4C:CB:FA:63:B3:46:7B:CD:E3:07:E1:B7:7A:98:34:5C","sha256":"29:7C:44:E1:82:BE:33:4D:AD:67:42:47:1E:74:2A:D9:B6:63:31:6D:AD:80:86:27:D6:E9:09:2E:C8:80:85:1B"}}},"request":{"raw":"GET /video/SisBreeder2.mp4 HTTP/1.1\r\nHost: 3dhq1.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 206 Partial Content\r\nDate: Wed, 03 Dec 2025 06:12:24 GMT\r\nServer: Apache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, close\r\nLast-Modified: Fri, 10 Oct 2025 13:45:11 GMT\r\nETag: \"16cfeabd-640ce2067a82e\"\r\nAccept-Ranges: bytes\r\nContent-Length: 382724797\r\nContent-Range: bytes 0-382724796/382724797\r\nContent-Type: video/mp4\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":39866,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"92a0f848af45cae0823ca4cedd2bb8ed","sha1":"958a2a4de3f0ecb0ce0d875be39bda12a274565e","sha256":"6a4e295a66cfb588e2f2eaf95837d2703f04c68ebd2c2ed2b8db596ecd2a746d","sha512":"032d10c55d40b6049327626af0614f7760256ff768b1c62908fc1714112f37b5dcd47b2fc0a84e03f3205272d28fb49f63465fea789a140da857707b679f8814","ssdeep":"768:SQE/8KO1IIkn0r3PSXqDewf2lLaUw5QohmLQpn7k5Hb43eiI2fY/vJgMTpKYXzw:I0gh0r3KUjihw5QhsV0Hk9YJNpKYXzw","tlshash":"4a03f1b513e249e1fd7953713dfe873b203b9c42455c63dbaa728864b8c42c55eea02b","first_seen":"2025-12-03T06:12:56.435856Z","last_seen":"2025-12-03T06:12:56.435856Z","times_seen":1,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":44,"dns":0,"connect":26,"send":0,"wait":35,"receive":61,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.mysteriousimprovement.com/ecc874/8432b5c32887.js","fqdn":"www.mysteriousimprovement.com","domain":"mysteriousimprovement.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:23.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.mysteriousimprovement.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 07:05:05 GMT","end":"Sun, 01 Mar 2026 07:05:04 GMT"},"fingerprint":{"sha1":"25:FF:72:C9:84:1F:71:3B:23:E6:0D:E6:D3:CD:8F:25:1D:14:1A:E4","sha256":"1E:A4:05:8F:AD:A8:A9:DC:13:2C:96:AC:CD:B0:34:57:05:F5:9B:D4:A5:9C:66:00:59:0F:03:49:CD:40:92:73"}}},"request":{"raw":"GET /ecc874/8432b5c32887.js HTTP/1.1\r\nHost: www.mysteriousimprovement.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-type: text/plain\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:23 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\ncache-control: max-age=172800\r\ncontent-encoding: gzip\r\nexpires: Fri, 05 Dec 2025 06:12:23 GMT\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103683,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"e75be77cc28e1a0b2ba17d21010ed4e6","sha1":"a95fd5a5354710979b3438d136a0c385d9bdb421","sha256":"df0d6945ef99d5d815c4860c06e855a54e09246704730a8e6b3eeb4616ae91d6","sha512":"ca7f0317944ea65357e6d2390a79b012c98f9f95365be840677136b4ac95af703e665a7639aa4adbd335ff2d072dc2e69a15697678b3748566305027bf7db099","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvD0:OijxEQq3P5Enne9zkWHLm","tlshash":"b0a33461350b64fd2ad0c1e7eb6b20886c295810e469cca1ecd1d7c7d6eb8e3429b5f7","first_seen":"2025-12-01T09:43:27.5577Z","last_seen":"2025-12-03T06:12:56.421063Z","times_seen":38,"resource_available":true,"data":null}},"time_used":137,"timings":{"blocked":29,"dns":24,"connect":19,"send":0,"wait":39,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3dhq1.org/video/SisBreeder1.mp4","fqdn":"3dhq1.org","domain":"3dhq1.org","tld":"org"},"ip":{"addr":"151.80.18.202","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ahegao.online/npl.php/?video=SisBreeder1\u0026poster=https://ahegao.online/wp-content/uploads/2025/10/SisBreeder1.jpg","date":"2025-12-03T06:12:24.