{"report_id":"420fa36c-057f-42c8-b476-e6ac61e1d162","version":0,"status":"done","tags":[],"date":"2026-07-12T18:16:15Z","url":{"schema":"https","addr":"donewex.com/","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"donewex.com/register","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"title":"Donewex - Crypto Games | Crypto Gambling","dom":{"size":19603,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (6518)","md5":"81fe2aa06a17f42022a4dc0a6e88717a","sha1":"362739bf1ceb6c98a3f2c1375017d51661959098","sha256":"e80475aaa203c92e5ac361835431695fea9c7f8d8d5959d6ce38bfe60048670b","sha512":"085f34f1f7d168e662b45076861665546f04420ec7a004772d2ecc336ecfe5068bfdb4c778928bf139a55f927944b23596a5a7ba2629c0ab4b95928982077914","ssdeep":"192:W08t/Zmt2nXcKes1m1+lUcfxPe3jN9kw/Pm+PmyXqat4K5VyioM9I6MuZAovgHnv:W9kqx6cfs3jXkw/P9PDDdbMCIv","tlshash":"73929532614c6c9f7b33825abba6b218939f535f49358630f99d067d8fc2f548033a96","dom_hash":"domhash46a51e430ac77c509f600a1474079f99","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"donewex.com/","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-16T18:16:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"donewex.com","ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-07-04","domain_rank":0,"first_seen":"2026-07-10T09:32:32.057782Z","last_seen":"2026-07-10T09:32:32.057782Z","alert_count":32,"request_count":32,"received_data":9113902,"sent_data":14366,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"challenges.cloudflare.com","ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":11393,"first_seen":"2021-10-20T05:02:03Z","last_seen":"2026-07-05T23:33:46.327486Z","alert_count":0,"request_count":2,"received_data":334027,"sent_data":1093,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"get.geojs.io","ip":{"addr":"104.26.0.100","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-02-18","domain_rank":99948,"first_seen":"2017-03-30T18:44:25Z","last_seen":"2026-07-10T22:56:50.77206Z","alert_count":0,"request_count":1,"received_data":985,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"donewex.com/register","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-07-13T07:14:38.058687Z","times_seen":719500,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-07-13T07:05:11.682624Z","times_seen":232869,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-07-13T07:14:38.058687Z","times_seen":719500,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"15221d51bd292126fd260c66336db19c","sha1":"d0ca22a3b568b71997d266bf6fe48bdedd932807","sha256":"90acf284e78ceb1183e080909b7558617bd981480fd3000ae1b433d5eb28c459","sha512":"7477e39dc11f4c71e65ca6192e71a74cad6d93b8b4ba702fdac40ea0af2029b6b8f395aae2b20c0c39a8f31d1e1f32db92a9b41632e4e2da5624d7b0d9fddb8f","ssdeep":"1536:tM5A+jXSq5RDMDpydrdopXOe1H05V46MlsgV0Dixw5MB:tEuYR0ydrMXOe1U8lP0Dixw5MB","tlshash":"81732bc472aa7862139ac0f4913b6753b3257d3aa84c8850d467dc653b7cd869233fba","size":75049,"data":"","first_seen":"2026-07-09T15:43:08.802758Z","last_seen":"2026-07-13T00:17:01.035981Z","times_seen":6287,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/BdSiXnl-.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9dfa3645d86310a4cb0c004f919836d2","sha1":"5189963399179e36910c62f9697770bd484238aa","sha256":"0fe8d6f93df923ec809708a2b256d308f033a42a2c59222059d2fad5b525212f","sha512":"c47aa586e9e5c07525a9477ab0142803ecd0a15d9901cba0708016be5065bed127425282d50d741f6061ab7b72498c63e675d8c1a3b448fe65aff45a859d9fad","ssdeep":"384:ecqOfbAdtyvsX+FjDg3ilnWGJ9Exlw8RKhf9x1Oz7lSMtDvCIqhD2vc7lo2h/ihC:ecqOfsKr91OHl7vCIqNSc7Zh/i2BzvF","tlshash":"d6f2d9b6b241b0144fab13a280b71165f3ba5dee241d403672a8ec9e34f5d4c627ffa5","size":37245,"data":"","first_seen":"2026-07-08T05:34:52.850283Z","last_seen":"2026-07-12T22:04:21.09057Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"db51f547e865ac830a6beb695df47422","sha1":"b9f385abc057668d1f5ccde31a2d35c756c7817e","sha256":"755a36cd76e3332c5d2441ef914f9c1c8c59382241d3ec5a1d82378523b054a8","sha512":"7d3890025d4d1b497bfd795cbef67d466e5be796294732a902d4e34fd139a1351b36c125131afb9a7de36bcf27423b451938bb63ddba677ae77274bfb76481b5","ssdeep":"","tlshash":"3251132b1a4f7c583676e12b4739f108625700ab5d2697127b8c5b6fafe171c8020fee","size":3015,"data":"","first_seen":"2026-06-18T23:16:26.676552Z","last_seen":"2026-07-12T22:04:21.101278Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d7b2a76fa75b085dec33ad8b157107a9","sha1":"7da90ab346f2b256aad90f8a89826e66ba381877","sha256":"dac241a2ccf88791a28dbecd974632bcef5eae74b551659817fab0ccfa54f24f","sha512":"3f48562defefbd91003526680a258d0320676a12ae2168b210f1781323ba134dcb19072cb3c50cae873f65452daed7190067d2bd8ba677ebb80bf38810616eff","ssdeep":"","tlshash":"1911009d8a3322a02b26314a1bffb254b478007b4444e40e758cea4cafd4e20c1d7ea9","size":1016,"data":"","first_seen":"2026-06-18T23:16:26.677855Z","last_seen":"2026-07-12T22:04:21.101856Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/2MDc7oUd.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d8c7829b8bc9ac485217d195fcd99e7","sha1":"7a8c475e5107f9aacff483075cfe97560271a459","sha256":"1a9c4cacbca46bc20bed87799ef797b90256cb041a061a5ac6d1c6812b627e6e","sha512":"3902c95d3e20bece01a73fa25d0a797b55750bf59769b08750bc1049dc17526606d957824c752e299e3d05199fafcc81325d58a6042f6d189b4b9ff51bbbffd5","ssdeep":"","tlshash":"41810008b1edafbd756a44877a2f480cf12b3964de392853bdbda46109510d0af27fc9","size":3929,"data":"","first_seen":"2026-07-10T09:32:37.432769Z","last_seen":"2026-07-12T22:04:21.082993Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/register","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-07-13T07:05:11.682624Z","times_seen":232869,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/Dv62VFuI.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f6fbd13c7b677d45c098edc9291fde1a","sha1":"696a113287004ab2a7b73ae0f24a0bdd07c1c44e","sha256":"780cc91916a954c025a8b5ef1110140d57ec4d8e1720105aff400f1d51863814","sha512":"fef510fec8b50ef49df0f3e5946d4221bf2f9449ae513ce1ed5d0cf0c53b916989a5fb7eb734088f094c7d9f2aab3839536be85923419d02b7c33a16cf5a44c2","ssdeep":"1536:JA0floTi2S7kVNTWmttvs+7Y4xGGyZ69fjw/BXoiD8I5oV48smHMvZRCUKLfq5N6:9vqLMym5NvsHPWW","tlshash":"c843090af299b26a47f334d2393f450de23e0ec0799e8091b97994861df150a977bf2d","size":58916,"data":"","first_seen":"2026-07-10T09:32:37.428428Z","last_seen":"2026-07-12T22:04:21.096302Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/o9vGyEoy.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c8b6236c40d941967f1d9ef2923f5b8","sha1":"f6bf4e8361a441e1c34a0f492979cac95c964fbb","sha256":"d5d3e0680f3f3de279bf3c7a57f716ab5ea45e1f30d7ffdc7fe1fc3012b3be2b","sha512":"0d74bfd98c90fab5dc785eb2b223ebbbfeb8e472c35b7739c66195bf657e1cfe0b07681ec1905d81a8a34b0378dc435860bcd7ed16f6c024ea6a94813824368f","ssdeep":"3072:3r/tGcffshpFx58FMKxE5jZRccKn9ncsCYI+CxGhs4P6yfnDfvTF6mcELBMxdB6E:3WfpjTKnVqmsnRgFl+YrNk","tlshash":"44645d18e1857ebde57312c2346f920db23d0f84e94a84a5e9bcdc2815a9584f327bed","size":309477,"data":"","first_seen":"2026-07-10T09:32:37.39721Z","last_seen":"2026-07-12T22:04:21.085554Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/CAVOPnXO.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e9635563c4bce67f63540fcef7e6925","sha1":"c036ce9804d1f94b0b6154f1a6e288809e66913e","sha256":"48f6f8dbb912f7f2b5093252e8072cafd6776bf5580355c9a9ca06e1023ee5fe","sha512":"e4b23ce5ea341c46f04dad397515de97db57499c4f722db7b63a9b385ca164324324f5a41f28964da658432871f7dca2a6568ee47a679bafd6f1ee574655322a","ssdeep":"","tlshash":"a7014c572a64a6b61297d1c6c4395585d204743d9874b0d49ba88de695c004624a5f37","size":695,"data":"","first_seen":"2026-05-11T18:13:57.943497Z","last_seen":"2026-07-12T22:04:21.094701Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/static/js/analytics-tracker.