{"report_id":"3fea1528-e4ba-4b62-aadd-6c363c59cd47","version":6,"status":"done","tags":[],"date":"2026-04-28T13:27:48Z","url":{"schema":"http","addr":"tradefun.lol","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"ip":{"addr":"172.67.168.40","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"tradefun.lol/","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"title":"TRADE — Claim Portal","dom":{"size":13760,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"cf3ebdfb97c2db8652ac2eb441d48747","sha1":"b6dbe95cb6f130b908cd129bdd4bab13bdf17439","sha256":"2b3e8520054fb921eb2a31172feeb0f747693a09b5d059d33bbd77b1b4908974","sha512":"d107783bde8d2586c0e55387f0484daceb7c6a13bf367cb2cd736eebeb4895cd06151588f04ea1a3831aed66e6d6a21e05069ececcc3fe42771f9a263288b5d2","ssdeep":"192:VNBkX5ZH+5n4RTAwdOUOOnzhpwFzMMjS6kOOBOfvWO8fNmSEpjnSMrWED1lbWxJa:HyXquVAFLLNdH5wdi","tlshash":"d252c8a6b7770065b423d6603bfb5b0a2278e107c50ac97d3bec22548fc53e999536cc","dom_hash":"domhashddac3f78e703c9f643f01d28e959cbcf","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"tradefun.lol","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"ip":{"addr":"172.67.168.40","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-02T13:27:48Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-28","alert":"Sinkholed","trigger":"tradefun.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-26T22:20:29.825994Z","alert_count":0,"request_count":1,"received_data":7670,"sent_data":502,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"tradefun.lol","ip":{"addr":"104.21.38.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":5,"request_count":5,"received_data":663897,"sent_data":2341,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-26T22:16:47.246638Z","alert_count":0,"request_count":5,"received_data":157427,"sent_data":2631,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tradefun.lol/","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"ip":{"addr":"104.21.38.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"61510521a6500d382dafe5e765a83ff7","sha1":"bd52631a08eaea191edd3e55429959b68d30de19","sha256":"4261c544bea1de13ee11cfc78dd339bcb3c5b27c9c59c1dca75b388353b5b220","sha512":"70eed4969a86562d3ade05a3c903c370798be47485ba36d48734877122601ceef3225290e127a88de7c64a8b4be27e437d43b03a0c06e3e23ca3fe7aba5c21d0","ssdeep":"","tlshash":"67c0c0808df04930060c00bf917483d430901ddca16130d7c7fd8dc7925cd800b84013","size":186,"data":"","first_seen":"2026-04-28T13:27:52.486783Z","last_seen":"2026-04-28T13:32:21.437062Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tradefun.lol/","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"ip":{"addr":"104.21.38.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"425078fdd3bab7284685766498f8b776","sha1":"ceeed058a13f86a1cecee161a74e9538fb623ae4","sha256":"3d7b3c92abc0ad6ffdfd2107cf2019e54a976789908f1d26e9f5983cb4bee001","sha512":"57942a501f8eac1e991ce2c702711f1c91d7c89da60273380af8a503ce6c02039bebaa082491af2532c3a91a6f4ab7c8e01c890f8e06f9664f8fb8721aee4f31","ssdeep":"","tlshash":"9bc08c28d8a881916f2f2104150b2f6a60322d220248b16c0efbc326c8b0bc7c0b23db","size":170,"data":"","first_seen":"2026-04-28T13:27:52.487826Z","last_seen":"2026-04-28T13:32:21.437597Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tradefun.lol/secureproxy?s=%2Fipfs%2Fa8hI1BoXB9zYLLmbPKXySgeecf600606b4d9a2be4e158016227838%3Ft%3D1777382848066","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"ip":{"addr":"104.21.38.