{"report_id":"4308e8f3-a63d-46aa-8737-7d4e60510f78","version":6,"status":"done","tags":[],"date":"2025-12-03T14:06:44Z","url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"172.67.218.3","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"title":"Aguea Twitter Web Viewer","dom":{"size":64630,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"e81a2cc5f7971ef6017d1ff0969a9e48","sha1":"4ce721343b6737a7ec6b2180846156406cd5a357","sha256":"6239a042be52eee3430eedb6a0e6c000ae9c37709a0f72e30d88046cdb70903a","sha512":"5f4e1584ad515fbd7b0d1c77c77cf995132c8ef4d060a2a63a6fd18fd3f1821e069e2baca13d74c77e6e10561e5b339c617488cbb4fae0c9a0a905e4cc44aafa","ssdeep":"1536:xpRpvitihbObgHuHDFlFfFPF4WzZidM+1:xpRpvitihbObgHuHDFlFfFPF4WAM6","tlshash":"2e53ee5a2cd15110c71a4724a3fe5b2d262c8993285becf9b3f1188acf5567c93ee21f","dom_hash":"domhash57b46785fa6786cd641ecca540fedb22","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"172.67.218.3","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-07T14:06:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":26}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"statementbrainless.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"oh.ballettjoypops.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"oh.ballettjoypops.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-30T22:14:19.793229Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-12-01T00:54:16.933365Z","alert_count":0,"request_count":1,"received_data":35816,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"statementbrainless.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":154960,"sent_data":896,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"aguea.net","ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-08","domain_rank":1485381,"first_seen":"2025-07-01T17:09:29.523489Z","last_seen":"2025-11-25T00:40:46.315628Z","alert_count":0,"request_count":11,"received_data":145498,"sent_data":6202,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"oh.ballettjoypops.com","ip":{"addr":"188.42.241.221","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":1,"received_data":1517,"sent_data":426,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-12-01T10:26:05.53703Z","alert_count":18,"request_count":6,"received_data":184734,"sent_data":2745,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"18.198.241.35","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-12-02T19:40:58.517983Z","alert_count":0,"request_count":2,"received_data":712,"sent_data":926,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-30T22:13:37.547558Z","alert_count":0,"request_count":2,"received_data":81924,"sent_data":1088,"comment":"","tags":null,"fingerprints":null},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-11-26T14:07:32.683098Z","alert_count":3,"request_count":1,"received_data":377,"sent_data":412,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.show-sb.com","ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":187612,"first_seen":"2024-08-31T03:46:04Z","last_seen":"2025-12-01T12:09:00.816947Z","alert_count":1,"request_count":1,"received_data":2075,"sent_data":472,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-12-01T03:50:51.24337Z","alert_count":55,"request_count":11,"received_data":102628,"sent_data":9223,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-11-26T07:38:15.50569Z","alert_count":6,"request_count":2,"received_data":171912,"sent_data":814,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"skinnycrawlinglax.com","ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":38609,"first_seen":"2025-07-09T22:28:05.771371Z","last_seen":"2025-12-01T09:43:20.292864Z","alert_count":20,"request_count":4,"received_data":22497,"sent_data":5814,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-12-03T06:32:40.66545Z","alert_count":6,"request_count":2,"received_data":1060,"sent_data":1522,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"042003d69d82c7a94ff0e9b8c22138b8","sha1":"714418ac5fc0828ee10378bd1a2e9d0b594b2dc4","sha256":"f42dc9d558b13585aa952f7da97f52c79edf4b9d875d2a5a9c53a9c09bba0e13","sha512":"223f0f7073e5eb96d70c6de03eecb2ace9af24078cdaefa3f6cc6668618a8e75221f59e919c8d0d66593a67e3d3eb2c2bcce85c34923f96564d9b0e791b42755","ssdeep":"","tlshash":"3ef0dca53cc88039833611227233f29872692a287849ac21c15d889228aadfc187f50c","size":468,"data":"","first_seen":"2025-07-26T19:36:31.973397Z","last_seen":"2026-04-01T21:25:32.181517Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"27d9b6911619ebbe0431dce5042143d5","sha1":"14c5e7e370b01161b9526640180a5e313194f19d","sha256":"c162e4e7889d913a9649a4b8d5dcfad8ef6580ec87c90fb88ab01b921b0cb72d","sha512":"4e950f5bfaf9c225c5ce772c0d0e654d4974d59ace753b7d59465402fe1d368e10ca72ee653b805c99640f452822b65916b177a1d93874bc18846bb3a4bb00ae","ssdeep":"","tlshash":"c1e08cb8c047b200209288bb56ec904473208d07ed0d28623acc98044fcc91e48fafba","size":327,"data":"","first_seen":"2025-12-03T13:59:10.318643Z","last_seen":"2025-12-03T14:06:51.41647Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c876a4c2ec55ff2cb91e4bc7a6e460c4","sha1":"63b87e57aa24ee1e65a40672caa7198be772576c","sha256":"5eb5a22d21d07cb631ffe1b9cc4affb48784a0e583ed8403783e561677452030","sha512":"219d67aa136a2b9578b4cfba5c58c8354b34d3eccdf26f6f4937dfb603717731332dc23e9f77df9c71e75c29bbcaf7ab3fa88ed5a55e2d221a40248f6c2b779d","ssdeep":"","tlshash":"f311c06c8ce3e60140332c9bc56ce004217498171e05dc9536dd89d46fc9fa9086fa78","size":951,"data":"","first_seen":"2025-12-03T13:59:10.313102Z","last_seen":"2025-12-03T14:06:51.417339Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"statementbrainless.com/2f4725932e9319e9f9550229b2819c13/invoke.js","fqdn":"statementbrainless.com","domain":"statementbrainless.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d8af8e70603e1c2253ac743b0d539034","sha1":"c9120d9006a0f772fead4a84f0a02f2a7ab0985a","sha256":"c08f9ba7d6448af64fb89772026c900952c11766ea84190e2277063e4612a127","sha512":"725fa975a6f62f2ed110d7fe3581d1f8703492f7acbf3ae545efd5ea887a00c668453056628c9916f1bdb627c6f8bac1e2303f25df6bb260df57e3ccccc97d1c","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qbyXy:CkurY7JfhAl9b5","tlshash":"ab23d8887f90f75457967073723f800bb0156d60668cd8acd1a7d8e87eacb29f5327a8","size":46615,"data":"","first_seen":"2025-12-03T14:06:51.387445Z","last_seen":"2025-12-03T14:06:51.387445Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"3012a97224e90fd3d2a17a815e3cb177","sha1":"a23d81d699638decaf597bb795f981d30c0d9f31","sha256":"690fe58f5299717a36d65c38408c2a13443783becdba26d94366f86acb9fbe67","sha512":"51495720e9d3dc57d31a90e370da25072278625fae08bf5c6349bea57ba9c29e6f657fafc2af020a003ab8080739c028981b91c35240ba95e4585525f685f4f6","ssdeep":"","tlshash":"f641d7b92dd3bda52dfa9aa2439d76613c54640b8e4cc68330dc4b0783a0930a3bad4d","size":1999,"data":"","first_seen":"2025-12-03T14:06:51.41815Z","last_seen":"2025-12-03T14:06:51.41815Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/2/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84384,"data":"","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-06-07T00:57:18.112941Z","times_seen":12043,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"54277dcdf488182da339e866f05650f7","sha1":"58df7c58e3bee2cc5f99a7e87db66e6a7cc8584b","sha256":"fdd2addb782018408204b50c0f7e46eda9fe4a929cbef53fd2e1ae8f6045fa19","sha512":"ad12800118e3d730d56fc13f11f6d8d3f3a9