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ce5a213e70c1ce00dc0e57c1701ce22","sha1":"5cdc7310a2092464d280068b7ced49bd8e2beb3a","sha256":"4ce69e6485c3ed37d5ec98744ccd17f0552bae2a8befc39fefd11d93620ef59c","sha512":"167c03db64550836cae3564d5b039c4e8a3d17b1100acea2091e48b1515d312fa24c134531d8dfee4f860204b6ff8b456752e991e4d0d39ba0c49e64b23d995c","ssdeep":"192:youZKubFPI1ACY7zrrHBCb3WCqfqfIZ3xbDf++m:EZKuFbCSHrHnf6","tlshash":"92f1e2b9a9eb30b471a3f03ca7af600571767183341dca01ba9db5002fde5198675ef9","size":8056,"data":"","first_seen":"2026-06-18T23:16:26.64408Z","last_seen":"2026-07-12T22:04:21.072333Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/analytics/tracker.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ce5a213e70c1ce00dc0e57c1701ce22","sha1":"5cdc7310a2092464d280068b7ced49bd8e2beb3a","sha256":"4ce69e6485c3ed37d5ec98744ccd17f0552bae2a8befc39fefd11d93620ef59c","sha512":"167c03db64550836cae3564d5b039c4e8a3d17b1100acea2091e48b1515d312fa24c134531d8dfee4f860204b6ff8b456752e991e4d0d39ba0c49e64b23d995c","ssdeep":"192:youZKubFPI1ACY7zrrHBCb3WCqfqfIZ3xbDf++m:EZKuFbCSHrHnf6","tlshash":"92f1e2b9a9eb30b471a3f03ca7af600571767183341dca01ba9db5002fde5198675ef9","size":8056,"data":"","first_seen":"2026-06-18T23:16:26.64408Z","last_seen":"2026-07-12T22:04:21.072333Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/BV1_Eelu.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"27746c4500d3517b3f7fcb9447d7506b","sha1":"cf606d8c76faf2ee04c8fc1e1574d72a785c7fef","sha256":"ae9a2c4c8b2325da05bfc884d1a130ca8e6e716c193e24ac8d9924929ea63a6c","sha512":"ff71739756fccf38504aa3e73c42690f60570cfc082e664b17125b9b540a4f0b0983a9e707f4b8b0b10ae3198362b5edf2ddac5e6a973df2d6e1593699cb87e8","ssdeep":"192:jGtQKVrQNVpRucdtTtuTVMjYWUIGv2vlUi8041AboMMNKi5vIP0c2HE8MpnoJ0RT:jGtQKaFtkTVMjPUovMKROQmqVv0Vvw6C","tlshash":"b932fa79672c52fcb753c5acab3b9072972ec5b8727ed2b04c6fca7150a3580d1ab450","size":11752,"data":"","first_seen":"2026-07-08T05:34:52.830797Z","last_seen":"2026-07-12T22:04:21.076587Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/f/av0/rch/du9ib/0x4AAAAAADwDym_575T1Fzzs/dark/fbE/new/normal?lang=auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-07-13T07:16:56.918257Z","times_seen":772989,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/f/av0/rch/du9ib/0x4AAAAAADwDym_575T1Fzzs/dark/fbE/new/normal?lang=auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6041cf2309b673dbd41a5d67ec51f1ec","sha1":"f5495272b84c02e1ae6ed8ebd38d74f594ce9de5","sha256":"3eac24bbf007ca040f02a9fc4a4c0c947a68e649023d917e1727eecbe6d8be3a","sha512":"9791d03c4bc7db69f2c3b5d904c731316b3f78b5d361540b1afc391c03e9738afeb0f5b5aeeb923ef89eebc777b5c242174edd1e56893201e7f801d4b297953d","ssdeep":"6144:fbzqoHZw+ukJv7c9ufOMJNevHDedIV1JFoDfCyNloiLQfiRvNMH:X7Cu2MoM41JFoDzLogNQ","tlshash":"4034f9cc79c3b94ab21975b90437318af73e5c6c808cd90db551a4e5b8b476c4a2fee8","size":238830,"data":"","first_seen":"2026-07-12T18:16:19.797412Z","last_seen":"2026-07-12T18:16:19.797412Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/CbzW0EQV.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1823427a599b4012fc6a9c56cc04b828","sha1":"ebb5294b68c2a33bd9c834d4536fd32784e2a8c0","sha256":"a953e98dc8946e30632f16be48f61483534fcec07aed608a8dad5fb340ae5b64","sha512":"b37163eadd7dfaf9a62ef6e08e11b4e2b3c0ac3b9dda142094a1737008da5387d47ad975a769072f2b8a26d2d8119f6195d6a20b9dc752d4447fdec8f7bc709b","ssdeep":"1536:BtSr+tsQtS3t/tWcwGRpo72uwRBma6pOCtBT1s0:BtSr+tsQtS3t/t5xRpo72Dma6BtBT1s0","tlshash":"49830100e099bfedf97618d5546e900c722f2b84d70e48a5bab87c35269e0c17b57fca","size":81788,"data":"","first_seen":"2026-07-10T09:32:37.408065Z","last_seen":"2026-07-12T22:04:21.082387Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/CuJfd-yq.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a80d79b06e4482665a657ac1de4ddb49","sha1":"9f8886cfb9c79f5aae61043b7158d07107709cd1","sha256":"a00eefb2f5fb518fbaaaa9ca4df046906ebb0c6ae4bfd800dd0f9b561d1d2e65","sha512":"a680dd9f3b38c03d0548709b18835fafeb238396e5cbb49458f34a4d271b5bf674df200600795d4c5ea5e292637ef16d013f4a8ae192ec093f110668b6ca417f","ssdeep":"768:O2LSL89rC3QaR0XfLF9+Oh8LXoPRnPh1CFuMdDJSRo4fVY:O2LSLXJILwL4/8n","tlshash":"ded22300e558bffdf53209c945af800cb12f0b85da0e45a4fa787d292a664c57a1bbdf","size":30107,"data":"","first_seen":"2026-07-10T09:32:37.409284Z","last_seen":"2026-07-12T22:04:21.079919Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/DCKxLHEB.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6dfca59875be46db21197758a34cece6","sha1":"2559f01e9a30f06d485c6d24694ad1d17c9c8624","sha256":"612b4d1a71544a5e50bc973f2fd7d47bc76e5a2360374312d81b83eb14fa8896","sha512":"2e4652990475ba9e51f1a13714f065beca8514c03b22f6d24f448bbbcf5f99098b385f7125470102b26783ead9102e3728018d9d7a7d96edf24b40d8b4aad31f","ssdeep":"768:T2hqMS9m5P2S+riimzJomTDQILSsKGG/vVZsiCtyF+hR:T28Cpo7hseV+y4b","tlshash":"6bc2a4da7393f22b0ee28891c07e4112f134691574174068b6ac5ee6bda59cfb4bef30","size":26830,"data":"","first_seen":"2026-07-08T05:34:52.849045Z","last_seen":"2026-07-12T22:04:21.075452Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/hm6tICSa.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ae7741c4efe78adac26276d4b961e897","sha1":"f5bd78fe7e4ddb4c6b169123b574e53771a277a8","sha256":"9b6a99eac7d29d4e25a8f3d025277b3f8c192c802652b9258558a08efc612b18","sha512":"f8890902f9b23bde79c2c0003a00513071e8d064bd0058710be28cc12ec9af78a4c137366a3504d42c71785a55ac5eac5e64daac893834334681195560c1a3c0","ssdeep":"3072:hpBNVrGm8/xpUP3YiMAFLxMJtIQeEY1Ld5i5sK2EdcNv4ype+Jq:hpBPiTUPBlLceEYNd5wsK2Er","tlshash":"95141aec3955f5126ab312b7009f1807733c252b280d49a0b651fddeb4b845eb17bfaa","size":209246,"data":"","first_seen":"2026-07-08T05:34:52.847808Z","last_seen":"2026-07-12T22:04:21.08606Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"donewex.com/logo-192.png","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.955Z","timestamp":1783880143955,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /logo-192.png HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: image/png\r\ndate: Sun, 12 Jul 2026 18:15:44 GMT\r\netag: 236adbb85e3471fa4263b8902d3e3c31\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rcr7lKxF1EAnJfHscFzTNSYiso93RS1drEVHcrCfdfmDjk5%2Fet0tnqIpOLFUPYpwiXlyqcCXlLXvdmqQxzvfQpL%2Fc4POfPy%2B9WONSL93%2BpU7mkNS6QGhYl10i38Y6g%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: a1a208f3bf02b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4865,"size_decoded":6713,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"1d0ed51bab0312a96a347490b839f95e","sha1":"94f210d33b4d6319b338875abbb160a237e030b3","sha256":"c06a428f61e2e5e3f3db2a944484b2fb6c2ab651dc610276892750a2adda9085","sha512":"3a2cab48e2b64b6b1135b167fd8d9d9f297466ddc234085a1c9385e2b0379f1abaa54dcdc8ede1c80f96302c420351211bea4169b2944ed722d13142af0309df","ssdeep":"96:WSGhmIcw9ytnV8OKGjlN8AbjwCDNgFWc4T+5V6u8NCAhcqftwkpkr:WSmmIfmV8OKilNzrvTMVp88+cytwuE","tlshash":"4ea18eaddf43950820bf2ee5c18c48d5245f67afbc6c5004cd64f62e9466c4c6f6b64d","first_seen":"2026-06-18T23:16:26.666586Z","last_seen":"2026-07-12T22:04:21.078387Z","times_seen":10,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/CAVOPnXO.