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dd5dc514600c1b7c503030c7f876ba69","sha1":"c1cf6dc099ef22e8161e4deba58d81b5697ac1ef","sha256":"4dab21cd33e828922a55a5b4998b2dbae901346bec1b2cd6e54e528bd54674c0","sha512":"1818551da547413a0a6e89817ef03d864ec13a3a71d4b0e802fdf0860a379b468b73c68a264d9875e1418eb2e6bfa8ab63df500d2a92c35b25e99ead38c724fd","ssdeep":"6144:Ih5gDBkAOsstbFZFSXwRTMsS8chPcsdJs3wFYYH/3h8qcPOQA12Lcv0q:osBkAnXwRTMP8chPc730WW","tlshash":"5bd4eac2ab081573408a2eb5047b42afdf8c2d4d078ba85077f9afd9d74578231eee59","size":622775,"data":"","first_seen":"2026-04-28T13:27:52.482124Z","last_seen":"2026-04-28T13:27:52.482124Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=DM+Mono:wght@300;400;500\u0026family=Syne:wght@400;600;700;800\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tradefun.lol/","date":"2026-04-28T13:27:28.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:9D:A0:A4:A4:3B:62:A3:D0:B3:63:4B:5B:C3:1D:9B:09:43:3C:91","sha256":"DB:10:40:08:19:EF:D7:9C:5F:11:BC:78:DC:9F:81:F3:9E:A7:30:2F:1F:06:C8:C4:A4:DD:BC:C3:27:6F:2A:AA"}}},"request":{"raw":"GET /css2?family=DM+Mono:wght@300;400;500\u0026family=Syne:wght@400;600;700;800\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tradefun.lol/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 28 Apr 2026 13:27:28 GMT\r\ndate: Tue, 28 Apr 2026 13:27:28 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6984,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"50f31d33da3e3a060816609f643cb20f","sha1":"4505642e2746a2cf069eed555051964dfcc6247e","sha256":"d0c96ea9399722402c567032599219530a3057d5fdb53beac6daffe43a437620","sha512":"5bd5ccae9a9a9f5be6ef8590dfc82a303db64ac7c9f7a9f360e6eb85f1e19137eef7334ae6f9cef3ddb1f2547f1fd07b16403c9f7dacd8ba1e257d8f87dbb9a1","ssdeep":"192:Za+CMXH0wZdeYMt0xdeCMt+CdexMt9rdeEMtIV:5mQQPVlSO","tlshash":"b3e1cfd1046ba004eb931dc223ca7d32ee4e7151a499d5799ffd1c8cbcabd265361b0e","first_seen":"2026-03-01T18:33:04.552663Z","last_seen":"2026-04-28T13:32:21.435534Z","times_seen":7,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":89,"dns":0,"connect":15,"send":0,"wait":35,"receive":0,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tradefun.lol/secureproxy?s=%2Fipfs%2Fa8hI1BoXB9zYLLmbPKXySgeecf600606b4d9a2be4e158016227838%3Ft%3D1777382848066","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"ip":{"addr":"104.21.38.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tradefun.lol/","date":"2026-04-28T13:27:28.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tradefun.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 22:45:51 GMT","end":"Wed, 22 Jul 2026 22:45:50 GMT"},"fingerprint":{"sha1":"31:E1:0B:2F:00:DF:C7:71:5E:BD:53:BE:42:27:AE:E4:88:AD:3C:AC","sha256":"71:0C:31:70:5D:78:E3:DB:B3:B9:98:01:84:39:70:80:62:A5:44:CA:2F:5E:F0:F6:72:0D:0A:45:2B:87:62:06"}}},"request":{"raw":"GET /secureproxy?s=%2Fipfs%2Fa8hI1BoXB9zYLLmbPKXySgeecf600606b4d9a2be4e158016227838%3Ft%3D1777382848066 HTTP/1.1\r\nHost: tradefun.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tradefun.