061b7233a17ccb560df809176d7424779185b02a694953cbaf18237de2d01ba5e1d89109264af412dbd0ff55a059","ssdeep":"96:dyUqxYLHwX1O/D3cYmeDjlwjeqFczLCDsnvuRQs01GKyBspfkxzUXe2lJK9zbdr3:wUn4crcYmeV+VHJmQxdCnV8oDeQToJ","tlshash":"ec02420849f9d931c41da13e203e2265f7280a53ac5abed8bb9450055fde96fb9b903f","size":8627,"data":"","first_seen":"2025-10-20T07:14:45.016013Z","last_seen":"2025-12-03T14:06:51.420138Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oh.ballettjoypops.com/sRRbMD46X1demQJ/131343","fqdn":"oh.ballettjoypops.com","domain":"ballettjoypops.com","tld":"com"},"ip":{"addr":"188.42.241.221","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"f7a2939527fd9e68723da600e96d76bd","sha1":"a9e717b6364d2895ee0a716050db32ca0ef1bb42","sha256":"d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a","sha512":"e6956ec633c76eb3ebc408528f950b81373238cd1d5b9fff5ddd97089ea14a1ff5934f23769bac5d93cc4cdb6a1fbc4ce69baebfb940a55d8a7a89caccaf92b5","ssdeep":"","tlshash":"ec300000003000000000000000000000000c0000000000000000000000000c00000000","size":5,"data":"","first_seen":"2023-03-07T01:14:39Z","last_seen":"2026-06-06T23:38:50.102523Z","times_seen":14980,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-06-07T01:43:01.133971Z","times_seen":18245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-06-07T01:43:01.133971Z","times_seen":18245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a48f9515099f46965c166f7ec086ce6e","sha1":"57d3138613cef5041f9fcbadf7996eff5aefdba6","sha256":"5edbab0648cb5b8077aa69545c84d032a7d10a448d99aaaaec2c4c9a25df01b6","sha512":"5ae2e9875d4f4af3fcb2f717121fb66f5bbb4a105cbdfb5e70a9766c2ae99b0a38bac3215e6a1fc5d7436e302f19b1502f0e5ec6e3a1126049e7eeb5cd9a07fe","ssdeep":"","tlshash":"a211c4793e155534d6d5414b317df7a93e3250717a029044c26ccc295d18ec714dfcbe","size":902,"data":"","first_seen":"2025-12-03T14:06:51.421917Z","last_seen":"2025-12-03T14:06:51.421917Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"statementbrainless.com/86/be/1b/86be1b57d34beb8211a61a0fb677dce0.js","fqdn":"statementbrainless.com","domain":"statementbrainless.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5425045f7ce3adee8125124c20c878f6","sha1":"733d6343dc335bfebb840ecc33c9e2b9766460ff","sha256":"d24521a48d4f981b8cc0a4a028548813e799e2f11bdc1f06f769ebb2f8ea89a2","sha512":"893ea9ebfe11728d2993862583b3a8f376be4af5b5096b98214e230606b827beea6671006693b4e87734492eaa644a9a5c9759091baa2841793270916c223baa","ssdeep":"1536:EpOvTY8Afd1ow5ZEUjHzQSF63R2LbqKYmEqMTd01yLVH2WQgPrNQCld5h4s9imfA:qXLD33COgu+bAKJ+","tlshash":"95a3cad97f40f06d4271607a113fa00af25b0e46688cd59ce117f6a42fa866fe57ef28","size":106649,"data":"","first_seen":"2025-12-03T14:06:51.381683Z","last_seen":"2025-12-03T14:06:51.381683Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"475cc884e5551960c89940616dad9373","sha1":"6dc2f9dc6a0508c412ee0c4cb77e27e019bd0bcf","sha256":"3cef6b1a64ef8d0beeb4ef30e4267c35e3e89089dbfff96c9050e9cf6f1d1ab8","sha512":"b699535825f7eb92aec0a17efa60ce8e335a55a920e8a0c6941d11ad833c26865f0efe12bcfd005c123a0921961550b0aaf7b23b86e74a701203771b80e3e1f8","ssdeep":"","tlshash":"97c04c699a496d6179903cddf78d1381acd41607a525190b19cd8895b5d6a7a0089c84","size":145,"data":"","first_seen":"2025-10-20T07:14:44.9755Z","last_seen":"2025-12-05T22:28:10.042589Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"828e3dbb8194d76c871b2caaf7d33031","sha1":"bf774d70bbe9948890663f3c5588e5b457ddfb4e","sha256":"e7790041c28fb496ff612780e8742570256e0d2e297400a7af84376fa6242d17","sha512":"ecc4e8f5c6b685ed76352f69f684a523fcf267b21e82b47703a5bd00670e87b1814cbdfbe352003ce70325cb101614ec2ac5250d91c8c3e46aedf631e789a251","ssdeep":"","tlshash":"7b31dafe4429397d3f4f9ced61a90b993d515141e478c3d4515c8839732e3104b92fea","size":1521,"data":"","first_seen":"2025-12-03T14:06:51.424598Z","last_seen":"2025-12-03T14:06:51.424598Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"3390da808e57001208b02e6545b0a841","sha1":"74e651bbba09de8f633980f5bc1bfbee3fbe6630","sha256":"8957e7bc00b9faff7a5e8fdce1515e80469e91976fe714bdd6811789b0af284b","sha512":"7330419641f6678989b40447c30511f695a5738bff3890b4118f9b1a6a21ddbfe7b0ad0a65014bcabf3e8258c4262494d05943df778045c8446ca3c93e029cd2","ssdeep":"","tlshash":"d4d0a7992c75843462a9014a20b5f7a42a6120a16711654485dccc2f6a21ed304e2558","size":217,"data":"","first_seen":"2025-12-03T14:06:51.426353Z","last_seen":"2025-12-03T14:06:51.426353Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5c0efa5f7721a58bcbc349578dab84fb","sha1":"f769da8ba603dd71c39613ba07b4de941fb82033","sha256":"95fcb452684c6190a3c036a4ac928c35451ab55d0fa3b18940fb9f836ab2c9f3","sha512":"05e86c5e72cb6858cb99f3765f4859dd6264c812e42e66c1c5b333290bf39b9a5af5ad6c5179745bc72a30ae3c4b9c2a4ba66211599e550087200b74281be7f3","ssdeep":"192:hhdHjubvZyWXt3iZjitWz5t7NFTFMs58+FECczmLNh2ihI7qv3vd/qAqVQR/o:7dHjubhyWXt3ujitWFt7N3DFwQNhRhIn","tlshash":"f722e9cfff4cb0ee121629e5a47bf5cd501d8e5a18806e4d851399e47a28f241c2bebc","size":10162,"data":"","first_seen":"2025-12-03T14:06:51.384195Z","last_seen":"2025-12-03T14:32:13.852476Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/fb/f7/c0/fbf7c04e669126c400d669cb6e625736.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"59a2100b831609aa9e42b2a4361cae90","sha1":"a5d340cd79ed5a23780e989661094e23333d2451","sha256":"5b5e840674c23cd25fea46cdee84ca5a9e5965cd5f2228832aa7d2936e7e3b8f","sha512":"05138655554112f0139edb46d59c174f54a09867017c67cbb1c95fde888ad0b13cc9e70c09e2d205fc29db43a32e58a793ba15869665dedf3030d34d1782e3d6","ssdeep":"1536:h3Zs5j4xaqmOxsHZ0ob3meMv6Iqyi1+9Hef:h3Acx//xsHofv6zOM","tlshash":"d983c88d7f99f1ac03527072722fa21ef0290d126098d1a4e253f5fdaf78729e976b14","size":81896,"data":"","first_seen":"2025-12-03T14:06:51.413765Z","last_seen":"2025-12-03T14:06:51.413765Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"adfa2687e687958ab76ddc7bdae1c705","sha1":"a68dc8b354ac0404dc0975fd537f846981be3d3d","sha256":"420b0ffb863d6d278894c06427322cff1cba985b8c1360bccdcc5f15e6dae904","sha512":"885aab2d4d32db2813818ae5659c0d615d871554636d4487e8ea33f66638d6a36070c878e09aced89b3074febeb104d15609a46b8437b52303802b142d6a08c2","ssdeep":"96:c9jG9ELozDYryh/MQZYJus8Iz9ZPyi3iN1mDOCfMEDaH:c9jG9xzMymwYJus8IzrPyN+OCkCaH","tlshash":"7db13af91dd668743d6768fe62bd66493d50a00b9908ca8370ccc65b8b607305be9edc","size":5206,"data":"","first_seen":"2025-12-03T14:06:51.428153Z","last_seen":"2025-12-03T14:06:51.428153Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"6447d3a13f2a83d750b838ca0907714c","sha1":"631e5955ccbf6e1a77496a6c2612a5fa946e24b8","sha256":"39cc030a7a72599b1d60e167b7b07a58d274bf6b1d854229a183852759392f0b","sha512":"b2695b28bfe5f493ff35cd36144f3022044373c618024f1f847c84f48bdf1caea7b87a62bba8a5fa392b842c5ad05cecf37b4ce4555d101ea1dd3e134712087b","ssdeep":"","tlshash":"8be026694cd3e940604208dbd1b8e000751498030608dc9535dcc8686fd8f9e08aff78","size":372,"data":"","first_seen":"2025-12-03T13:59:10.33178Z","last_seen":"2025-12-05T22:28:10.094368Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F2%2Fjs%2Fscript.js\u0026l=6717\u0026fd=511","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F2%2Fjs%2Fscript.js\u0026l=6717\u0026fd=511 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26783399=1; slecfbf7c04e669126c400d669cb6e625736=[6308900]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:25 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"statementbrainless.com/86/be/1b/86be1b57d34beb8211a61a0fb677dce0.js","fqdn":"statementbrainless.com","domain":"statementbrainless.