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.117Z","timestamp":1783880143117,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /assets/js/CAVOPnXO.js HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 5549bd4fa692d552e1e14db28efd11a3\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bN%2BUTFl%2BFeIIU9tiYxi2SHdX23uiAB0IRwLuKK8MCkScMv5yVReX1OjmKgySjts3Q1VPJg5oZaZWFXYNfa5M45Vxmi2VfUaP%2BDFK2wcFciu1W0H%2BO6flBUSQ%2FTBlIw%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a208ee7e97b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":695,"size_decoded":2318,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (695), with no line terminators","md5":"9e9635563c4bce67f63540fcef7e6925","sha1":"c036ce9804d1f94b0b6154f1a6e288809e66913e","sha256":"48f6f8dbb912f7f2b5093252e8072cafd6776bf5580355c9a9ca06e1023ee5fe","sha512":"e4b23ce5ea341c46f04dad397515de97db57499c4f722db7b63a9b385ca164324324f5a41f28964da658432871f7dca2a6568ee47a679bafd6f1ee574655322a","ssdeep":"","tlshash":"a7014c572a64a6b61297d1c6c4395585d204743d9874b0d49ba88de695c004624a5f37","first_seen":"2026-05-11T18:13:57.943497Z","last_seen":"2026-07-12T22:04:21.094701Z","times_seen":15,"resource_available":true,"data":null}},"time_used":187,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/BV1_Eelu.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.126Z","timestamp":1783880143126,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /assets/js/BV1_Eelu.js HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 31661f1fca7d9a03cc2cf41fc0d313be\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T57xkpkVhwy5g%2FfzrNoXXuD7xRbpQN%2FTtLJPhx6uLTH1JsKQTDw%2B%2B3xb2sfvc5Tl%2BgYXqC2nAVZXNR7PDucSlyXtaHei7%2B1sXny%2FfDQ5vhBLjyV562LlNEtwybqodQ%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a208ee8e9cb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11752,"size_decoded":6736,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11752), with no line terminators","md5":"27746c4500d3517b3f7fcb9447d7506b","sha1":"cf606d8c76faf2ee04c8fc1e1574d72a785c7fef","sha256":"ae9a2c4c8b2325da05bfc884d1a130ca8e6e716c193e24ac8d9924929ea63a6c","sha512":"ff71739756fccf38504aa3e73c42690f60570cfc082e664b17125b9b540a4f0b0983a9e707f4b8b0b10ae3198362b5edf2ddac5e6a973df2d6e1593699cb87e8","ssdeep":"192:jGtQKVrQNVpRucdtTtuTVMjYWUIGv2vlUi8041AboMMNKi5vIP0c2HE8MpnoJ0RT:jGtQKaFtkTVMjPUovMKROQmqVv0Vvw6C","tlshash":"b932fa79672c52fcb753c5acab3b9072972ec5b8727ed2b04c6fca7150a3580d1ab450","first_seen":"2026-07-08T05:34:52.830797Z","last_seen":"2026-07-12T22:04:21.076587Z","times_seen":9,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/css/index-RWuAfwbU.css","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.129Z","timestamp":1783880143129,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /assets/css/index-RWuAfwbU.css HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: text/css; charset=utf-8\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 61b5e354831154195aca088d062c13de\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4Gu7sI5AEL2Pua22SBiHTVCCs%2FqEooj92mnrCgyI93sUEBS3tUSDFKwX4ts2MGw6E7sr558TwBoNwGQQ5eRm%2BaLLvv%2FSrajaa2SnlNMaVsXW7R%2BgusljZvevmw3ntQ%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a1a208ee9e9fb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":281440,"size_decoded":45814,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"d96c03a6ee0073fdc1cf9a549287bac1","sha1":"7239b1e7f6714d5cce6b69cc2b2bd6feb4b7bca5","sha256":"2597a9bd525c2fc96a04ae6713137cbcd44f99bd7e947a4a72a24027a80ef245","sha512":"c00eeb2d5f99df836b3344a546dd4d16877dfb5aa4c30869a3d67c205fcb2f188f873646aa255c1fc13d71a80977ec45b4adf931ebad59526d38e5bcb60763b4","ssdeep":"1536:n5FWyRtop5nt2Hur28FB4FAxzx7ucpvrjXJKXjiwFiCn6dJQ1IIUSH+n5QFJZfZP:ZRt8nt2Orlnx7t2n1ym+7w9KujXd","tlshash":"8f5467227758252cb03bd8a1b4d16bde7028c207f67757ede564b239c5cb1a32b3668c","first_seen":"2026-07-10T09:32:37.433667Z","last_seen":"2026-07-12T22:04:21.091544Z","times_seen":6,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/analytics/track/batch","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.431Z","timestamp":1783880143431,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 233\r\nOrigin: https://donewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":233,"data":"{\"events\":[{\"session_id\":\"a542181bbc814cd9a377175517570eeb\",\"event_type\":\"page_view\",\"page_path\":\"/\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://donewex.com\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EDHGPcUcSAr4DNtCe3PvdQcN3TcnTR1ybXiiALaVZwl1u0NEDniJpbrbNEYEsaqHEbjQuyH0GlpFu8fDExb%2FOydbWJC3Cnkjr5oTjafuPV0pljxJF8s6%2B2WS6i7IUw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a208f07ec0b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36,"size_decoded":1600,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/crown.svg","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.541Z","timestamp":1783880143541,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /crown.svg HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 7d424c2bf7d3dcb67dad044509f139b9\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DkiFjH36KDt6e%2Bmzefjb6JueZiNdlTXFiuJuV8ZVj4N3tbJac5yWRXWxwQ70XsqvPbKXP5gpdRh6fh5D60WIwJQkfGBIK0Sq4bWHkayxqqTRQjID%2Fj%2FDm8EgHLY6JQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a1a208f12ed8b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1402,"size_decoded":2544,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"317a46913b7fe8533a1ec209b528f064","sha1":"1f17e8dbf89a950cc155e7f272b99c5d29fd1ca1","sha256":"b0066d6adadde89c423a24bc759b41b9e180448a38849d7693319a14b6fbe842","sha512":"4470b54cf2a78a79505f8f7d129d242ab5bc687c61d3f8cf33b55f349d432a6dde13476a592d47a79237ec3563acfe8d87388d9a4450aea90051175ac904c38a","ssdeep":"","tlshash":"e82174f9e5b0a5f8b04aeb74ec27b0f570ea18f67ba287d54652a1a0e5540cd408ccc4","first_seen":"2026-06-18T23:16:26.653228Z","last_seen":"2026-07-12T22:04:21.088115Z","times_seen":7,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/analytics/track/batch","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.558Z","timestamp":1783880143558,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 488\r\nOrigin: https://donewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":488,"data":"{\"events\":[{\"session_id\":\"a542181bbc814cd9a377175517570eeb\",\"event_type\":\"page_leave\",\"page_path\":\"/\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":{\"from\":\"/\",\"duration\":0.067},\"duration\":null,\"user_id\":null},{\"session_id\":\"a542181bbc814cd9a377175517570eeb\",\"event_type\":\"page_view\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://donewex.com\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c%2B3IhYVBQuHqyxDORCp2lU3IxJciytLdgTwxSrOOh1oTITw8QDFPrbBc346II91IHgXdyKewmwE4NV0L4nqdUvVEWqHbDfOXE3jz7QauLn9EWnTYVielhVVX5aE7UA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a208f13ee4b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36,"size_decoded":1598,"mime_type":"application/json","magic":"JSON text data","md5":"0b96c87d30e629858da7eda1beb6a0fa","sha1":"add35c030eca5578689e3d7d24089d80c3ed009c","sha256":"586047020bbe0f54a5198bdc6c4dbdda7d1b6d0e906d95acd0b5dad855273a24","sha512":"dd90ec4d743f260894661bb09800d6d03c4bb0841c757c698d646f29f624afbb328fd1bd2cc053ccd009d32ede1b02ba1fee04476851dd5d30bfc75be743753c","ssdeep":"","tlshash":"68800020e00a00bcb8802200b000faaa2a2e00330a0eabc8a0b82a0803a802e03b3803","first_seen":"2026-06-18T23:16:26.654836Z","last_seen":"2026-07-12T22:04:21.093165Z","times_seen":8,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/fonts/FixelDisplay-Regular.woff2","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.111Z","timestamp":1783880143111,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /fonts/FixelDisplay-Regular.woff2 HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: font/woff2\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 52474a183d6aaef0446b131fa8f9b51f\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1%2FT0GcXIb7n5FNB%2BQdyeQrLKm4mgJecr9USkcePmUGLyODcIbR7uLUDbDVVbhF1vDLIkoSoTYsS6XiiO0qOnmmwBIEdlFs41VV5evx53AeTIp%2FfaxNlqflbAFLRd4Q%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a1a208ee7e92b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75488,"size_decoded":77355,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 75488, version 1.0","md5":"0030fa5586360a29f90764c5bff5147d","sha1":"4aebea2f8ca357f36d572208c7f0e5ab8763b63c","sha256":"ab549d93f0e99c1aea8164e7f3695b1c6b0cb0a0e6d22ea14ccde0b254f65080","sha512":"59f9fd937eabd4a0e190d617bff4b317aab17889668c7875c0da4dd06ebc79a8d849273eae72026cbbd5fb20fab925657f90dcb054b7d82c3825569139557be1","ssdeep":"1536:r+Nd68drDxSQx0H+mk+RaPEdmRDRerEhTdypFjm/LNF83:gnrjc+mkOa8dmR8roOFR","tlshash":"c67302534f30f7e0f1088ded462fad10f3d0bb129b1e66bae563e1518a7a526027468f","first_seen":"2025-11-20T08:06:51.201234Z","last_seen":"2026-07-12T22:04:21.083539Z","times_seen":20,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":137,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/static/js/analytics-tracker.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.312Z","timestamp":1783880143312,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /static/js/analytics-tracker.js HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; connect-src * data: blob: wss: ws:; font-src * data:; worker-src * blob:; frame-ancestors *;\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: ae9e082b311f7199c59a97cea164ffd1\r\nlast-modified: Tue, 26 May 2026 00:01:40 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=*, autoplay=*, payment=*\r\nreferrer-policy: unsafe-url\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y1il760iW%2BeG8pXzfQQgS6cdqBRyT7YZgZMbiqwdSf37l1wjZVGE2a7NTiQE2cj%2BxSdr0TN2zVq0H6P9cJZ7UTlA5j6XZz6JXhThUPGprfeU0yonm91Yq%2Fy6VWs83Q%3D%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1a208efbeb5b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8056,"size_decoded":3879,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6ce5a213e70c1ce00dc0e57c1701ce22","sha1":"5cdc7310a2092464d280068b7ced49bd8e2beb3a","sha256":"4ce69e6485c3ed37d5ec98744ccd17f0552bae2a8befc39fefd11d93620ef59c","sha512":"167c03db64550836cae3564d5b039c4e8a3d17b1100acea2091e48b1515d312fa24c134531d8dfee4f860204b6ff8b456752e991e4d0d39ba0c49e64b23d995c","ssdeep":"192:youZKubFPI1ACY7zrrHBCb3WCqfqfIZ3xbDf++m:EZKuFbCSHrHnf6","tlshash":"92f1e2b9a9eb30b471a3f03ca7af600571767183341dca01ba9db5002fde5198675ef9","first_seen":"2026-06-18T23:16:26.64408Z","last_seen":"2026-07-12T22:04:21.072333Z","times_seen":11,"resource_available":true,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/giftbo.svg","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.518Z","timestamp":1783880143518,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /giftbo.svg HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 46e451e4cbf5c0a37480c26f9f507698\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wqzQnb8eFRqh7%2BoGobaQ53srvDUZRp9dr9FlDmUW%2FIJmMtQS3%2F4kmTc12io44lk3qp9nUSL3snvvfXQ93hDzBOU0pktOVHsBQfgldyVDiz85ctdlLbSbub91tZgV6Q%3D%3D\"}]}\r\nage: 0\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a208f0fed3b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6071177,"size_decoded":4522533,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ab26a0700a6c68413b0c6a566a4c94f4","sha1":"3fdbce01e7df3818335ff33555b38320d6329421","sha256":"6963b2010908d6d5904fb279faf9bcd796aad16f79d5296e9c99e5f23b14fed4","sha512":"56557ad892343c939c5db3393a55d69567a20c27f43e51f5fd45ae7607948c7c82e7a4022b134c9b28f61a5dec0378a390d72f5f6c948285c36e91b4eff00c43","ssdeep":"24576:hjzDvQLKgn6WEejhaOe7SWw889Bwccsp8q3j9y90Iyu0:9Y02JB8Gu0","tlshash":"c02523b89340cde0ff64cb5c30272b906e78259342ca91b25f1cb17be6d5714949bdea","first_seen":"2026-06-18T23:16:26.645392Z","last_seen":"2026-07-12T22:04:21.079313Z","times_seen":7,"resource_available":false,"data":null}},"time_used":601,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":149,"receive":452,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-12T18:15:42.703Z","timestamp":1783880142703,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Sun, 12 Jul 2026 18:15:42 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, must-revalidate, no-store, no-cache, must-revalidate, private\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=REzc3rMil1wgIrag9NNlD1JJKSlgk2nVyHwjYU%2B9u8EQkfS%2FiSEWwwVmQWNyjQbUS6EGjszj0b9c3nE9MRszEhMru13TrLIr8epvvrVbt8VzSD6uXc3rxhTaOeueoQ%3D%3D\"}]}\r\ncontent-encoding: zstd\r\ncf-ray: a1a208ec2a3f0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9381,"size_decoded":5502,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"b3f77e3f3cd8096ab7d02a2a6104f4e7","sha1":"fd1c74e38a85798f4be08eb77fb3071d6d9f61f8","sha256":"a9b0ee99289e39e066366dc9a8381e3633bb17b88878345a7b8cc8c92faef5ca","sha512":"b920422cb3dc330167d5facf0f1ce135075f2f85d2da0033c5fc7180554c4c7f9062e989ffee06932bf728f74424085466085ab3c6f8e7ead294b3ed70cb3551","ssdeep":"192:+gEcaGq2uhXcKes1m1+lUc7t4K5VyioM9I6MuZAovgHnkEMB:+7c+x6cldbMCIs","tlshash":"bf12e9275a9abc453770e22797f9f0086d5200af0d06d60576cd2b6e5fc1b688173fba","first_seen":"2026-07-10T09:32:37.392114Z","last_seen":"2026-07-12T22:04:21.08862Z","times_seen":6,"resource_available":true,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":25,"connect":1,"send":0,"wait":139,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/o9vGyEoy.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.116Z","timestamp":1783880143116,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /assets/js/o9vGyEoy.js HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: a7713a589245e7f0d7f77f19e981fe80\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IeXBkAbaF1E8CVIV7MC3AybQwPysxJeaeUg9EYP0K9obksXXZxKfIfcFXGlTu6ZQb%2BQOZk3esx54EjnvUzWE1d%2F%2Bx0FJ3BsA4WvRcEPdMXM3JaHfp9E4kC1uwXweqA%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1a208ee7e96b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":309477,"size_decoded":78898,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64576)","md5":"3c8b6236c40d941967f1d9ef2923f5b8","sha1":"f6bf4e8361a441e1c34a0f492979cac95c964fbb","sha256":"d5d3e0680f3f3de279bf3c7a57f716ab5ea45e1f30d7ffdc7fe1fc3012b3be2b","sha512":"0d74bfd98c90fab5dc785eb2b223ebbbfeb8e472c35b7739c66195bf657e1cfe0b07681ec1905d81a8a34b0378dc435860bcd7ed16f6c024ea6a94813824368f","ssdeep":"3072:3r/tGcffshpFx58FMKxE5jZRccKn9ncsCYI+CxGhs4P6yfnDfvTF6mcELBMxdB6E:3WfpjTKnVqmsnRgFl+YrNk","tlshash":"44645d18e1857ebde57312c2346f920db23d0f84e94a84a5e9bcdc2815a9584f327bed","first_seen":"2026-07-10T09:32:37.39721Z","last_seen":"2026-07-12T22:04:21.085554Z","times_seen":6,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":139,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/analytics/track/batch","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.429Z","timestamp":1783880143429,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 237\r\nOrigin: https://donewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":237,"data":"{\"events\":[{\"session_id\":\"a542181bbc814cd9a377175517570eeb\",\"event_type\":\"session_start\",\"page_path\":\"/\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://donewex.com\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PF%2BRY43%2FPQJ5MRbIOW4PBNHpi49tc%2FvTF8UZ1ZwKX1KriYo2GwmJIz0lhS3P1vWhgP9jkn%2BeOm5W60sck99h3m2ljPodz7A6IYTmvEP7mkl8A2qY%2F3CJhjs5jQ4lCQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a208f07ebfb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36,"size_decoded":1606,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/analytics/track/batch","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.491Z","timestamp":1783880143491,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 233\r\nOrigin: https://donewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":233,"data":"{\"events\":[{\"session_id\":\"a542181bbc814cd9a377175517570eeb\",\"event_type\":\"page_view\",\"page_path\":\"/\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://donewex.com\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qB%2BOrIdjckyl75P50esmnJI4aQCCgrGJK6Qi59w1IdPfy1P%2Bcbq7qm1BergXDPyVhXKHW79C29AIY9mb2POmaDWjNVvKa8Pw62Vh03dEEQBM04lEsdfYdPXynJXHgw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a208f0decfb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36,"size_decoded":1600,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/fonts/FixelDisplay-SemiBold.woff2","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.113Z","timestamp":1783880143113,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /fonts/FixelDisplay-SemiBold.woff2 HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: font/woff2\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 4a69780845f9b0fbd285c9e2a61e3767\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YpL0uvLlYyCgQ7luqbmax346g5kzBkR8tSfq49nGYt3N0U31Ahyeo3JpIdPw0ooxmH6tT1YNivEsYEyuyCDCkOtkyVgzJmyNOyNUbK4pFTyIrdxHgt442WWJvmBzFA%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a1a208ee7e93b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":83736,"size_decoded":85602,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 83736, version 1.0","md5":"0c998ae40d18a7d96809ced49502b7ce","sha1":"8f9ea2ac949b1f7e478ae5e8469f28bb6697ca92","sha256":"728c47503952eba499d80ebb87bfff862b37bc72668a6486bfd2b46d0d3ef791","sha512":"fe0f62be621dc524b91e12da49809a3c1f20d2baf16681b24203659f230dcff5746cf64cc2907d1caf01967ec0fc01ae21a9bd81bc876920ab1a23219a83bbb4","ssdeep":"1536:4UJVntdEgdrQ4l/Qy3l9Rh0y8DTesomJ5YYo70:1JVl4y3l9jkDasPJ5r60","tlshash":"ab8312df4adf17ddeb140bb08a5fe4c7f4a9fd9d2b36d810d5662321643289644382b8","first_seen":"2025-11-20T08:06:51.21343Z","last_seen":"2026-07-12T22:04:21.084502Z","times_seen":17,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":148,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/fonts/FixelDisplay-Bold.woff2","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.114Z","timestamp":1783880143114,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /fonts/FixelDisplay-Bold.woff2 HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: font/woff2\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 7069a393fba092f0973acbb5a281e0a5\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JUZd8FONu3ZnzcoTATN3U8XurZmhz2aEj4s0HAIUYqQMI3DON%2FoOFVA636nFzn%2BrOarmhAYu96u%2BVyedOjZwmbtbv38GBqEnMvAv%2Btd9yNhOotombSo%2B2iOvzk1wFw%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a1a208ee7e94b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":83968,"size_decoded":85844,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 83968, version 1.0","md5":"164db87bdc87f05f791bf8241ce3dc16","sha1":"be1d75951f3dc29059b1369a700b03501a080701","sha256":"bfad27f46a18f35f154121a256c7562c1e9acbd5c88c48035bd88133c9d752d4","sha512":"bea59b86fffd7a44653fc5912c3befd7e74b89f582723418420a12ac1e4456ee599ba0efe257d5d263012a50cf588b4f77941561f14d030cef19b643f87861cc","ssdeep":"1536:a9jqGPqZgSTETFWPb8/5PBDLG9W1iHjLwaPYka43AVi:ajxqZg8EhWDUJGEaxYi3AVi","tlshash":"0d830227fd03d7659ebc928d2a4b3996dd7e1d403148aee46c0decf814ec9a18c8b593","first_seen":"2025-11-20T08:06:51.222475Z","last_seen":"2026-07-12T22:04:21.08502Z","times_seen":19,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":145,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/Dv62VFuI.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.127Z","timestamp":1783880143127,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /assets/js/Dv62VFuI.js HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: c7be2df311e947e8f337206eb90760d6\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ptlH%2BJCURqO8J51swON1Fm9RQMCxmO3J4yvgOM6HJq4vNX0dQoH%2BaonBb2vY%2BvL%2FupQQTY5G3aVXim%2BuabBDNavnU5lLMa3TgqhtVYGczETGO7z1hGgT1erRKH60RA%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a208ee8e9eb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58916,"size_decoded":17911,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (58916), with no line terminators","md5":"f6fbd13c7b677d45c098edc9291fde1a","sha1":"696a113287004ab2a7b73ae0f24a0bdd07c1c44e","sha256":"780cc91916a954c025a8b5ef1110140d57ec4d8e1720105aff400f1d51863814","sha512":"fef510fec8b50ef49df0f3e5946d4221bf2f9449ae513ce1ed5d0cf0c53b916989a5fb7eb734088f094c7d9f2aab3839536be85923419d02b7c33a16cf5a44c2","ssdeep":"1536:JA0floTi2S7kVNTWmttvs+7Y4xGGyZ69fjw/BXoiD8I5oV48smHMvZRCUKLfq5N6:9vqLMym5NvsHPWW","tlshash":"c843090af299b26a47f334d2393f450de23e0ec0799e8091b97994861df150a977bf2d","first_seen":"2026-07-10T09:32:37.428428Z","last_seen":"2026-07-12T22:04:21.096302Z","times_seen":6,"resource_available":true,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":54,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/Logo.svg","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.494Z","timestamp":1783880143494,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /Logo.svg HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 93d5850b15110d588e7a8e68e1a3a288\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EHv6olE71ThzkhdZBiKDPy%2FAC8weXqwLCtIBq1EijdgDpYBfDMxKphNtntQWcWcF7nwOBzFkw1yyg7ywnFYqtvZnO0WTGNU6QStISR9pdKQzQpf01H%2Btl27x90jXHQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: a1a208f0ded0b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":227235,"size_decoded":165106,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b04c39a8706545d26e49faac0b8b58bb","sha1":"66f5beaeed341ef7f407b1689c27a802f3493ff5","sha256":"3cbc0cda353d3d249af15a292441337a0e73d9cf681aeaa5c6420c3ed610dad6","sha512":"6c32d65adda37cba5b66e1d274e1bdcc97066c226620bb735a9e30f1cd9f3ebfbfcef071216d4271cd1d5791d573ed409aee7b2f1a0b53c926b587f629f37092","ssdeep":"6144:6RDfz+RkgLf5imL1QxhF6c1EqG/v9OYGgTnSJhYwFQ:6RDr+RzLRt1Qxh8GQv9ONgTnEhy","tlshash":"d82402b712937d92b2058e89d0143b157d647cafa324658cfccce10ae1fea54cea8db1","first_seen":"2026-06-18T23:16:26.658065Z","last_seen":"2026-07-12T22:04:21.093728Z","times_seen":7,"resource_available":false,"data":null}},"time_used":340,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":142,"receive":198,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/analytics/track/batch","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.560Z","timestamp":1783880143560,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 241\r\nOrigin: https://donewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":241,"data":"{\"events\":[{\"session_id\":\"a542181bbc814cd9a377175517570eeb\",\"event_type\":\"page_view\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://donewex.com\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EI%2Bz%2Bkjq3m6VARfFHYg3iPT8g%2B42FjTCqtEWUYUZf7J%2FoTJw7y7fjzFbOJXre7nwAXAIjLHZVDQiVDofKpiCuSIXniJR%2BrwuT8vxhttLUTlRehuGwqqy4vqM3EGG%2Fw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a208f14ee5b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36,"size_decoded":1608,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/analytics/track/batch","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.561Z","timestamp":1783880143561,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 241\r\nOrigin: https://donewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":241,"data":"{\"events\":[{\"session_id\":\"a542181bbc814cd9a377175517570eeb\",\"event_type\":\"page_view\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://donewex.com\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0Bki8B3vpuh2Lu4w3TvLBhJBIFz%2BHI%2F7JbHRkWDYRXHy%2FkkBIoAnpSt8sGyx%2BWFrN7oUTRhicPR%2FGCvCKShyIK2pd7tnbWrZC4wr8Fai%2Bi%2BcH9kYHVbdE3%2F9dh7JEA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a208f14ee6b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36,"size_decoded":1612,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/73f5d73b1f13/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.954Z","timestamp":1783880143954,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Jun 2026 20:15:28 GMT","end":"Mon, 14 Sep 2026 21:15:13 GMT"},"fingerprint":{"sha1":"77:27:72:42:CF:51:E8:8C:7C:3E:8C:4C:A1:F0:9A:86:96:B9:0A:16","sha256":"ED:7C:F7:38:B3:0F:00:86:32:D1:14:CE:C0:FF:CA:0E:7C:86:EE:49:51:EF:A4:4B:AA:5C:B6:7C:00:B5:3D:F3"}}},"request":{"raw":"GET /turnstile/v0/g/73f5d73b1f13/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 09 Jul 2026 13:13:20 GMT\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\npriority: u=3,i=?0\r\netag: W/\"6a4f9e70.00000000-12529\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: a1a208f3b8f01a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75049,"size_decoded":24691,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"15221d51bd292126fd260c66336db19c","sha1":"d0ca22a3b568b71997d266bf6fe48bdedd932807","sha256":"90acf284e78ceb1183e080909b7558617bd981480fd3000ae1b433d5eb28c459","sha512":"7477e39dc11f4c71e65ca6192e71a74cad6d93b8b4ba702fdac40ea0af2029b6b8f395aae2b20c0c39a8f31d1e1f32db92a9b41632e4e2da5624d7b0d9fddb8f","ssdeep":"1536:tM5A+jXSq5RDMDpydrdopXOe1H05V46MlsgV0Dixw5MB:tEuYR0ydrMXOe1U8lP0Dixw5MB","tlshash":"81732bc472aa7862139ac0f4913b6753b3257d3aa84c8850d467dc653b7cd869233fba","first_seen":"2026-07-09T15:43:08.802758Z","last_seen":"2026-07-13T00:17:01.035981Z","times_seen":6287,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/hm6tICSa.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.118Z","timestamp":1783880143118,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /assets/js/hm6tICSa.js HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: a6093855436f82bf2603dcfb7daa5e45\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t4Ol1UQaTWLskcCi9cyKz99CU5CgJoebYAyOPXRuSmol4IIAeOBJJm8Xa8%2FARqfHlbQKSQQmj7CFz%2Fc1FO%2BN0Cx3YIdHpv3OEi0paiQu7j8vP7hsH48TwjglZobNeg%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a208ee7e98b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":209246,"size_decoded":68146,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ae7741c4efe78adac26276d4b961e897","sha1":"f5bd78fe7e4ddb4c6b169123b574e53771a277a8","sha256":"9b6a99eac7d29d4e25a8f3d025277b3f8c192c802652b9258558a08efc612b18","sha512":"f8890902f9b23bde79c2c0003a00513071e8d064bd0058710be28cc12ec9af78a4c137366a3504d42c71785a55ac5eac5e64daac893834334681195560c1a3c0","ssdeep":"3072:hpBNVrGm8/xpUP3YiMAFLxMJtIQeEY1Ld5i5sK2EdcNv4ype+Jq:hpBPiTUPBlLceEYNd5wsK2Er","tlshash":"95141aec3955f5126ab312b7009f1807733c252b280d49a0b651fddeb4b845eb17bfaa","first_seen":"2026-07-08T05:34:52.847808Z","last_seen":"2026-07-12T22:04:21.08606Z","times_seen":9,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":122,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/analytics/track/batch","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.555Z","timestamp":1783880143555,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 488\r\nOrigin: https://donewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":488,"data":"{\"events\":[{\"session_id\":\"a542181bbc814cd9a377175517570eeb\",\"event_type\":\"page_leave\",\"page_path\":\"/\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":{\"from\":\"/\",\"duration\":0.125},\"duration\":null,\"user_id\":null},{\"session_id\":\"a542181bbc814cd9a377175517570eeb\",\"event_type\":\"page_view\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://donewex.com\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sHpFlpngAB0%2FRiOwSH9JO7M83dx%2FvDh1YclwekwR3BHVxhWvIGLxzuhW1%2Fh%2BmyIN06UtBoWGSp4zhfFTn4qwZGWfEl14ep54P4vszgg2XYqZXz59eWYlKEZk6Ihb6w%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a208f13ee2b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36,"size_decoded":1604,"mime_type":"application/json","magic":"JSON text data","md5":"0b96c87d30e629858da7eda1beb6a0fa","sha1":"add35c030eca5578689e3d7d24089d80c3ed009c","sha256":"586047020bbe0f54a5198bdc6c4dbdda7d1b6d0e906d95acd0b5dad855273a24","sha512":"dd90ec4d743f260894661bb09800d6d03c4bb0841c757c698d646f29f624afbb328fd1bd2cc053ccd009d32ede1b02ba1fee04476851dd5d30bfc75be743753c","ssdeep":"","tlshash":"68800020e00a00bcb8802200b000faaa2a2e00330a0eabc8a0b82a0803a802e03b3803","first_seen":"2026-06-18T23:16:26.654836Z","last_seen":"2026-07-12T22:04:21.093165Z","times_seen":8,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/BdSiXnl-.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.124Z","timestamp":1783880143124,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /assets/js/BdSiXnl-.js HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: e232ea8dc83064d58750adcaa5ff6556\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YuXPrry%2BDimxGjNTXq1%2Fw0KF9yFgaDwnUjOOeL8SBmqXny56Ov%2B1%2FjexkPCg2IHaPxaE%2Fzgo1bjpMdehAPMzqobC%2F2ZcdfsIiSveT1da2CEhz3A%2F9MSFkNb98%2BWEuA%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a208ee8e9bb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37245,"size_decoded":15091,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (37239), with no line terminators","md5":"9dfa3645d86310a4cb0c004f919836d2","sha1":"5189963399179e36910c62f9697770bd484238aa","sha256":"0fe8d6f93df923ec809708a2b256d308f033a42a2c59222059d2fad5b525212f","sha512":"c47aa586e9e5c07525a9477ab0142803ecd0a15d9901cba0708016be5065bed127425282d50d741f6061ab7b72498c63e675d8c1a3b448fe65aff45a859d9fad","ssdeep":"384:ecqOfbAdtyvsX+FjDg3ilnWGJ9Exlw8RKhf9x1Oz7lSMtDvCIqhD2vc7lo2h/ihC:ecqOfsKr91OHl7vCIqNSc7Zh/i2BzvF","tlshash":"d6f2d9b6b241b0144fab13a280b71165f3ba5dee241d403672a8ec9e34f5d4c627ffa5","first_seen":"2026-07-08T05:34:52.850283Z","last_seen":"2026-07-12T22:04:21.09057Z","times_seen":9,"resource_available":true,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/analytics/tracker.