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"3dhq1.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 15:36:40 GMT","end":"Mon, 19 Jan 2026 15:36:39 GMT"},"fingerprint":{"sha1":"A7:72:84:DC:4C:CB:FA:63:B3:46:7B:CD:E3:07:E1:B7:7A:98:34:5C","sha256":"29:7C:44:E1:82:BE:33:4D:AD:67:42:47:1E:74:2A:D9:B6:63:31:6D:AD:80:86:27:D6:E9:09:2E:C8:80:85:1B"}}},"request":{"raw":"GET /video/SisBreeder1.mp4 HTTP/1.1\r\nHost: 3dhq1.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=355008512-\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 206 Partial Content\r\nDate: Wed, 03 Dec 2025 06:12:24 GMT\r\nServer: Apache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, close\r\nLast-Modified: Fri, 10 Oct 2025 13:45:10 GMT\r\nETag: \"1537b051-640ce2058e300\"\r\nAccept-Ranges: bytes\r\nContent-Length: 962641\r\nContent-Range: bytes 355008512-355971152/355971153\r\nContent-Type: video/mp4\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":962641,"size_decoded":0,"mime_type":"video/mp4","magic":"data","md5":"0335d6dd4f0b2df41a3e4a0594afc56d","sha1":"fb5beb7bce6abb7498c2780b864f0616364c833f","sha256":"b4250000b6b765caae0c7e84bff97016d96813d33579832ed4aa03e6553cd5d4","sha512":"631d50f28d8ad60ff034be343506d06435f8f49d9d91a1a9ed7ae36276390879b1801b0aee72878aa8db63e6dca37e8f25381287f92470fbd7931f05dd93ab7a","ssdeep":"6144:vv+VRektbZAnvXdt1S5x8suCZNy6LKS76JzH9YSt/MYWobFNKARtxgJsNhCoojt/:X+VR1ovQ5xruS36JDrvbLHoUgpW2","tlshash":"e6256e07ff87690aee580bb550c1c35672a7c9dc5a0b034b5a92ba9bfd066e41c873f1","first_seen":"2025-12-03T06:12:56.437039Z","last_seen":"2025-12-03T06:12:56.437039Z","times_seen":1,"resource_available":false,"data":null}},"time_used":477,"timings":{"blocked":77,"dns":0,"connect":25,"send":0,"wait":32,"receive":288,"ssl":50},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s3t3d2y1.afcdn.net/library/438437/054f712507e8e0f998bbbbb7897e9c0673db9723.webp","fqdn":"s3t3d2y1.afcdn.net","domain":"afcdn.net","tld":"net"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"afcdn.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 08:07:09 GMT","end":"Sun, 15 Feb 2026 08:07:08 GMT"},"fingerprint":{"sha1":"D3:C9:14:6D:49:05:D6:87:28:B7:79:C6:11:35:DB:EF:46:6C:F0:3A","sha256":"1E:5D:69:3F:A3:FD:B0:61:24:60:5A:03:3F:0B:14:DF:B9:58:C1:4E:35:95:E5:A2:84:FA:5F:50:B4:D0:CA:C7"}}},"request":{"raw":"GET /library/438437/054f712507e8e0f998bbbbb7897e9c0673db9723.webp HTTP/1.1\r\nHost: s3t3d2y1.afcdn.