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:22.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"statementbrainless.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 18:57:04 GMT","end":"Thu, 26 Feb 2026 18:57:03 GMT"},"fingerprint":{"sha1":"44:02:35:E6:2F:04:B5:3B:F7:3D:AB:32:DB:F1:F5:37:70:1D:E2:14","sha256":"BC:20:C1:66:F5:6C:CF:54:16:DC:90:9B:F0:DD:43:7C:76:78:34:45:3C:BF:64:73:D7:C9:66:88:63:2D:78:B2"}}},"request":{"raw":"GET /86/be/1b/86be1b57d34beb8211a61a0fb677dce0.js HTTP/1.1\r\nHost: statementbrainless.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38195\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: statementbrainless.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c732c4c674db5406b369aac4822fb3d6\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":106649,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5425045f7ce3adee8125124c20c878f6","sha1":"733d6343dc335bfebb840ecc33c9e2b9766460ff","sha256":"d24521a48d4f981b8cc0a4a028548813e799e2f11bdc1f06f769ebb2f8ea89a2","sha512":"893ea9ebfe11728d2993862583b3a8f376be4af5b5096b98214e230606b827beea6671006693b4e87734492eaa644a9a5c9759091baa2841793270916c223baa","ssdeep":"1536:EpOvTY8Afd1ow5ZEUjHzQSF63R2LbqKYmEqMTd01yLVH2WQgPrNQCld5h4s9imfA:qXLD33COgu+bAKJ+","tlshash":"95a3cad97f40f06d4271607a113fa00af25b0e46688cd59ce117f6a42fa866fe57ef28","first_seen":"2025-12-03T14:06:51.381683Z","last_seen":"2025-12-03T14:06:51.381683Z","times_seen":1,"resource_available":true,"data":null}},"time_used":745,"timings":{"blocked":273,"dns":1,"connect":92,"send":0,"wait":97,"receive":93,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"statementbrainless.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/cdn-cgi/challenge-platform/h/b/scripts/jsd/13c98df4ef2d/main.js?","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/13c98df4ef2d/main.js? HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:23 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=23E1cTQckLakvleuy%2BWq3ApguwhCxIL1Ky3yIzSxOdP8zjukWXUdTReeC3qCXidNwJZVtGFOIjx29IPWmWju14RVKg%2FBPDdF4LfcdDKoZxjcq4dp1V3HFAX0uOU%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncf-ray: 9a839fd60c29712e-OSL\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri, cfL4;desc=\"?proto=QUIC\u0026rtt=1053\u0026min_rtt=0\u0026rtt_var=669\u0026sent=83\u0026recv=32\u0026lost=0\u0026retrans=0\u0026sent_bytes=74393\u0026recv_bytes=3803\u0026delivery_rate=19040686\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=0\u0026ss_exit_bw=0\u0026ss_exit_reason=0\u0026cwnd=24178\u0026unsent_bytes=0\u0026cid=18050f1b1addb9e5\u0026ts=1027\u0026inflight_dur=41\u0026x=55\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10162,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10162), with no line terminators","md5":"5c0efa5f7721a58bcbc349578dab84fb","sha1":"f769da8ba603dd71c39613ba07b4de941fb82033","sha256":"95fcb452684c6190a3c036a4ac928c35451ab55d0fa3b18940fb9f836ab2c9f3","sha512":"05e86c5e72cb6858cb99f3765f4859dd6264c812e42e66c1c5b333290bf39b9a5af5ad6c5179745bc72a30ae3c4b9c2a4ba66211599e550087200b74281be7f3","ssdeep":"192:hhdHjubvZyWXt3iZjitWz5t7NFTFMs58+FECczmLNh2ihI7qv3vd/qAqVQR/o:7dHjubhyWXt3ujitWFt7N3DFwQNhRhIn","tlshash":"f722e9cfff4cb0ee121629e5a47bf5cd501d8e5a18806e4d851399e47a28f241c2bebc","first_seen":"2025-12-03T14:06:51.384195Z","last_seen":"2025-12-03T14:32:13.852476Z","times_seen":6,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/ren.gif?sid=H4sIAAAAAAAC_1SSsW8cRRTGZx2LAgoUiOiQrkgRBD7v3u2tvaQIOMbBYGzjGLlIw-zM7Hnw3s4ys3t7vsqKJeTy6CJBsf7OjhWILPgDENGZzhISm8pFrAQqOiSQJTp0Z0sWr3jvrX5bfN_35qvd7JTUkdGT5U9UV0YRnWxU7cqNNRlzlZvK4mrFsav2zcqajD33ZqUzbLr9rlN3q_ZblTuCbajJmu3YtmM7lTmpRag6kyMKmTz2napvV91a1Wm46Oj_f5vMgqEWePuUvAbJy1f_CO9BsgHi1g-zwmykKnnng1YW0VRptPnBZ_FGrPIYrcs11BbC-ODibyhTEvJgDCo-uHAA1d4bOkAgSzL2xjME8cGFTATt_XOlQQQRI-CvIG8PIKIBJB2AqW1I_hsBGMfiEuLWw0Wlc7p5TumQlmT87G_IvCTjz64hbh3ORLJTuauiLJUqNuiEBWRnANkcIMmOkHYtyPwILL0PyX8lk2cLiFt7SyZSkPzket1zqHBdZ8KzG7UJNwi9Cd8JxYTr8EBQ5jp2wx5FJMMBqLmCzFjIpIUstJAlFlr8pOLa0y5zaN0Lfc6mbJe6LheB7U_XbJv6bAoZG2rvIU16YFEPTG8h0VvYkD3o7AnMegHDx2DSklifbqHNC-SCIDcEOSXIJUGeEuTtYp9HpmaKhzwyWeBczNrFrBd9lTZ36b5KmyImoLoHzYs9mXxptsHSK_1uaHhfDRsN0qJPA17sJqfk6jBa68HhATbESSUMwilmu8LzfKfmMde2uef5LPCEV2tM1T0YWUCaMVBjoStL8tG_T5HIkrx0dh8BPYKJjsDkGGj2JmhegK4X6MaPaDMTtBqLFFwVSNJxpJvWbnRKXu-vrM48GZ3389nrEOz4PfLizuG17gswXSDRBb6QvxA0o53-isrJ3orKDflxKUllS3bp8PR3U5qK8e8-Fpu50nx-1vQevc-GYLg-XhUmXaAxl3HTkO9nJOdCzynNBPlp3qyJYDkz6zOZjrNkYfn23Hwr0cIYqeIBqCzJy9--DSZLcu3GrdGzbvzzO1iyBZMc3_pzR3xzdd3AKIIgsRDJknx47zkiccloUMCIS0-BOP75LzKqXbODprZA023ErQJtXaAdFaBRDya70k8TfXzraX1UCCKrH0Ta2gsiHX19npWRJ5VGLah709OeCD0e1nm9Vud-wxa-S33P9d0GUlNK-_bz_wIAAP__Z_ObV30EAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1SSsW8cRRTGZx2LAgoUiOiQrkgRBD7v3u2tvaQIOMbBYGzjGLlIw-zM7Hnw3s4ys3t7vsqKJeTy6CJBsf7OjhWILPgDENGZzhISm8pFrAQqOiSQJTp0Z0sWr3jvrX5bfN_35qvd7JTUkdGT5U9UV0YRnWxU7cqNNRlzlZvK4mrFsav2zcqajD33ZqUzbLr9rlN3q_ZblTuCbajJmu3YtmM7lTmpRag6kyMKmTz2napvV91a1Wm46Oj_f5vMgqEWePuUvAbJy1f_CO9BsgHi1g-zwmykKnnng1YW0VRptPnBZ_FGrPIYrcs11BbC-ODibyhTEvJgDCo-uHAA1d4bOkAgSzL2xjME8cGFTATt_XOlQQQRI-CvIG8PIKIBJB2AqW1I_hsBGMfiEuLWw0Wlc7p5TumQlmT87G_IvCTjz64hbh3ORLJTuauiLJUqNuiEBWRnANkcIMmOkHYtyPwILL0PyX8lk2cLiFt7SyZSkPzket1zqHBdZ8KzG7UJNwi9Cd8JxYTr8EBQ5jp2wx5FJMMBqLmCzFjIpIUstJAlFlr8pOLa0y5zaN0Lfc6mbJe6LheB7U_XbJv6bAoZG2rvIU16YFEPTG8h0VvYkD3o7AnMegHDx2DSklifbqHNC-SCIDcEOSXIJUGeEuTtYp9HpmaKhzwyWeBczNrFrBd9lTZ36b5KmyImoLoHzYs9mXxptsHSK_1uaHhfDRsN0qJPA17sJqfk6jBa68HhATbESSUMwilmu8LzfKfmMde2uef5LPCEV2tM1T0YWUCaMVBjoStL8tG_T5HIkrx0dh8BPYKJjsDkGGj2JmhegK4X6MaPaDMTtBqLFFwVSNJxpJvWbnRKXu-vrM48GZ3389nrEOz4PfLizuG17gswXSDRBb6QvxA0o53-isrJ3orKDflxKUllS3bp8PR3U5qK8e8-Fpu50nx-1vQevc-GYLg-XhUmXaAxl3HTkO9nJOdCzynNBPlp3qyJYDkz6zOZjrNkYfn23Hwr0cIYqeIBqCzJy9--DSZLcu3GrdGzbvzzO1iyBZMc3_pzR3xzdd3AKIIgsRDJknx47zkiccloUMCIS0-BOP75LzKqXbODprZA023ErQJtXaAdFaBRDya70k8TfXzraX1UCCKrH0Ta2gsiHX19npWRJ5VGLah709OeCD0e1nm9Vud-wxa-S33P9d0GUlNK-_bz_wIAAP__Z_ObV30EAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26783399=1; slecfbf7c04e669126c400d669cb6e625736=[6308900]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:24 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: efddb19b26dcae7523ac28b7dc0364d4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F2%2Fcss%2Fstyle.css\u0026l=5648\u0026fd=527","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F2%2Fcss%2Fstyle.css\u0026l=5648\u0026fd=527 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26783399=1; slecfbf7c04e669126c400d669cb6e625736=[6308900]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:25 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1SSsW8cRRTGZx2LAgoUiOiQrkgRBD7P3u6tfaQIOMbBYGzjGLlIw-zM7Hnw3s6ys3t7vsqKJeTy6CJBsf7OjhWILPgDENGZzhISm8pFrAQqOiSQJTp0Z0sWr3jvrX5bfN_35qvd7JQ4yNjJ8ie6q8KQTdartHJjTUVC56ayuFqxaZXerKypyHNvVjrDlrTftR23St-q3JF8Q0_WqE2pTe3KnEpkoDuTIwoVP27Y1QaturWqXXfRSf7_bTILhlkQ7VPyGpQoX_0juAfFB4haP8xKs5Hq-J0PWlnIUp2gLQ4-izYinUdoXa5BYiGIDi7-hjYlIQ_GoKODCwfQ7b2hA_iqJGNvPIMfHVzIhN_eP1fqh5ARfPEK8vYAMhxAsQG43oYSvxGACywuIWo9XNRJzjbPKRvSkoyf_Q2Vl2T82TVErcOZUHUqd3WYpUpHBp2ggOoMoJoDxNkR0q4FlR-Bp_ehxK9k8mwBUWtvyYQaSpxcdzybSde1Jzxar024fuBNNOxATri28CXjrk3rdBSRCgZg5goyYyFTFrLAQhZbaImTikunXW4zxwsagk9Rl7mukD5tTNcoZQ0-hYwPtfeQxj3wsAeebCFOtrChekiyJzDrBYwYg0lLYn26hbYokEuC3BDkjCBXBHlKkLeLfRGamikeitBkvn0xaxfTKfo6be6yfZ02ZUTAkh4SUeyp-EuzDZ5e6XcDI_p62JifFn3mi2I3PiVXh9FaDw4PsCFPKoEfTHHqSs9r2DWPu5QKz2tw35NerT7leDCqgDJjYMZCV5Xko3-fIlYleensPnx2BBMegasxsOxNsLwAWy_QjR6xZiZZNZIphC4Qp-NIN63d8JS83l9ZnXkyOu_ns9ch-fF75MWdw2vdF-BJgTgp8IX6haAZ7vRXdE72VnRuyI9LcapaqsuGp7-bslSOf_ex3Mx1IuZnTe_R-3wIhuvjVWnSBRYJFTUN-X5GCSGTOZ1wSX6aN2vSX87M-kyWRFm8sHx7br4VJ9IYpaMBmCrJy9--Da5Kcu3GrdGzrv_zO3i8BRMf3_pzR35zdd3AaAI_thCqknx47zlCecmYX8DIS0--PP75LzKqXbODZmKBpduIWgXaSYF2WICFPZjsSj-Nk-NbT51RwQ-tvh8m1p4fJuHX51kZdVIJHFnjlE5PebYzHUjbcQUP6tNuQ3iMOo5EakpFbz__LwAA__-bmwuJfQQAAA==","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:26.