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.130Z","timestamp":1783880143130,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /api/v1/analytics/tracker.js HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, must-revalidate, no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: ae9e082b311f7199c59a97cea164ffd1\r\nlast-modified: Tue, 26 May 2026 00:01:40 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gOLDVB1hyO6KbUDCjzARzSMsmKfYu5Suj7UJQifzgr7xHFgVG%2BKNxuat2ncyqkC2L4q77z5AQ7EXTwsjffUnmRrn%2BuM2DdZn0ZrZn1SB53YYLa%2BlZOa8qhZUo2v%2BDg%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1a208ee9ea0b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8056,"size_decoded":4137,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6ce5a213e70c1ce00dc0e57c1701ce22","sha1":"5cdc7310a2092464d280068b7ced49bd8e2beb3a","sha256":"4ce69e6485c3ed37d5ec98744ccd17f0552bae2a8befc39fefd11d93620ef59c","sha512":"167c03db64550836cae3564d5b039c4e8a3d17b1100acea2091e48b1515d312fa24c134531d8dfee4f860204b6ff8b456752e991e4d0d39ba0c49e64b23d995c","ssdeep":"192:youZKubFPI1ACY7zrrHBCb3WCqfqfIZ3xbDf++m:EZKuFbCSHrHnf6","tlshash":"92f1e2b9a9eb30b471a3f03ca7af600571767183341dca01ba9db5002fde5198675ef9","first_seen":"2026-06-18T23:16:26.64408Z","last_seen":"2026-07-12T22:04:21.072333Z","times_seen":11,"resource_available":true,"data":null}},"time_used":162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/analytics/track/batch","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.487Z","timestamp":1783880143487,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 237\r\nOrigin: https://donewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":237,"data":"{\"events\":[{\"session_id\":\"a542181bbc814cd9a377175517570eeb\",\"event_type\":\"session_start\",\"page_path\":\"/\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://donewex.com\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ijSYaKy4S1CuSn%2F%2FTYQq9ZGj3jEQld6hVQfiQOQyn6r%2Bjcn4ApdsVkyZteMQqsfBC8FKJ9HG8jxnrVban9qb8pwWLv9JG6wP60ffsege8RdtAiwxWSMgEnMP0%2FFJkQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a208f0cec9b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36,"size_decoded":1604,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/giftbo.svg","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.510Z","timestamp":1783880143510,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /giftbo.svg HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-13T07:17:51.133293Z","times_seen":17207279,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/coinb.svg","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.540Z","timestamp":1783880143540,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /coinb.svg HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 60f836f869a728fe20eb1dc1d5e66240\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JUX5Xq47aRV%2Br%2FswDnN%2BnbUHPXwC8mX5%2FT%2FT5VY4lz77WeqDmg2aAcNWjQ235OcDtGwvQkMax2b3HVpItimOjO3gCgPerxsiDOtttdbPVjUpgFiwk3JWUtPfSFfT3w%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a1a208f12ed7b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3691,"size_decoded":3328,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"69743a1e219ed63cebc201644f37fd4d","sha1":"3cf94b275798f7ef29f2d3208a7ae08e73cbb661","sha256":"ba763e59303433210f480f437797fc7e77fd773255fe23bb4234b86b4155439d","sha512":"66b337e2c8cbee5a0c35c6a161d334b6902d946fb6c6da8d95e750a96ceebf82d903813590cbda3e4a9954e1581c721105b2116de08fc39feb61ef8c2bcaa9f3","ssdeep":"","tlshash":"817145fb51e872d4e703e7b1cb696165373b33fa7796ca480318be5c79251598c88c84","first_seen":"2026-06-18T23:16:26.652444Z","last_seen":"2026-07-12T22:04:21.069689Z","times_seen":7,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/plinko/plinko_background.svg","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.539Z","timestamp":1783880143539,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /plinko/plinko_background.svg HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=plCVo1sl0UNLbBAXYqy0J557rW6vwNrbLSScf8YCLFuXeQeWlnqRFB7j4kZm%2F%2BpyQmbON0ywTvvowuAVY8huzntK%2FyJqyP0GHLArs0f7LV%2Fvytet5cfoG1n8LY5Avg%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a1a208f11ed6b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9,"size_decoded":1756,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"9e076f5885f5cc16a4b5aeb8de4adff5","sha1":"475c848673a3f79fa778f01c2bd5a721d4c41707","sha256":"e3ebaa16dd9d9b9fc107c42183fb6cf9d22927e1af03dbbdfa0ccc38e4e4ac31","sha512":"4d384838c78c74f56de20de3fe125b9fe4d40b7c9fb5d767b647f05aede6bf63431f4f08ac464e188e77b227becc3ab4ba86272f30b53d91b15003d814e06d2e","ssdeep":"","tlshash":"4a50000c3000030c0000003000c00030000c03000c0000300000c00c000000000000cc","first_seen":"2023-04-05T14:05:15Z","last_seen":"2026-07-13T07:13:41.357618Z","times_seen":9490,"resource_available":true,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/gift.svg","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.541Z","timestamp":1783880143541,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /gift.svg HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: 7a573d1e98fd191b43ecb4a0c0d35e33\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xk2lnScqJiqX6LXMwHENbTnm6pSOE%2B4Hhtfq9Mi1PnPTxpSS7WxFrPd5khBp3p0A39Ge5YvIJbLQec%2FKgytOAVMhi7a74nFhGHX5f%2F5Awa9MWCZdKB9SjY33NDYwVg%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a1a208f12ed9b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2560,"size_decoded":2894,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"04c20c3ec80a375a0bdb8e40519f9b7f","sha1":"b372f15619cf9b2841bef027b24e4eb3083795b8","sha256":"55cb792559f44868a87d4750955a00a9ff629d5ef654bb840af72ed1a69aef93","sha512":"f71a091d9caa002366bbc5bef245d5d8c33ec4ea67e2709cd17d3903f95c2c5feedb2079a6c2e21bef110d4c6048ecf01bdd8f06d9d00eb3b8187c0467d46959","ssdeep":"","tlshash":"815182f6248c6698cb065371cf6ae765e07b33f47276d0881394bf916d1c63e1989c98","first_seen":"2026-06-18T23:16:26.663435Z","last_seen":"2026-07-12T22:04:21.077246Z","times_seen":7,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":160,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"get.geojs.io/v1/ip/country.json","fqdn":"get.geojs.io","domain":"geojs.io","tld":"io"},"ip":{"addr":"104.26.0.100","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.605Z","timestamp":1783880143605,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"geojs.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Jun 2026 09:05:21 GMT","end":"Sun, 13 Sep 2026 10:05:19 GMT"},"fingerprint":{"sha1":"B3:F2:DC:EC:52:71:F9:79:D2:00:8E:C8:AA:A1:86:8A:C1:E3:43:88","sha256":"11:6A:66:F9:3D:73:5D:D0:5E:A8:3D:AE:47:BE:47:E4:A4:52:BA:81:19:C0:F1:09:0A:1E:E0:7D:58:D9:26:39"}}},"request":{"raw":"GET /v1/ip/country.json HTTP/1.1\r\nHost: get.geojs.