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 28 Apr 2026 13:27:28 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: max-age=2592000\r\netag: W/\"980b7-wc9twJnvIugWHk3rpY2BtWl6we8\"\r\nexpires: 0\r\npragma: no-cache\r\ncontent-disposition: attachment; filename=VganELOnnQcg8Bby6GCpyA.js\r\ncdn-proxyver: 1.51\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 04/28/2026 13:27:28\r\ncdn-edgestorageid: 1056\r\ncdn-requestid: 8441244f0ef7c3e47339d5fd38d67091\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3547CvGQUxrfVdUvykTJA2dEvbpDp9KaPXACTa0umRdPmqomPyfR06O1YiBEbUzzeWywsoO%2BnIUwKD4RVkCjyfWk%2FX2HWzZSdzEJLT%2B2rYWUZt7SHj7I%2FN6HMCJI3Ys%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f3667909ead56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":622775,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"dd5dc514600c1b7c503030c7f876ba69","sha1":"c1cf6dc099ef22e8161e4deba58d81b5697ac1ef","sha256":"4dab21cd33e828922a55a5b4998b2dbae901346bec1b2cd6e54e528bd54674c0","sha512":"1818551da547413a0a6e89817ef03d864ec13a3a71d4b0e802fdf0860a379b468b73c68a264d9875e1418eb2e6bfa8ab63df500d2a92c35b25e99ead38c724fd","ssdeep":"6144:Ih5gDBkAOsstbFZFSXwRTMsS8chPcsdJs3wFYYH/3h8qcPOQA12Lcv0q:osBkAnXwRTMP8chPc730WW","tlshash":"5bd4eac2ab081573408a2eb5047b42afdf8c2d4d078ba85077f9afd9d74578231eee59","first_seen":"2026-04-28T13:27:52.482124Z","last_seen":"2026-04-28T13:27:52.482124Z","times_seen":1,"resource_available":true,"data":null}},"time_used":905,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":805,"receive":100,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-28","alert":"Sinkholed","trigger":"tradefun.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tradefun.lol/","date":"2026-04-28T13:27:28.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tradefun.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 34608\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 24 Apr 2026 18:23:07 GMT\r\nexpires: Sat, 24 Apr 2027 18:23:07 GMT\r\ncache-control: public, max-age=31536000\r\nage: 327861\r\nlast-modified: Tue, 16 Sep 2025 13:27:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34608, version 1.0","md5":"559e8363d74f653c3f4f0a70caed2053","sha1":"0f50393efc7790d897e00024335d2c3398c13916","sha256":"68b623f0e45b905041b2edb9b2e4f563a505f13db1cd06b5f1946eb2e1f47048","sha512":"52fa63b0757b446e366b062b11b38fd9e81c5f752541b265d358d0e8a789eeb36bc322deb3e2719717401d91f9c3fa1f5cfb80a26ad9ae7451b068a88f3d5d3a","ssdeep":"768:VCLAKNFxbb9iPf3U0gTLKtAE54FB+6sfkxEpIX5yNz0zRjcUfgg:VCcgeHmTmL54F16a2aVpfB","tlshash":"d3f2f19ad9096d0dd938077603a230e6ec95197b3150f19e313a34231e7fae0a7dd6bc","first_seen":"2025-06-03T14:30:46.285622Z","last_seen":"2026-04-28T16:54:24.204397Z","times_seen":2520,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":99,"dns":2,"connect":27,"send":0,"wait":34,"receive":7,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tradefun.lol/","date":"2026-04-28T13:27:28.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tradefun.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 34608\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 24 Apr 2026 18:23:07 GMT\r\nexpires: Sat, 24 Apr 2027 18:23:07 GMT\r\ncache-control: public, max-age=31536000\r\nage: 327861\r\nlast-modified: Tue, 16 Sep 2025 13:27:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34608, version 1.0","md5":"559e8363d74f653c3f4f0a70caed2053","sha1":"0f50393efc7790d897e00024335d2c3398c13916","sha256":"68b623f0e45b905041b2edb9b2e4f563a505f13db1cd06b5f1946eb2e1f47048","sha512":"52fa63b0757b446e366b062b11b38fd9e81c5f752541b265d358d0e8a789eeb36bc322deb3e2719717401d91f9c3fa1f5cfb80a26ad9ae7451b068a88f3d5d3a","ssdeep":"768:VCLAKNFxbb9iPf3U0gTLKtAE54FB+6sfkxEpIX5yNz0zRjcUfgg:VCcgeHmTmL54F16a2aVpfB","tlshash":"d3f2f19ad9096d0dd938077603a230e6ec95197b3150f19e313a34231e7fae0a7dd6bc","first_seen":"2025-06-03T14:30:46.285622Z","last_seen":"2026-04-28T16:54:24.204397Z","times_seen":2520,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":89,"dns":0,"connect":0,"send":0,"wait":15,"receive":16,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmmono/v16/aFTU7PB1QTsUX8KYthqQBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tradefun.lol/","date":"2026-04-28T13:27:28.