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1SSsW8cRRTGZx2LAgoUiOiQrkgRBD7P3u6tfaQIOMbBYGzjGLlIw-zM7Hnw3s6ys3t7vsqKJeTy6CJBsf7OjhWILPgDENGZzhISm8pFrAQqOiSQJTp0Z0sWr3jvrX5bfN_35qvd7JQ4yNjJ8ie6q8KQTdartHJjTUVC56ayuFqxaZXerKypyHNvVjrDlrTftR23St-q3JF8Q0_WqE2pTe3KnEpkoDuTIwoVP27Y1QaturWqXXfRSf7_bTILhlkQ7VPyGpQoX_0juAfFB4haP8xKs5Hq-J0PWlnIUp2gLQ4-izYinUdoXa5BYiGIDi7-hjYlIQ_GoKODCwfQ7b2hA_iqJGNvPIMfHVzIhN_eP1fqh5ARfPEK8vYAMhxAsQG43oYSvxGACywuIWo9XNRJzjbPKRvSkoyf_Q2Vl2T82TVErcOZUHUqd3WYpUpHBp2ggOoMoJoDxNkR0q4FlR-Bp_ehxK9k8mwBUWtvyYQaSpxcdzybSde1Jzxar024fuBNNOxATri28CXjrk3rdBSRCgZg5goyYyFTFrLAQhZbaImTikunXW4zxwsagk9Rl7mukD5tTNcoZQ0-hYwPtfeQxj3wsAeebCFOtrChekiyJzDrBYwYg0lLYn26hbYokEuC3BDkjCBXBHlKkLeLfRGamikeitBkvn0xaxfTKfo6be6yfZ02ZUTAkh4SUeyp-EuzDZ5e6XcDI_p62JifFn3mi2I3PiVXh9FaDw4PsCFPKoEfTHHqSs9r2DWPu5QKz2tw35NerT7leDCqgDJjYMZCV5Xko3-fIlYleensPnx2BBMegasxsOxNsLwAWy_QjR6xZiZZNZIphC4Qp-NIN63d8JS83l9ZnXkyOu_ns9ch-fF75MWdw2vdF-BJgTgp8IX6haAZ7vRXdE72VnRuyI9LcapaqsuGp7-bslSOf_ex3Mx1IuZnTe_R-3wIhuvjVWnSBRYJFTUN-X5GCSGTOZ1wSX6aN2vSX87M-kyWRFm8sHx7br4VJ9IYpaMBmCrJy9--Da5Kcu3GrdGzrv_zO3i8BRMf3_pzR35zdd3AaAI_thCqknx47zlCecmYX8DIS0--PP75LzKqXbODZmKBpduIWgXaSYF2WICFPZjsSj-Nk-NbT51RwQ-tvh8m1p4fJuHX51kZdVIJHFnjlE5PebYzHUjbcQUP6tNuQ3iMOo5EakpFbz__LwAA__-bmwuJfQQAAA== HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26783399=1; slecfbf7c04e669126c400d669cb6e625736=[6308900]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:26 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+f0449aab849e08d154cfa269a115bcb1=6308900; expires=Thu, 04 Dec 2025 14:06:26 GMT; path=/; secure; SameSite=None\niprc_l:6308900=1; expires=Thu, 04 Dec 2025 14:06:26 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c9454f2dfece66baac71e59a9a945d6c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oh.ballettjoypops.com/sRRbMD46X1demQJ/131343","fqdn":"oh.ballettjoypops.com","domain":"ballettjoypops.com","tld":"com"},"ip":{"addr":"188.42.241.221","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:22.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oh.ballettjoypops.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 16:04:35 GMT","end":"Sun, 08 Feb 2026 16:04:34 GMT"},"fingerprint":{"sha1":"6E:2D:13:CC:4D:05:26:49:44:B0:F1:1D:35:1A:99:8A:7C:8F:BD:17","sha256":"09:15:1F:4D:D2:D5:7F:AD:EF:1D:DA:88:2D:45:E5:72:C9:07:08:D7:F3:CD:83:77:0D:63:28:00:7C:BC:DE:51"}}},"request":{"raw":"GET /sRRbMD46X1demQJ/131343 HTTP/1.1\r\nHost: oh.ballettjoypops.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 03 Dec 2025 14:06:23 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 5\r\nvary: Origin\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, GYFR29QT4J80VDR0ZHSJ, X-Forwarded-For, X-Requested-With, Cache-Control, Pragma, Expires, Credentials\r\naccess-control-allow-methods: GET, HEAD, POST, PUT, OPTIONS\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nset-cookie: GGI10=GxcBAMTXn0vZ5emOqPLiOX4M/Qe07q4HxR/eVtFXVkBBUNRJMk1bINm5mJeviZWrnil/Ef8PtgjdCkZsG7FleI5h+x4ITbWAcTyxaxke3js1gQHCHB0My1UJaScZF+1k+Hd+7dR7gOQ4Zgrsx0Zs+QFdl7kB25YRerFH6GQp62HsXtptGe+XzQgIc6USHHYw+poDp5hk3ZfXG/xSRAl1MdIxAaqAbf8rUV21gx2CrNmU/L4w8BdSS/1JWhPv+v8D; max-age=3600000; path=/; secure; SameSite=None\nGUI42=G1EDAGRzTeWjR7p6Qu3mU4YH9Pm/d8f/s18Bwh2ttYAWSICBJJLv1p7hISgwsLmvbx6l1gny/4B8HjAzIAA9j+CKoejWQE7Q1BwPyagP3EDzrQkKAFxCMsFpubg+UtqnIlX8zN9T+7IO1X2MMktWiYNbyuVNiRJnf7wfUIbm+H7AEgzQyUwzPGiPsMTAVKsDJfFwD4xfforJPYXioCIf2lWxUYhhKoQ7HRcZYY50oYzyqxv9qsGaDbWD1wCyt75hKpW3uB8gHqUhyEoTSk1RxkUr1lwWVmkJtMRDLDKRhK6JKZeSpVJNYZhr9NBIY1zkqp1pIcXRmpOuXZbnZmrK1GQprh3FhAWw37LLQmbTCH66VE33X9bD3yqgSeP7AeXr1OsuO6qcJayqp9VMtT1A/4JTwT1AkJZzjPhTkAfWGyG/j8JzziRG0P/cNw==; max-age=3600000; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"f7a2939527fd9e68723da600e96d76bd","sha1":"a9e717b6364d2895ee0a716050db32ca0ef1bb42","sha256":"d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a","sha512":"e6956ec633c76eb3ebc408528f950b81373238cd1d5b9fff5ddd97089ea14a1ff5934f23769bac5d93cc4cdb6a1fbc4ce69baebfb940a55d8a7a89caccaf92b5","ssdeep":"","tlshash":"ec300000003000000000000000000000000c0000000000000000000000000c00000000","first_seen":"2023-03-07T01:14:39Z","last_seen":"2026-06-06T23:38:50.102523Z","times_seen":14980,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":81,"dns":44,"connect":17,"send":0,"wait":19,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"oh.ballettjoypops.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"oh.ballettjoypops.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"statementbrainless.com/2f4725932e9319e9f9550229b2819c13/invoke.js","fqdn":"statementbrainless.com","domain":"statementbrainless.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"statementbrainless.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 18:57:04 GMT","end":"Thu, 26 Feb 2026 18:57:03 GMT"},"fingerprint":{"sha1":"44:02:35:E6:2F:04:B5:3B:F7:3D:AB:32:DB:F1:F5:37:70:1D:E2:14","sha256":"BC:20:C1:66:F5:6C:CF:54:16:DC:90:9B:F0:DD:43:7C:76:78:34:45:3C:BF:64:73:D7:C9:66:88:63:2D:78:B2"}}},"request":{"raw":"GET /2f4725932e9319e9f9550229b2819c13/invoke.js HTTP/1.1\r\nHost: statementbrainless.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18311\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: statementbrainless.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 18a4664d2dbda3efcfcc0ddf62f60782\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":46615,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46615), with no line terminators","md5":"d8af8e70603e1c2253ac743b0d539034","sha1":"c9120d9006a0f772fead4a84f0a02f2a7ab0985a","sha256":"c08f9ba7d6448af64fb89772026c900952c11766ea84190e2277063e4612a127","sha512":"725fa975a6f62f2ed110d7fe3581d1f8703492f7acbf3ae545efd5ea887a00c668453056628c9916f1bdb627c6f8bac1e2303f25df6bb260df57e3ccccc97d1c","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qbyXy:CkurY7JfhAl9b5","tlshash":"ab23d8887f90f75457967073723f800bb0156d60668cd8acd1a7d8e87eacb29f5327a8","first_seen":"2025-12-03T14:06:51.387445Z","last_seen":"2025-12-03T14:06:51.387445Z","times_seen":1,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"statementbrainless.