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://donewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\ncontent-type: application/json\r\ncache-control: max-age=0, must-revalidate\r\nlast-modified: Sun, 12 Jul 2026 18:15:43 GMT\r\nx-request-id: 74580a06a27c95b8df60443edd9cc41a-ASH\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\ngeojs-backend: ash-01\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0gqDRjQqN0ebDRJXShSnA2ZTpnqxaJQZ7Nt6dmrFQH8BhSjhVzgrrfJYxaIdMXtggBKQxyk0SYBXYuck%2BjD387yAg%2BDudxsXBri%2FS4QBzaebXRRinfDtSi9UsUFTpQ%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nx-content-type-options: nosniff\r\ncf-ray: a1a208f1992ac759-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73,"size_decoded":977,"mime_type":"application/json","magic":"JSON text data","md5":"46a6a0cb45e9fe8a937c1d379f58d2c5","sha1":"055617a08af5aa9a2aba05aa432407288c559367","sha256":"b09f253b6d83ab759c733d9bc894d8ab857dc68b5f1d96f91dbdb764ef816f37","sha512":"9331a0d3aec182cd05fa258fd0bdacca9d1a6d8a1d329d54b2f921435932c0f8d91b1bad9e7e82b118d21f754cecdc340b159d2b1d62a530349d6991b1a5dca5","ssdeep":"","tlshash":"32a0019e24a28b589860d2a5248a61a59586e64292aa6d0692c83b69da402dc6401271","first_seen":"2026-06-07T21:04:41.962532Z","last_seen":"2026-07-13T02:02:47.923456Z","times_seen":153,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":0,"dns":3,"connect":9,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/f/av0/rch/du9ib/0x4AAAAAADwDym_575T1Fzzs/dark/fbE/new/normal?lang=auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:48.273Z","timestamp":1783880148273,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Jun 2026 20:15:28 GMT","end":"Mon, 14 Sep 2026 21:15:13 GMT"},"fingerprint":{"sha1":"77:27:72:42:CF:51:E8:8C:7C:3E:8C:4C:A1:F0:9A:86:96:B9:0A:16","sha256":"ED:7C:F7:38:B3:0F:00:86:32:D1:14:CE:C0:FF:CA:0E:7C:86:EE:49:51:EF:A4:4B:AA:5C:B6:7C:00:B5:3D:F3"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/turnstile/f/av0/rch/du9ib/0x4AAAAAADwDym_575T1Fzzs/dark/fbE/new/normal?lang=auto HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sun, 12 Jul 2026 18:15:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npermissions-policy: accelerometer=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),xr-spatial-tracking=*\r\ncontent-security-policy: default-src 'none'; script-src 'nonce-SAswyPsM2lHeWcCUgmDlok' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self' https://hagen.challenges.cloudflare.com https://brunhild.challenges.cloudflare.com; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; trusted-types WMqk0 default; require-trusted-types-for 'script'; sandbox allow-same-origin allow-scripts allow-popups allow-forms\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\norigin-agent-cluster: ?1\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\nreferrer-policy: same-origin\r\ndocument-policy: js-profiling\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: a1a2090eba891a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: aedmo3ba;dur=256549, cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":256549,"size_decoded":100336,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"9bc1b17853f6ba008f975b5015cb5b7b","sha1":"f09108903e85b98d6a0cb743e25d036a4926c1fa","sha256":"511bd8a08af65aef41fc4b491d1adf68a8517e4832bce51e946f8babe69aa94a","sha512":"e822203bdff2dbaaa78cd5da7ca623bb73a9b900aa13615359c849a255607588d2a1270587753545433de48183533c5ccc2ce3e170d912b6cb68c150c382e3ce","ssdeep":"6144:ibzqoHZw+ukJv7c9ufOMJNevHDedIV1JFoDfCyNloiLQfiRvNMP:67Cu2MoM41JFoDzLogNg","tlshash":"9f440bccb9c3794ab21a75b90437318af73e5c6c808cd90db551a4e5b8b476c0a2fed9","first_seen":"2026-07-12T18:16:19.780866Z","last_seen":"2026-07-12T18:16:19.780866Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/assets/js/DCKxLHEB.js","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.123Z","timestamp":1783880143123,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /assets/js/DCKxLHEB.js HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: fdc8cbe108abe352b784e3c65bc68ec5\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bK8WrncuTxKCHPRl6KFmo8%2FHAbnBKkYrUS28jJqTmxL9TM%2FXXgb6KcTMEKIzYLOX%2BszqVJhaBcPsIrq%2F8I5Bpoz0e410nghqsjTaXyWQ0JnS5AqdU2b1rlhmt2vPdA%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a208ee8e9ab4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26830,"size_decoded":9807,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (26830), with no line terminators","md5":"6dfca59875be46db21197758a34cece6","sha1":"2559f01e9a30f06d485c6d24694ad1d17c9c8624","sha256":"612b4d1a71544a5e50bc973f2fd7d47bc76e5a2360374312d81b83eb14fa8896","sha512":"2e4652990475ba9e51f1a13714f065beca8514c03b22f6d24f448bbbcf5f99098b385f7125470102b26783ead9102e3728018d9d7a7d96edf24b40d8b4aad31f","ssdeep":"768:T2hqMS9m5P2S+riimzJomTDQILSsKGG/vVZsiCtyF+hR:T28Cpo7hseV+y4b","tlshash":"6bc2a4da7393f22b0ee28891c07e4112f134691574174068b6ac5ee6bda59cfb4bef30","first_seen":"2026-07-08T05:34:52.849045Z","last_seen":"2026-07-12T22:04:21.075452Z","times_seen":9,"resource_available":true,"data":null}},"time_used":187,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/api/v1/domain/cfg","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.506Z","timestamp":1783880143506,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"POST /api/v1/domain/cfg HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 21\r\nOrigin: https://donewex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":21,"data":"{\"ref\":\"donewex.com\"}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://donewex.com\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SnvAHovs%2FCEFSxcyE3O6oD9DJL16EboPThBjvCa3gsrRitpTch41klraos93Sbedkse3i2Jsp6hEd4f7JxKKfFsR8bzwAKIeu7j9VAulK0a65hBzNRDS5Cc0NyBMew%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a208f0eed1b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24942,"size_decoded":19119,"mime_type":"application/json","magic":"JSON text data","md5":"c3cb753ddf90d5cb4ff23a5459c13aa2","sha1":"c5bf93bbf6f4b7f7260a2fd0e8a625015a9fa4c9","sha256":"dd09438ff1428ffa4c0844c29e83bb8a6470b1f189ae1466b1a6a53c22678158","sha512":"8d70efbd10fd2ee3577afa1671702c369b87e73730852bee10fa5047b4012272d29c6f6bc20689886a8b72a3662b34c13e112f00457499cf099708521a3ebe6c","ssdeep":"768:Y3lSLK8ZeCpFXuiFYAMPq800j/HX8L2kylcdZrEvK1m:Y3YPMCPuSMy8TX8rdB8Em","tlshash":"aeb2d13d76209f38d8160ca97e5fffdc4507e5e8baca312692725075588224ec8dd6e3","first_seen":"2026-07-12T18:16:19.783396Z","last_seen":"2026-07-12T18:16:19.783396Z","times_seen":1,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":177,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"donewex.com/backauth.svg","fqdn":"donewex.com","domain":"donewex.com","tld":"com"},"ip":{"addr":"104.21.9.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://donewex.com/","date":"2026-07-12T18:15:43.538Z","timestamp":1783880143538,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"donewex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Jul 2026 21:43:26 GMT","end":"Fri, 02 Oct 2026 22:40:47 GMT"},"fingerprint":{"sha1":"14:7A:B0:DF:17:86:40:9C:E4:54:0A:0E:F0:71:8B:34:24:70:99:2E","sha256":"7B:5F:88:C2:69:9B:11:6F:D7:88:AA:F5:BB:A8:EA:3A:E2:84:05:74:23:35:A1:9C:9C:35:8D:0C:2F:80:94:23"}}},"request":{"raw":"GET /backauth.svg HTTP/1.1\r\nHost: donewex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 18:15:43 GMT\r\netag: a47a6d3db0c8be7c12b360d375aca62b\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VCpntpOr8csbx3A8iH4895DMx9bc47F27As%2FyrQT9QCCvjYv0M2IbQdgIxiBqshU1ydQ5k00cNgiDy%2FzsC5VlxjVzpcixT0nhV9IBr2x44%2BC3qwHYuRXCqi8nzq%2B2A%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a1a208f11ed5b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1519678,"size_decoded":1152693,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5c476feae0114439c99ab94ca65ade25","sha1":"be4425fcdb8edf8aac0662fda10f090d81476816","sha256":"41f372e777d04ee1214c34bb499ca7d24c9903456c8a407ce0e54fcec2e0f552","sha512":"a6e8d3a7bfb6057a009d52c49ab0d46dcea24c417665d30738ad9eed51a54cd84c342956fdc230b41c6a9aedd2f38e19531755e6f8a722f111d4b2e04c13c7e5","ssdeep":"24576:caO7YXW89j5bczQTaEQ8tlNMxSjxVAsIydBA:55r9RtBxA","tlshash":"73252370ae8fbd17824cb792b139af5d57c40e55584fe2c2d1b134b60d888528aef87b","first_seen":"2026-06-18T23:16:26.662196Z","last_seen":"2026-07-12T22:04:21.087115Z","times_seen":7,"resource_available":false,"data":null}},"time_used":480,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":343,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"donewex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}