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8746\r\nlast-modified: Wed, 02 Nov 2022 12:17:31 GMT\r\netag: \"63625fdb-222a\"\r\naccept-ch: \r\nexpires: Mon, 16 Dec 2024 17:18:19 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, follow\r\nx-77-nzt: EwwBX63NDQH345jKAQwBuUwKCQH3BgEAAAwBJRPCLgG3A9oEAA\r\nx-77-nzt-ray: 2a494a157e43766eedd42f69b9a8ca0f\r\nx-77-cache: HIT\r\nx-77-age: 30054627\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":8746,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"cf693455a9d08dc9dcb6fa48850f812b","sha1":"054f712507e8e0f998bbbbb7897e9c0673db9723","sha256":"ecb2c65f18b9318c90f645816a88ad835ebad1364b6276f5d9f9772463ded05a","sha512":"a2f1099539ac190bd407a54143bef1793276e5ad11ab273cb2e953cf56d3689880772407efa1ff856558c3aebf695ec1a2fd9a100bc433a23b6326b542914cf8","ssdeep":"192:GAPI8wBhwcuBWmNtIJU+YS27OWvoHhYONz4buYhT/kLZaWg7ar7Lq:DAJBDNmNtIexS27whLNzctT/kL9r7O","tlshash":"b502bf10816b35f7cf67edd0822a9a390cbe475ae400d7f6748e9b41e41ba151216df5","first_seen":"2024-11-01T00:40:34.183606Z","last_seen":"2026-04-04T17:35:54.629741Z","times_seen":127,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-02","alert":"Sinkholed","trigger":"s3t3d2y1.afcdn.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/wp-content/uploads/2016/05/cropped-hana_by_imarx67-d8t6y6q-120x120.png","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /wp-content/uploads/2016/05/cropped-hana_by_imarx67-d8t6y6q-120x120.png HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ahegao.online/sis-breeder-episode-1-2/\r\nCookie: _ga_FYJMCF9B38=GS2.1.s1764742344$o1$g0$t1764742344$j60$l0$h0; _ga=GA1.1.667334147.1764742344\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:24 GMT\r\ncontent-type: image/png\r\ncontent-length: 26080\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nlast-modified: Fri, 10 Jun 2016 01:12:22 GMT\r\netag: \"575a13f6-65e0\"\r\naccept-ranges: bytes\r\nage: 671\r\ncache-control: max-age=691200\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=khU9XptHsC6GuZUT0gwEJ%2FaJW468nTC2qp2BuM1NlhpXI4U7q4rzPY82%2Bfli6meZc1zgejCXzeG93noJNty8jn%2BD4C2FMzTyZ9yENaA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a80e9847fcfb1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26080,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"2d3c87b4f0894bbbdc6054018ad5e70c","sha1":"c82ef45f4b6c9e35e738c10c1b1967dd90b014e9","sha256":"859c60f3cc50f89c03ac5431792117cdd7ddff0bd93fa4980728ceb15362c1cf","sha512":"3e6dbf94c8edd03d3c19436d9f1865782bde2de27c9f598d5fb7a1782819ed759e87f0b013ce2d7c5183d640e1e3f7f81f8424a45268337052f79df54cffc769","ssdeep":"384:jCjrgKLtoy/36zMXw7o5migeQYGpKQoHHDVHVshjkp8w6u0qMs00o+93dB:jCjrg0o1zM2+m9vYTHHBTp8N3B0V93/","tlshash":"d6c2d1ef8800ce88ec1ba17382005db6e7b4e650117a7955d0e1c48d346eadb68efce7","first_seen":"2025-11-17T06:41:31.147399Z","last_seen":"2026-02-28T15:38:33.993112Z","times_seen":4,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ahegao.online/sis-breeder-episode-1-2/","fqdn":"ahegao.online","domain":"ahegao.online","tld":"online"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T06:12:22.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ahegao.online","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 19 Oct 2025 18:47:50 GMT","end":"Sat, 17 Jan 2026 19:42:18 GMT"},"fingerprint":{"sha1":"99:CA:E0:B6:D6:75:20:12:DD:16:A6:1F:73:2C:7A:F4:81:B2:90:46","sha256":"3B:48:D3:DE:0A:43:50:63:2A:64:F6:71:27:1B:1A:1B:A0:89:43:D6:95:F3:72:A5:23:33:52:0D:D7:30:6D:80"}}},"request":{"raw":"GET /sis-breeder-episode-1-2/ HTTP/1.1\r\nHost: ahegao.