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/2/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/2/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:25 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 16:16:14 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TEiqjgYgWNXNYMMJXdD1gRcwnkb%2Flpxy91eSIUwEPMni00yhnQX1d24lHhSp%2FizMNeVJrVukKf%2FdwdJOd1iDSnSO6GrVD%2Fb%2BbGx9rb6k\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"67f54bce-20dc\"\r\ncontent-encoding: br\r\ncf-ray: 9a839fdfba0ab51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8412,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"066cc70a926c6ed2bd892cb5b2ef2127","sha1":"6ba3eb39830a2ef9e522cf28d779d25359a12587","sha256":"3a81ae28e6ed4c4b72715adf753ffb80cea10bccdb8aa81053fbcfa7d935a560","sha512":"d63b0c210b2b76569b7b79df20c58b3571fff409090fe40b1e7ffeeb219fe3991cfc82bf0889c30a29b18dff878910d4c3480dad8a85fb9cb10180124309f5ba","ssdeep":"96:KyLqrYLHwX1O/D3cYmeDjlwjeqFczLCDsnvuRQs01GKyBspfkxzUXe2lJK9zbdro:dLF4crcYmeV+VHJmQxdCnV8oDeQToS","tlshash":"ee02310809fad521d01da13e203e3265f7244a53ac5abed8bb8451055fded6fb9b903f","first_seen":"2025-07-06T07:29:12.196612Z","last_seen":"2026-06-01T04:11:07.377995Z","times_seen":1390,"resource_available":false,"data":null}},"time_used":507,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":507,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.198.241.35","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://aguea.net\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"a5f1a0d8451a5dea4fdc952e9532bd83","sha1":"da7175888ac5f71e79b22186c14bbba7eba45e28","sha256":"ab02d9d33ea62c67cb043a033ee60a3e888973a8f11122c518e72b6a1a7cd306","sha512":"a1dccd4e9d6d1d7438de4f62e18c37a064308e8f79acaea55dfd38f9ee3169caea1c371873a0c34b356f86203d93c653d46a0a422d799bb5758d9ab074f23990","ssdeep":"","tlshash":"4f90040150311544f511dd404444c45d0d5f74c3c014004c541d54417d103510c05477","first_seen":"2025-12-03T14:06:51.390466Z","last_seen":"2025-12-03T14:06:51.390466Z","times_seen":1,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:24 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ea7c769cb3dee34705dee66b1ac0c4c5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-06-07T01:43:01.133971Z","times_seen":18245,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/impr.gif?sid=H4sIAAAAAAAC_1RTz4scxRev3oRcvvAVjXjxMogHFXe2qrr6R5mDuImR6JqEJJKDp_rVk3J7utqu7unNnkIikoswR4-9bzZZokH0oDchzHoyIGRymkMWwT8hsOBNZjOw-g7vfV593uHzis_7eqc5QCE0Yn75U7dt81ysRX3ce-u6LbRrfe_itR7BfXymd90WMTvT21qkavQeCVkfv937yKhNt0YxwZhg0jtvK5O5rbUjFmz5kJM-x31G-yRisFX9t_dNAF4EoEcH6BWwevbSX9nnYNUUiuGP54zfrF357ofDJhe1q2Ck9z4rNgvXFjA8hlkVQFbsLafB-RlC366AK_aWG4Ab7S42AGlnaOW1ZyCLvaVMkKN7L5TKHEwBUv8P2tEUTL4PVkxBuTtg9RMEoDRcvATF8P5FV7Xi5gtWLNgZOnn4HGw7QyefvQrF8If13G71rrq8qa0rPGxlHditKdjBFMpmH-rtAGy7D6q-DVb_gdYON6AY7l7yuQOr52-GMRGGMbIa44iuMpnFq5xkZpURLY1QjOAIH32RzaYg_AlofACNDaDJAmjKAIZ63mM4ZYqIMM64VglmgjFtJOYpxVhwlUCjFtrHUJdjUPkYVHULyuoWbNoxVM0j8DfmvxBuooxJjGkkaIyZ5oJnmmVEUZWFjJKUK5XKlGqRmlBEOCTSRGEkTRzSSEY8CVOpWEy1ZjEmJhKExDwjVCVhbBJGiUjSlJIkySItKeE6iQROEiIihUWchCxOTMZZlnIec7KYTbnKaCoIDxOhI0YpNSEmIkpSEqcJwTIW4HUAvkYw0h20BkHrEbQCQWsRtDWCdtTd07mnvruvc99Isqx0WcNu4urBjrjn6oEpEIhqDJXudm35pb8Dqj4x2c68nrhFErLuJkLqbqc8QC8v3BDs_PwNbJp5j2YsoREPqeEh4YZnPIowpVzSlHBFQvC2A-tXQPgAtu0Mffz3UyjtDJ06vA1S7IPP90HZFRDN6yDaCYtTEDcgxrBdPBCDxoh-YWrQroOyPgn1zWAnP0CnJ1eurT86suXGV2fAqMdoGaCqDsqqgy_sbwgG-d3JFdei3Suu9einS2Vth3ZbLCx7tRa1OfXdJ-Zm6yp94ZwfP_hALYgFfHjN-HpDFNoWA4--X7dam-q8q5RBv17w14283Pgb601VNOXG5bPnLwzLynhvXTEFYZ-Y30HZGfr_89NHx_jO_TdAlbfAl8cqvUMgSwS5RZCb43chO_D_6uUx3vF3YVAFIOo7UAw7GFUdjPIORD4G35yY1GX1-P2n4VGAzIOJzCu0K_Nqwdt5LwsNVRinSUzCNDMkZFplUcq4jgUOQwO1n1l89s9_AgAA__85gHeyKgUAAA==","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:33:26 GMT","end":"Sat, 24 Jan 2026 22:33:25 GMT"},"fingerprint":{"sha1":"74:B9:DE:52:5E:A4:22:C1:3F:4E:90:E5:53:C1:13:27:E5:47:BB:D2","sha256":"0D:C6:A2:6A:15:63:9B:67:CF:55:A8:E1:E3:EC:AF:D3:57:2E:38:F3:44:79:B9:FC:61:8A:CD:64:82:05:64:6F"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTz4scxRev3oRcvvAVjXjxMogHFXe2qrr6R5mDuImR6JqEJJKDp_rVk3J7utqu7unNnkIikoswR4-9bzZZokH0oDchzHoyIGRymkMWwT8hsOBNZjOw-g7vfV593uHzis_7eqc5QCE0Yn75U7dt81ysRX3ce-u6LbRrfe_itR7BfXymd90WMTvT21qkavQeCVkfv937yKhNt0YxwZhg0jtvK5O5rbUjFmz5kJM-x31G-yRisFX9t_dNAF4EoEcH6BWwevbSX9nnYNUUiuGP54zfrF357ofDJhe1q2Ck9z4rNgvXFjA8hlkVQFbsLafB-RlC366AK_aWG4Ab7S42AGlnaOW1ZyCLvaVMkKN7L5TKHEwBUv8P2tEUTL4PVkxBuTtg9RMEoDRcvATF8P5FV7Xi5gtWLNgZOnn4HGw7QyefvQrF8If13G71rrq8qa0rPGxlHditKdjBFMpmH-rtAGy7D6q-DVb_gdYON6AY7l7yuQOr52-GMRGGMbIa44iuMpnFq5xkZpURLY1QjOAIH32RzaYg_AlofACNDaDJAmjKAIZ63mM4ZYqIMM64VglmgjFtJOYpxVhwlUCjFtrHUJdjUPkYVHULyuoWbNoxVM0j8DfmvxBuooxJjGkkaIyZ5oJnmmVEUZWFjJKUK5XKlGqRmlBEOCTSRGEkTRzSSEY8CVOpWEy1ZjEmJhKExDwjVCVhbBJGiUjSlJIkySItKeE6iQROEiIihUWchCxOTMZZlnIec7KYTbnKaCoIDxOhI0YpNSEmIkpSEqcJwTIW4HUAvkYw0h20BkHrEbQCQWsRtDWCdtTd07mnvruvc99Isqx0WcNu4urBjrjn6oEpEIhqDJXudm35pb8Dqj4x2c68nrhFErLuJkLqbqc8QC8v3BDs_PwNbJp5j2YsoREPqeEh4YZnPIowpVzSlHBFQvC2A-tXQPgAtu0Mffz3UyjtDJ06vA1S7IPP90HZFRDN6yDaCYtTEDcgxrBdPBCDxoh-YWrQroOyPgn1zWAnP0CnJ1eurT86suXGV2fAqMdoGaCqDsqqgy_sbwgG-d3JFdei3Suu9einS2Vth3ZbLCx7tRa1OfXdJ-Zm6yp94ZwfP_hALYgFfHjN-HpDFNoWA4--X7dam-q8q5RBv17w14283Pgb601VNOXG5bPnLwzLynhvXTEFYZ-Y30HZGfr_89NHx_jO_TdAlbfAl8cqvUMgSwS5RZCb43chO_D_6uUx3vF3YVAFIOo7UAw7GFUdjPIORD4G35yY1GX1-P2n4VGAzIOJzCu0K_Nqwdt5LwsNVRinSUzCNDMkZFplUcq4jgUOQwO1n1l89s9_AgAA__85gHeyKgUAAA== HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzM3NDk4OSwiayI6IjJmNDcyNTkzMmU5MzE5ZTlmOTU1MDIyOWIyODE5YzEzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTEzNjE5LCJwaWQiOjQ1NjMyMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJpeHI4NTE4djkiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hZ3VlYS5uZXQvIiwidHoiOjEsImFyIjpbXX19.-12uHAnf0Jyq9kC42gl0UqFLYnauqpb_pTA6uF61t9U; uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; pdhtkv=true; uncs=1; pdhtkv27=true; uncs27=1; u_pl27374989=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:24 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6ca8085961b5286132e09d1d70ba554c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=361ae441-6052-4bf6-91fe-41dbeac41050\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=86be1b57d34beb8211a61a0fb677dce0\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=14","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=361ae441-6052-4bf6-91fe-41dbeac41050\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=86be1b57d34beb8211a61a0fb677dce0\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=14 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:24 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e9c7df6326610eedc6cf73d0b9552c82\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":839,"timings":{"blocked":372,"dns":1,"connect":183,"send":0,"wait":95,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=361ae441-6052-4bf6-91fe-41dbeac41050\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=fbf7c04e669126c400d669cb6e625736\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=14","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=361ae441-6052-4bf6-91fe-41dbeac41050\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=fbf7c04e669126c400d669cb6e625736\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=14 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:24 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4170a4e907b6d7d9b626f462daf017a0\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":862,"timings":{"blocked":383,"dns":1,"connect":186,"send":0,"wait":95,"receive":0,"ssl":195},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F2%2Findex.html\u0026l=1331\u0026fd=145","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F2%2Findex.html\u0026l=1331\u0026fd=145 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26783399=1; slecfbf7c04e669126c400d669cb6e625736=[6308900]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:25 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:26.