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/dmmono/v16/aFTU7PB1QTsUX8KYthqQBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tradefun.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14820\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 26 Apr 2026 10:32:50 GMT\r\nexpires: Mon, 26 Apr 2027 10:32:50 GMT\r\ncache-control: public, max-age=31536000\r\nage: 183278\r\nlast-modified: Mon, 15 Sep 2025 17:10:03 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14820,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14820, version 1.0","md5":"e1ed461ac183567c761537bf3eb4a574","sha1":"1a0430d40513f1eb6d4596c552b4f58761a1a0fd","sha256":"e1896b13b2b1bb112fac2f9571bd6c40e118746e77a4511edbf43fbb41bf3e1e","sha512":"02c5f74e2a41d205b7c44981bd69a8539038668c4ffab49679825178da648d8b7a870c9c147671f92753d6fd4f55baac3f0d737a9882f6c72e296a116cb7d3c0","ssdeep":"384:ZJRKFL7Wd/jIlLKEDiqGK0qvWoLlqAJB4XJ:fR6MZqGevbBVJOZ","tlshash":"f462c0fcbabc52f7c61b2a5a11482d32201660ce7271c5109aff541ceef928ad619f66","first_seen":"2025-06-03T07:55:52.433002Z","last_seen":"2026-04-28T15:59:36.211797Z","times_seen":2309,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":92,"dns":0,"connect":31,"send":0,"wait":39,"receive":1,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tradefun.lol/","date":"2026-04-28T13:27:28.283Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tradefun.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 34608\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 24 Apr 2026 18:23:07 GMT\r\nexpires: Sat, 24 Apr 2027 18:23:07 GMT\r\ncache-control: public, max-age=31536000\r\nage: 327861\r\nlast-modified: Tue, 16 Sep 2025 13:27:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34608, version 1.0","md5":"559e8363d74f653c3f4f0a70caed2053","sha1":"0f50393efc7790d897e00024335d2c3398c13916","sha256":"68b623f0e45b905041b2edb9b2e4f563a505f13db1cd06b5f1946eb2e1f47048","sha512":"52fa63b0757b446e366b062b11b38fd9e81c5f752541b265d358d0e8a789eeb36bc322deb3e2719717401d91f9c3fa1f5cfb80a26ad9ae7451b068a88f3d5d3a","ssdeep":"768:VCLAKNFxbb9iPf3U0gTLKtAE54FB+6sfkxEpIX5yNz0zRjcUfgg:VCcgeHmTmL54F16a2aVpfB","tlshash":"d3f2f19ad9096d0dd938077603a230e6ec95197b3150f19e313a34231e7fae0a7dd6bc","first_seen":"2025-06-03T14:30:46.285622Z","last_seen":"2026-04-28T16:54:24.204397Z","times_seen":2520,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":94,"dns":0,"connect":0,"send":0,"wait":36,"receive":6,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tradefun.lol/favicon.ico","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"ip":{"addr":"104.21.38.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tradefun.lol/","date":"2026-04-28T13:27:28.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tradefun.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 22:45:51 GMT","end":"Wed, 22 Jul 2026 22:45:50 GMT"},"fingerprint":{"sha1":"31:E1:0B:2F:00:DF:C7:71:5E:BD:53:BE:42:27:AE:E4:88:AD:3C:AC","sha256":"71:0C:31:70:5D:78:E3:DB:B3:B9:98:01:84:39:70:80:62:A5:44:CA:2F:5E:F0:F6:72:0D:0A:45:2B:87:62:06"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: tradefun.