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 06:12:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SoXEZP1frt0P45qHr2aQZVoNx%2Bi3M04OXbvOeZdU2mLZtF%2BJhl%2BTmJaSP8Q0OSrFT0vNtva1ArSzWdvpi77bAv9eSmjy3V2OchIR\"}]}\r\nx-powered-by: PHP/7.4.20\r\nlink: \u003chttps://ahegao.online/?p=17863\u003e; rel=shortlink\r\ncache-control: max-age=1000\r\nexpires: Wed, 03 Dec 2025 06:29:02 GMT\r\nvary: accept-encoding\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a80e97b1f390afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:7.4.20","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"AddToAny","description":"AddToAny is a universal sharing platform that can be integrated into a website by use of a web widget or plugin.","website":"https://www.addtoany.com","common_platform_enumeration":"","icon":"AddToAny.svg","categories":["Widgets"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":37401,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (11834)","md5":"0637326c8043cdea3ae6b8282df0645f","sha1":"69353a6f5235f13293c0126ef2d37680c49ac8ce","sha256":"2ec6fe9619560cab8958f5b99e827d97aa7bb206aba5f4be3d88aa8b7b9400bf","sha512":"0a172f34078c9baf73bc8a835df96e40e29e21e895f454acd261cb751553fd5c8ee9f8ed7f513f3407ed37c9334fb2c22f6aa4346abf1ce2d75e420c33119f93","ssdeep":"384:PhNFpERXwZph0CtDyGMk72uVwFSVnkvgjGNi2KNJhUweADmQNa:PhNFkXqp2C2k72uVJV+yGNi2KN4weaNa","tlshash":"5bf2c673e9cc493782d769d4af61fb58d073425fcf00ac5bc6aa85443a62fa0e1a12cd","first_seen":"2025-12-03T06:12:56.440375Z","last_seen":"2025-12-03T06:12:56.440375Z","times_seen":1,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/oswald/v57/TK3iWkUHHAIjg752GT8G.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ahegao.online/sis-breeder-episode-1-2/","date":"2025-12-03T06:12:24.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/oswald/v57/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ahegao.online\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 28488\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 26 Nov 2025 16:22:50 GMT\r\nexpires: Thu, 26 Nov 2026 16:22:50 GMT\r\ncache-control: public, max-age=31536000\r\nage: 568174\r\nlast-modified: Wed, 10 Sep 2025 16:46:11 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28488,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28488, version 1.0","md5":"22c3b00d2e65fb2c876a292423108958","sha1":"3c61d84659817fef687045bbfa0e1da9568e164b","sha256":"bd73278ee0c50041b91b4c03d1229e35b501637f46b6409e7da2d3a758446ea5","sha512":"33954d8a7ed3c87b3af8577bbae9439b9efba2a64445463d893681dad085bb8630d31c995ce010510a9c732926017dba9d5fd5002d0000ec1488b61889d6ddfe","ssdeep":"384:jlzdJfoB5YJ2kG1CdQegm8m00xr19KB668/BOTqE85gyqvPA34uEomcGvpMwvg84:jlzdyBzhIb0u1QB6vBOv8uvPAovJCs4","tlshash":"cfd2e0195e9673efe4552d3ea830affe91e32aad30507162c5db6c1155c438bc8e4ec4","first_seen":"2025-09-11T19:05:43.498829Z","last_seen":"2026-04-07T06:50:02.34408Z","times_seen":18432,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":146,"dns":0,"connect":39,"send":0,"wait":10,"receive":28,"ssl":104},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}