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 02 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 02 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 67430\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-06-07T01:11:31.50919Z","times_seen":871742,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":140,"dns":0,"connect":24,"send":0,"wait":23,"receive":12,"ssl":111},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/watch.141354653595.js?key=2f4725932e9319e9f9550229b2819c13\u0026kw=%5B%22aguea%22%2C%22twitter%22%2C%22web%22%2C%22viewer%22%5D\u0026refer=https%3A%2F%2Faguea.net%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1\u0026shu=19e5f4b0025a2604d9a9fd4f1c2cf342189cc8b82da8e3a5031be535be6325b59738bc462dd4601e5a1169f12c736e7421a7882177f5db219d75a0771a5c0a673467ef94f899691788289cf28a1937ad54222e301a578168710b6a\u0026pst=1764770844\u0026rmtc=t","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:33:26 GMT","end":"Sat, 24 Jan 2026 22:33:25 GMT"},"fingerprint":{"sha1":"74:B9:DE:52:5E:A4:22:C1:3F:4E:90:E5:53:C1:13:27:E5:47:BB:D2","sha256":"0D:C6:A2:6A:15:63:9B:67:CF:55:A8:E1:E3:EC:AF:D3:57:2E:38:F3:44:79:B9:FC:61:8A:CD:64:82:05:64:6F"}}},"request":{"raw":"GET /watch.141354653595.js?key=2f4725932e9319e9f9550229b2819c13\u0026kw=%5B%22aguea%22%2C%22twitter%22%2C%22web%22%2C%22viewer%22%5D\u0026refer=https%3A%2F%2Faguea.net%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1\u0026shu=19e5f4b0025a2604d9a9fd4f1c2cf342189cc8b82da8e3a5031be535be6325b59738bc462dd4601e5a1169f12c736e7421a7882177f5db219d75a0771a5c0a673467ef94f899691788289cf28a1937ad54222e301a578168710b6a\u0026pst=1764770844\u0026rmtc=t HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nReferer: https://aguea.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzM3NDk4OSwiayI6IjJmNDcyNTkzMmU5MzE5ZTlmOTU1MDIyOWIyODE5YzEzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTEzNjE5LCJwaWQiOjQ1NjMyMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJpeHI4NTE4djkiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hZ3VlYS5uZXQvIiwidHoiOjEsImFyIjpbXX19.-12uHAnf0Jyq9kC42gl0UqFLYnauqpb_pTA6uF61t9U\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:24 GMT\r\nContent-Type: text/html\r\nContent-Length: 3563\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://aguea.net\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; expires=Wed, 10 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Thu, 04 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Thu, 04 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\npdhtkv27=true; expires=Thu, 04 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\nuncs27=1; expires=Thu, 04 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\nu_pl27374989=1; expires=Thu, 04 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 7\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: eb54d1b998d255f58d7e994f02c32b8c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5238,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (2825), with CRLF, LF line terminators","md5":"afdb69bce2a6d2695e6566c049c878de","sha1":"49639ca8466d55af13d3d989d61d04fff869cbe7","sha256":"3ebd997b78504caa26cb241fc0a48ae66db3003c5220354d8e86179f77141662","sha512":"055025b75ffbf546601e330e2c376c1f7a51488a909703216e142aba26b9d67b2d8d1ff8fa6b665b138ec595370473ebfcc92076032aace71e610514ea85e1da","ssdeep":"96:sA9jG9ELozDYryh/MQZYJus8Iz9ZPyi3iN1wDOCfMEDaH:19jG9xzMymwYJus8IzrPyN4OCkCaH","tlshash":"87b14af90dd668783d6768fe62bd26493d50a00b9908ca8330ccc61b4b607305ae9edc","first_seen":"2025-12-03T14:06:51.39481Z","last_seen":"2025-12-03T14:06:51.39481Z","times_seen":1,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":103,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/apple-touch-icon.png","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1; cf_clearance=5HY_8tmkDFWGXQjvqgMsxn39ynSxe7d_coLsFIopYoo-1764770783-1.2.1.1-d3Alq_oBdZgLIbKYNCfYoNO_9lFM9NRJxyt3MmWaNUST0Ed8f1as2VJTNHMFHWXt1P6QhrfQTulmnKdTDX9EaVgBKg_5p4iSPA8EPaZjKFfLY.IcUut8vjHrJIYOwSd9mk0gWDYb70U1_DdYdte__LsT6iY70NvnRonAbSE.Q_ob3TpP6nhAchpERXyRN2a7FSDpxe8ap5BgnFDLeDJJhKi5ZPM2YiuwyWwLLCQXI6w; pp_main_86be1b57d34beb8211a61a0fb677dce0=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 14:06:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 09 May 2025 17:39:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"681e3db7-3544\"\r\nexpires: Thu, 01 Jan 2026 23:53:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 51186\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yt0kQKANMe9twtyAb57ksWr4Rf0qejJnx%2BJcskZpZDtOO%2B7B0v6Jg5YiMBeZXpNfOEthzGWtEML4sC6d69dOsk3bk8fvqxI%3D\"}]}\r\ncf-ray: 9a839fd9bc83712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13636,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"21c7db8f4bf65026821a4d5210f6485b","sha1":"ab6591e54b0af16773689dfbda744d9e2b7b6b11","sha256":"bcb07f36d44c1863848d6f1385ea8535529035c505678c42a5e9892dd4f19d54","sha512":"f40acdcb8a748989b9fba6693bfdd8008fb59d21b88afd1c8c91022cdee41cb25af862bb4aaca64fcc7365f8b160e320ddbeb4211de369ea89919c36a5e24693","ssdeep":"384:N1neFLgYpEgxGTnsxZGbU8iSJ38QMB3opMOpQ61k:feF0pgxUnsxUUisQtpMOp/k","tlshash":"ce52bf79c8fda27e1d50a5ef6c183400987c7456f86037cabb592605e23c06ba6a287a","first_seen":"2025-09-01T10:46:10.319412Z","last_seen":"2025-12-03T14:06:51.396885Z","times_seen":11,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\ndate: Wed, 03 Dec 2025 14:06:23 GMT\r\npriority: u=3,i=?0\r\ncf-ray: 9a839fd5dc28712e-OSL\r\nlocation: /cdn-cgi/challenge-platform/h/b/scripts/jsd/13c98df4ef2d/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\ncontent-length: 0\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=805wYuoFkpKEoFdbkaZq%2BRjUzcMtpt05FWjWoMVggOxZ%2FzoZaYONiwk1xW9KFLdc%2FC%2BZQ5MzxxxvjhmJN0TA0F3hmM%2B5Fl5T2XBkDt6YeEUwdMdx4%2Fc%2FoDz5UE4%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri, cfL4;desc=\"?proto=QUIC\u0026rtt=1053\u0026min_rtt=0\u0026rtt_var=669\u0026sent=81\u0026recv=31\u0026lost=0\u0026retrans=0\u0026sent_bytes=73610\u0026recv_bytes=3483\u0026delivery_rate=19040686\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=0\u0026ss_exit_bw=0\u0026ss_exit_reason=0\u0026cwnd=24178\u0026unsent_bytes=0\u0026cid=18050f1b1addb9e5\u0026ts=1007\u0026inflight_dur=41\u0026x=55\"\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10162,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/sbar.json?key=fbf7c04e669126c400d669cb6e625736\u0026uuid=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /sbar.json?key=fbf7c04e669126c400d669cb6e625736\u0026uuid=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:24 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4242\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://aguea.net\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; expires=Wed, 10 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Thu, 04 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Thu, 04 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Thu, 04 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Thu, 04 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\nu_pl26783399=1; expires=Thu, 04 Dec 2025 14:06:24 GMT; path=/; secure; SameSite=None\nslecfbf7c04e669126c400d669cb6e625736=[6308900]; expires=Wed, 03 Dec 2025 14:06:29 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 225\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 