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tradefun.lol/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 28 Apr 2026 13:27:29 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 23 Apr 2026 23:52:51 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JhQhswjdsknPrhyV3OGoMRmbePzUvTDN9yFY06oLziPfPFB6GPboO5bXCGiyciVAtUO%2B69F4aPjX%2FgxcNil1uuoP2yQDTCTPfmgmZIC79FXfNs8b7zGG9rFcoLd5oYo%3D\"}]}\r\npriority: u=6,i=?0\r\ncf-ray: 9f366793aefd56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13490,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"a6ede4e65f6248a1b0fbfbb7955291ec","sha1":"0d89a9874609ec8452083f432cb845111f66bc5a","sha256":"29680b895d6917f05e39b3facbd0d670ff52ec7ea6e92cef50efc280f3080db2","sha512":"1488e53507ea69f3f307c60dfdc407aecb12e8d69a20e69e3eae6b6ac893b9d94ee350c8267f8307a9fc6c5adf0dda0c03ee133a02e1bda15e3fad5bcc9df92e","ssdeep":"192:PNikXJZH+5n4RTAwdOUOOnzhpwFzMMjS6kOOBOfvWO8fNmSEpjnSMrWED1lbWxJ9:VpX6uVAFLLNdL7wmK","tlshash":"2a52a796b7771065b823d5603bfb5b1a3278e107c50ac97d3bec21488fc52e999936cc","first_seen":"2026-04-28T13:27:52.484463Z","last_seen":"2026-04-28T13:32:21.434469Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-28","alert":"Sinkholed","trigger":"tradefun.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tradefun.lol/","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"ip":{"addr":"104.21.38.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-28T13:27:26.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tradefun.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 22:45:51 GMT","end":"Wed, 22 Jul 2026 22:45:50 GMT"},"fingerprint":{"sha1":"31:E1:0B:2F:00:DF:C7:71:5E:BD:53:BE:42:27:AE:E4:88:AD:3C:AC","sha256":"71:0C:31:70:5D:78:E3:DB:B3:B9:98:01:84:39:70:80:62:A5:44:CA:2F:5E:F0:F6:72:0D:0A:45:2B:87:62:06"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tradefun.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 28 Apr 2026 13:27:27 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 23 Apr 2026 23:52:51 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hcZ3awH6ut6G4NVQ6GcPi0ehdlA0pruoOMIyAObtvPE2ZEp36MP4z9bmjcnbRFEYPLOxNFdlW1MQ70zZeoWRB9w%2FaVnwHz%2FspfGxaZ%2Bghxu0oKbvwdyw4xONTQmsz2o%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9f3667878d2e35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13490,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"a6ede4e65f6248a1b0fbfbb7955291ec","sha1":"0d89a9874609ec8452083f432cb845111f66bc5a","sha256":"29680b895d6917f05e39b3facbd0d670ff52ec7ea6e92cef50efc280f3080db2","sha512":"1488e53507ea69f3f307c60dfdc407aecb12e8d69a20e69e3eae6b6ac893b9d94ee350c8267f8307a9fc6c5adf0dda0c03ee133a02e1bda15e3fad5bcc9df92e","ssdeep":"192:PNikXJZH+5n4RTAwdOUOOnzhpwFzMMjS6kOOBOfvWO8fNmSEpjnSMrWED1lbWxJ9:VpX6uVAFLLNdL7wmK","tlshash":"2a52a796b7771065b823d5603bfb5b1a3278e107c50ac97d3bec21488fc52e999936cc","first_seen":"2026-04-28T13:27:52.484463Z","last_seen":"2026-04-28T13:32:21.434469Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1394,"timings":{"blocked":87,"dns":73,"connect":1,"send":0,"wait":1220,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-28","alert":"Sinkholed","trigger":"tradefun.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tradefun.lol/icon.jpg","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"ip":{"addr":"104.21.38.