22544ec7ec3c405b47a8012983d30471\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5842,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"c78b88cec39ad94b81b8850b8eabb2cb","sha1":"b28e1d626be7e714cd327ca33af0934cf0cafbd6","sha256":"9239bb59fb1a196733ccdbfbeedc7ee2bad52b2f0187c756dce5e9c1137c271f","sha512":"187850c6d0134e4da506d435f8d13bb1ca64cee61b0a2724915438a10ace14a73e644df214864e03669363a687a33dc5dd3420adf3d1d094954dcc97d6600f1e","ssdeep":"96:9zmbci2dHv3r6vcSUlI4bp/YXhEjj2t5aWR8WFdENIuPOQ4W+5:9zmcigr6vc/lTh6Kmdxukp5","tlshash":"a6c15dbd418972558e8ec9854f1b9c76054278df9482f90c8877e76e93bf1264e6c0b8","first_seen":"2025-12-03T14:06:51.397756Z","last_seen":"2025-12-03T14:06:51.397756Z","times_seen":1,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":319,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/2/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/2/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:25 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 16:16:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"67f54bc9-1610\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JRarDWq5E8mUw8X6hId%2B%2F9RTdIdN%2Bu155Y4QhNR7ZbquyseAA4Pf2GyDJjUQSPvvOSytP9BJbPYwnXUVwbUszXRe%2Bs78macK8tdpefUf\"}]}\r\ncf-ray: 9a839fdea90eb51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5648,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"1622d5dbd3ee323f1f251cb3de7b1f03","sha1":"bf821b06f4b67fc40dbd4398e00be1e12b566d41","sha256":"58789b7eb6e198a1a16151797ce4b1218e36c8708a9cd8a1808cdc40b21b1bb8","sha512":"4e0dfd40e4363c28d49965b28566cb98bd98b3de021cc4ebd60f15f7ff4bb2238d8534f3c98d162a5c2c54c24e15a3fd3db60e04ddef648d8a0752f3d69ca2d3","ssdeep":"96:5zlzMUmZ1CfICcfXgCfViOtAYiY5mnM0pfionq4OHBCHLmOCp0PkuCo1CCJ0xFCL:fMFInadiOyXnM0M0srv4Dv","tlshash":"e0c12fa617650204750bd8563e126f17a7688043ef0fd9b86ed2240c8fca6ce96e378f","first_seen":"2025-07-06T07:29:12.192872Z","last_seen":"2026-06-01T04:11:07.371204Z","times_seen":1124,"resource_available":false,"data":null}},"time_used":542,"timings":{"blocked":25,"dns":4,"connect":1,"send":0,"wait":488,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F2%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=508","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F2%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=508 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26783399=1; slecfbf7c04e669126c400d669cb6e625736=[6308900]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:25 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbs?c=1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:26.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26783399=1; slecfbf7c04e669126c400d669cb6e625736=[6308900]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:26 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T14:06:22.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cJ60CrnPfR68JJZzDrSyRZcinKpsMaxVWX6N5sz2t7DWtRuUk5dkf1l5%2Bmk0axvph%2FiQcH9tczmgOLb1xNrTNTiQAu87AWSa2Q%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a839fcf19260731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6663,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (928), with CRLF line terminators","md5":"57c3a2ac4dd2512da89a354ed2545c35","sha1":"3070f0c3bdcc9eff793c8b3249f40de1b852e6ea","sha256":"fc898facf88b87cce19214691f817a5741681c8f5b724de8e08500b8fe2b40ab","sha512":"a86b2365949b2a84f787a6c7eaeef31dde36e2a874ca5c9048a3967ab542cfa0c1ce7872a62daf7e700a45b0a8c6934bbc377571c0faef4ddb7f43c1e939ff6f","ssdeep":"96:oS7libGK6YTwDx8cIdr4vl8cIdr4G+RhbASz+H9TRPgsnx/IH:v7lNK9TeCcIRumcIRT+USCHNR4snx/q","tlshash":"82d1b6329c82c81552725159e261f60cfa32c107db068ca071ec95b7eff2ee04ce7d56","first_seen":"2025-12-03T14:06:51.400301Z","last_seen":"2025-12-03T14:06:51.400301Z","times_seen":1,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":19,"dns":10,"connect":1,"send":0,"wait":90,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net//fonts/fontello.woff2?21002321","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:22.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"GET //fonts/fontello.woff2?21002321 HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aguea.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 14:06:22 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 4772\r\nlast-modified: Fri, 09 May 2025 17:40:58 GMT\r\npriority: u=3,i=?0\r\netag: \"681e3e2a-12a4\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 463\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KHN%2BoOq2liAfu14x5g3UlQ%2BT2f33m6HibZfrBDUShQb0GYhq3NCkuvlCS%2BkRV5vpbNgRnT5682i6iC4lwwzvwQpl%2Fo15WGY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9a839fd15bdf712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4772,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 4772, version 1.0","md5":"c7c6d67a9322dcab85f7214751ad977a","sha1":"7d90727a9d50c80ca327daad9355eac60d908f07","sha256":"554419ffc747f420efc1cbd2ac6bd9c31253fce1f04c0890111e3592645ac57b","sha512":"f57a36fefa3b9396c0353515a2034e298986686632e7d9c5c7d3e3ba6ea9b6351916abf854455acc2738a072b52dde2b7564e6144762c6ef6e2fa850fbb24903","ssdeep":"96:yvyF/sFNOg1qJOtCqlhsUjb4ZvYyiINO7L4Al6A2fA/2jG6RNI5pspwO:yvV71qiCqXsUjbovsI2L4Qk4uG+NupMp","tlshash":"faa18e827c7fb6b7e7b600fe0b79f4d8ae46308c4a0b019895e1866e93f0260465d133","first_seen":"2023-06-13T08:47:53Z","last_seen":"2026-01-08T16:17:29.414817Z","times_seen":36,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.198.241.35","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://aguea.net\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=361ae441-6052-4bf6-91fe-41dbeac41050:3:1; expires=Sat, 01 Dec 2035 14:06:23 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"a5f1a0d8451a5dea4fdc952e9532bd83","sha1":"da7175888ac5f71e79b22186c14bbba7eba45e28","sha256":"ab02d9d33ea62c67cb043a033ee60a3e888973a8f11122c518e72b6a1a7cd306","sha512":"a1dccd4e9d6d1d7438de4f62e18c37a064308e8f79acaea55dfd38f9ee3169caea1c371873a0c34b356f86203d93c653d46a0a422d799bb5758d9ab074f23990","ssdeep":"","tlshash":"4f90040150311544f511dd404444c45d0d5f74c3c014004c541d54417d103510c05477","first_seen":"2025-12-03T14:06:51.390466Z","last_seen":"2025-12-03T14:06:51.390466Z","times_seen":1,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":113,"dns":10,"connect":20,"send":0,"wait":21,"receive":0,"ssl":87},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:14:37 GMT","end":"Wed, 28 Jan 2026 01:14:36 GMT"},"fingerprint":{"sha1":"5A:67:AA:88:D5:BE:C4:00:42:86:CC:4E:FC:E7:73:FE:CB:85:71:60","sha256":"F5:6C:A4:39:AC:04:F6:11:7E:DB:94:93:4C:93:FC:EC:A2:B4:4E:A4:FE:19:8E:22:C0:D8:D4:84:67:37:70:C0"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a0fafd82552fea1a39359e349f9f4a26\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":77,"dns":0,"connect":17,"send":0,"wait":18,"receive":1,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/notifications/utility/default/robot/2/index.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 15:30:46 GMT","end":"Tue, 06 Jan 2026 16:29:13 GMT"},"fingerprint":{"sha1":"CE:BB:4F:68:2C:89:90:90:9F:0D:E4:DC:37:55:B5:DC:41:49:D6:F9","sha256":"52:3F:5E:43:C5:77:DF:EF:E5:AE:11:CA:C1:74:9E:6B:A8:63:B6:7A:C9:7F:8F:58:EF:05:C6:35:2F:C7:D2:9B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/2/index.