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tradefun.lol/","date":"2026-04-28T13:27:28.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tradefun.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 22:45:51 GMT","end":"Wed, 22 Jul 2026 22:45:50 GMT"},"fingerprint":{"sha1":"31:E1:0B:2F:00:DF:C7:71:5E:BD:53:BE:42:27:AE:E4:88:AD:3C:AC","sha256":"71:0C:31:70:5D:78:E3:DB:B3:B9:98:01:84:39:70:80:62:A5:44:CA:2F:5E:F0:F6:72:0D:0A:45:2B:87:62:06"}}},"request":{"raw":"GET /icon.jpg HTTP/1.1\r\nHost: tradefun.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tradefun.lol/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 28 Apr 2026 13:27:28 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 8474\r\ncast-mode: default\r\nlast-modified: Thu, 23 Apr 2026 23:52:51 GMT\r\netag: \"69eab0d3-211a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=waqfnwO1BLh%2FvIyMAx%2BMI50cNjUGlXkoHxXSOxqn%2B5mA1DiWRJPItXnstFL0N8tO5PauW3QTQeeVuWO3OFnHqqBcuzop1vvioVBOv%2FBGdDyLCJZtg2udXdqpFnnD8vE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9f3667908eac56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8474,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3","md5":"b8e561491ea6966a1ae7df0b1b157628","sha1":"f7a7cde55ba156c3959f4059c86f4e9a2300c8af","sha256":"2475f483a61c5a478eddb53c341a8e6ace9877a64a5a696839f06259d49b8d5f","sha512":"f5ae9be72eedb192910eb04f856d0ec6889c0055f7ff753db169342128f0c45724abfe7293ec797ed5653d85cf766ed6b36f2fd9d0158818ad9ebd81ddddecb3","ssdeep":"192:sQ+SE6kCyNSdBqyABo+W/nFzOhpcbzzVdpo+IILmo2Q1:sxDCQCpy4McXzVIZo2Q1","tlshash":"92027d09577763d0e41d1bfa4bc30b70970bae55a89b9ba392c4819e6f6e0e01874366","first_seen":"2026-04-28T13:27:52.485378Z","last_seen":"2026-04-28T13:32:21.436041Z","times_seen":2,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-28","alert":"Sinkholed","trigger":"tradefun.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tradefun.lol/","date":"2026-04-28T13:27:28.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:54 GMT","end":"Mon, 22 Jun 2026 08:36:53 GMT"},"fingerprint":{"sha1":"89:20:2A:2D:A3:02:EE:53:E4:CE:46:31:49:99:9A:9E:B0:E7:B5:19","sha256":"23:47:72:09:4E:47:52:14:EB:06:36:94:9D:9F:8D:66:FD:E8:20:45:1A:16:A2:2A:C5:F5:B8:7C:2A:41:2B:61"}}},"request":{"raw":"GET /s/syne/v24/8vIH7w4qzmVxm2BL9A.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://tradefun.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 34608\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 24 Apr 2026 18:23:07 GMT\r\nexpires: Sat, 24 Apr 2027 18:23:07 GMT\r\ncache-control: public, max-age=31536000\r\nage: 327861\r\nlast-modified: Tue, 16 Sep 2025 13:27:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34608, version 1.0","md5":"559e8363d74f653c3f4f0a70caed2053","sha1":"0f50393efc7790d897e00024335d2c3398c13916","sha256":"68b623f0e45b905041b2edb9b2e4f563a505f13db1cd06b5f1946eb2e1f47048","sha512":"52fa63b0757b446e366b062b11b38fd9e81c5f752541b265d358d0e8a789eeb36bc322deb3e2719717401d91f9c3fa1f5cfb80a26ad9ae7451b068a88f3d5d3a","ssdeep":"768:VCLAKNFxbb9iPf3U0gTLKtAE54FB+6sfkxEpIX5yNz0zRjcUfgg:VCcgeHmTmL54F16a2aVpfB","tlshash":"d3f2f19ad9096d0dd938077603a230e6ec95197b3150f19e313a34231e7fae0a7dd6bc","first_seen":"2025-06-03T14:30:46.285622Z","last_seen":"2026-04-28T16:54:24.204397Z","times_seen":2520,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":80,"dns":2,"connect":16,"send":0,"wait":26,"receive":8,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tradefun.lol/secureproxy?s=%2Fjmpd%2F","fqdn":"tradefun.lol","domain":"tradefun.lol","tld":"lol"},"ip":{"addr":"104.21.38.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://tradefun.lol/","date":"2026-04-28T13:27:30.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tradefun.lol","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 22:45:51 GMT","end":"Wed, 22 Jul 2026 22:45:50 GMT"},"fingerprint":{"sha1":"31:E1:0B:2F:00:DF:C7:71:5E:BD:53:BE:42:27:AE:E4:88:AD:3C:AC","sha256":"71:0C:31:70:5D:78:E3:DB:B3:B9:98:01:84:39:70:80:62:A5:44:CA:2F:5E:F0:F6:72:0D:0A:45:2B:87:62:06"}}},"request":{"raw":"POST /secureproxy?s=%2Fjmpd%2F HTTP/1.1\r\nHost: tradefun.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tradefun.lol/\r\ncontent-type: application/json\r\nContent-Length: 1411\r\nOrigin: https://tradefun.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1411,"data":"{\"route\":\"n9POyFeFG1tUtiSU-z9JOx3n\",\"payload\":\"0hqM-6_N52QBywL6AhEAEwANA6wCLwC6Ah0AAAECKgMAAO8nhn2XtsKCATiO0MW1NU9MkFrt7GMCAAD403U3l6dXUG8Cv7n9GrEjTeZqadhuD0HmIQjImHdd5SJ86FXzWP7W6jpMum8ddD0XvNVWDkMu8KI6-kGiSlLN23iykr1dLMvoONrb-roAFttMEtgR9Ks1Z3G_72bXH6ihxjZp_hL0ksF11WhFCDGRE_ybLkOQbHDMp_kvvBEtwkpccJAC1q-JTYtVBFfmi_ZgPGNDcASXQLNj55RbEkBsbuyRnF1d4zI3skhJZxvl-mmLIqfROV3BXM_7tFVs7WFOwVgaxz92zrQzmmaNmTuvUs2rNNNrK1A0BZ077eX5D-ugwapenow91u7yF9qgNOpmXOq60ZeeQIcw3PA9nZ_-a8bCvXZ5gD3mUj8ZPC3yN_c1PeMSF4DMBdU0rX3M_ZLw7wtTZD6eFC7SlyqC_dCxc15_Db484PtqjcBoazrfox0yajurN9Z9HvQwtE-8ui05pWQps4xOiYJYMob2U5q8s3sTLyyXUCpVE6FqL4FptNZ2zV5-it07E43wTwCqLPwKbGYoAqRbLd6ycDieVR1gs4zm76kyX0UITuz5zPesBb1UIOA0Uc-bLSlKeR-tn1SZl6x9D__Ku1ehvswmFpPiMHUuH3aqAPCPSa8h7bz-kGaOqn_VFuXxBxZ4r8LOIP6WN9BW2WjmS6XP9SLSaaRwyxUAADEgQP8mj2jMUHKgOSkoNDMCNc70jDL9ZYB3XsLikAvK5RH5qE1RvzKuaK_mCS3zWdKXZEGresPAqs9vLYx2XGdY-egTNypCdviXfpyEFzaN4kdxmkuJ2_Gt53eC5y836Iw5Pmipsl_BhbZYxZU-lqvnBZ9_dXC1EmSMRGMGPAOktmyPfv1bf5o8WDTd_dTYJ86kkhAKBZa2zyE1QxsHLKffNNf6i3OHCW3IYlhMoU35PeNPuARgV1kRPr7rYL1_2euEaAezxtJ8Y0y_51yYi9_YXkJVsjYs90sQOWNQd2JHEjh_PrT4ACVNamEsPrejCxW2NUpv-YmcLUYhe3iAbnqh2vhPv1TWi6Vm4eB9MrCXbdOkR3wX3geivEcCnnTX-CeMpmfWpAZUVV2T91y-5EU3ZqODDDPlKJBX01DPuqFO_Vq60sHnNZCr5Jb_7RA\",\"challenge\":\"eyJpZCI6Il9Nek5NS1ZTa3NnSVU1bnpFSFVCUlEiLCJub25jZSI6MzUwLCJoYXNoIjoiMDBhYjE3ZWY3YWQ4Njg1YTAwYjZlMGIxZWJlYjg1NTMyZjM5N2Q2MDAyODk2MzY0YTNjYjJiY2RlNWU4MWFkNiJ9\"}"}},"response":{"raw":"HTTP/3 204 No Content\r\nserver: cloudflare\r\ndate: Tue, 28 Apr 2026 13:27:30 GMT\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: no-cache\r\netag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nx-ratelimit-limit: 20\r\nx-ratelimit-remaining: 19\r\nx-ratelimit-reset: 1777382910194\r\ncdn-proxyver: 1.51\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 204\r\ncdn-cachedat: 04/28/2026 13:27:30\r\ncdn-edgestorageid: 879\r\ncdn-requestid: 980f70e91219fd67e7a6c7810a4e7e5c\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B9C9kcEvDbr6Xj4KB6XhqF4%2Bgth6iWT6CJqrSq7GVoJSJGrw93QyuVHaDoVJjJ7t7P%2BZ8gAdAqG6rJC2ERcGnDGp0FHh5ItUeiv66oKWqNJDho%2F85Z651kE40EIEqj8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9f36679c8f8756b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T17:24:07.120456Z","times_seen":14335314,"resource_available":true,"data":null}},"time_used":736,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":736,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-28","alert":"Sinkholed","trigger":"tradefun.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}