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:24 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 16:16:07 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sFTng%2BPC9TbZIcm0WoEXbtibsmFGX0g%2BOEAu2jDmlldra7jlMqaSHM5%2FVxwDjbinL5sxVZp1m2rdnSBCii%2BxwXISJNqau8R1LfPM5zE%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a839fdd7e49569f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1331,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"6d925fca1f3623368e2c47f8ac18ea89","sha1":"3dc674f220a7ad1fa502fdd4bf353f836ece2c75","sha256":"34c0988a0d6428e37eab062e19df5661d32e9f8d11704ba50f78cdc430299712","sha512":"380f03a62b612643a9e5c252357c2bba326dd657460a03a292ad1a01e888d9390a5fc107f3cde290e3a011a1608f2253e0496703b1d474e4bf098dfa94802aca","ssdeep":"","tlshash":"7f214b4e3dadd57215c391563b702f6aa88ad6cfd90b9440b3fc4d508bd6b81cd43207","first_seen":"2025-07-06T07:29:12.190766Z","last_seen":"2026-06-01T04:11:07.411772Z","times_seen":1168,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":18,"dns":5,"connect":1,"send":0,"wait":120,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/2/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/2/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:25 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 16:16:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"67f54bc9-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w6mwOtsONISslUDLIOcUYKgRzPnbzEGWtpNfrK4457ot244wWrOTMtSiYk2WUDXLVhuc1w8Gmsmm8xxi0M85ZLDFltooJXXmenrWATSB\"}]}\r\ncf-ray: 9a839fdea910b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-06-06T22:46:29.650268Z","times_seen":5701,"resource_available":false,"data":null}},"time_used":526,"timings":{"blocked":29,"dns":3,"connect":1,"send":0,"wait":468,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"86:F4:DF:07:D6:8D:EF:68:44:7A:73:C8:39:14:1A:2F:98:5E:A2:40","sha256":"A0:B7:4F:94:25:40:33:52:BC:F7:0A:E1:AD:30:BD:19:C3:E9:BB:25:0B:05:26:7C:F8:BB:F0:59:3B:E7:F2:8D"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 03 Dec 2025 14:06:25 GMT\r\ndate: Wed, 03 Dec 2025 14:06:25 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1f04e9e49d52374a409de4887e47180d","sha1":"8fee2f920567a574448d1aa6565c95951b68f9b5","sha256":"10cf0680b9dc5b310d265479bcebc5b380474bf2e8da9361cf8be458d183994e","sha512":"5fde8f721343e9c6254229e791ed64d6b47f28fad7690f7c83fa8c29e3112d0974f65ae0c63f09acd3e026dcb56c4de3fe0ffe37c464eb326b0495aa6c03b31c","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/9:pCJmwBUiRDfMTcfFBhiEymdmtC0BQiVb","tlshash":"df7210a1041750009b834ce223cebf35fe1f52117152d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:20:32.486705Z","last_seen":"2026-05-28T13:25:58.724835Z","times_seen":6027,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":127,"dns":0,"connect":27,"send":0,"wait":45,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=894\u0026rd=894\u0026fd=514\u0026bv=25.12.2106\u0026tmpl=70","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=894\u0026rd=894\u0026fd=514\u0026bv=25.12.2106\u0026tmpl=70 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:23 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":803,"timings":{"blocked":355,"dns":46,"connect":94,"send":0,"wait":96,"receive":0,"ssl":208},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/2/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/2/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 7005\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 16:16:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67f54bcb-1b5d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 1064175\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Cc%2BzVbBpHeeqlaWODfGcQib%2FVirkpoUysI4BGt4%2BPo36ICHGqhRCN4Srpz%2FRkRa3Am76Jpkie%2Bj8ZR%2Blx%2F6qrhdLzO%2BVwy%2BEWf73KX6a\"}]}\r\ncf-ray: 9a839fdf298fb51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7005,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"5127599f81c439cb0cf21166da26e991","sha1":"a750620e45c25855fb32ede5f1adb69ad28c1eeb","sha256":"9402058e0a31e79cd70001ebb397de51144d6e638a482f33bcee9a94dc20a6ff","sha512":"4e01869e43212009dc3811b4fc2303c39ab9aa123ce034ff4df220539a1e65784835b6cb0873cea4f6de027a7dcf1dd440ac0631e6b9c9db9085804473e3a0a8","ssdeep":"192:FkknNHG5WNN4kVyitdix/Inm2I6BRvBevoIPkucZ:9nNmoN4kVyiswm2I6BFBpuI","tlshash":"dee17d19dda17e1005d57f8a2fef815243638390c2856282dced8c5237e40f1ec6e4cb","first_seen":"2025-07-04T18:28:09.283921Z","last_seen":"2026-06-06T14:28:51.956447Z","times_seen":3229,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:26.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 02 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 02 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 67430\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-06-07T01:11:31.50919Z","times_seen":871742,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":96,"dns":1,"connect":20,"send":0,"wait":23,"receive":27,"ssl":71},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/css/style.css?v=19","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:22.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"GET /css/style.css?v=19 HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 14:06:22 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 11 Nov 2025 08:11:28 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: \"6912efb0-8605\"\r\nexpires: Wed, 03 Dec 2025 14:42:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 41060\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tscOjSAjBHl6Kx1PQ6P%2BY2kLsK0Kvhw6ocyk%2BxqjcADno49Di8uqoW%2BjZQuVk3O4Z3KVMJ%2FrT8I%2Ftol%2BedGkP3%2FEdJQ6P%2BY%3D\"}]}\r\ncf-ray: 9a839fd15bdd712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34309,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"f43b3c26f707d2173865befabee036ea","sha1":"46239d79cadec60a9084c95b54f48815f2c14389","sha256":"b9f7e27fe069a3e6adb127b939f1bb00ac610962df1615b13606492f1e05ce19","sha512":"0b3e99ed1f3f69ee09a484e8f5f6007c06ed49d869eeaa12bcd3e328382ff9334c6007ba0c31f189c32264707730f09ef70e2c875e9bade157e06216d2b55cbd","ssdeep":"768:X3R8gF2B6/oFBdiUucd2FnFO8NyFglFSNwpFhfFJXG9FhvlhcZDpFurNnF1CfUXW:Xh8gcBrLdiUtcV48NyEASpbfq9PvzcZx","tlshash":"54f276938bb112a4b437a2183a976b8873565003d50fceb87ed4610cdfcd5d975e2bca","first_seen":"2025-11-25T00:40:53.102936Z","last_seen":"2026-02-14T22:04:42.61825Z","times_seen":12,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/css/fontello.css?v=2","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:22.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"GET /css/fontello.css?v=2 HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 14:06:22 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 09 May 2025 17:40:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: \"681e3e28-7ee\"\r\nexpires: Wed, 03 Dec 2025 14:42:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 41060\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dy3zTi9fYKzOoP2Vysb1sJ0Sn424ubGq4zYRjTqtArbDdyhNSdioTy6PoqsQO%2BizewxWJef9O5ZQx4Lmqunc5j5h7Pw8a6E%3D\"}]}\r\ncf-ray: 9a839fd15bde712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2030,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"6fe4fa457949c72606b1a9b695cdca89","sha1":"df0b414bd03cfc6be6f233edc05904e67ea2ba22","sha256":"39ae9bed4da120bcf6694a11d90071b9de97599a02fbc2753c7a8504ba3c54b9","sha512":"6f457aa483a0cf83eff9ddc8af41e74293d3138e57a771e9856c1765cb22061929375c9affb840ace41fdec8656ce80d4ab830a12e017f2d7668f63f8e5ccee4","ssdeep":"","tlshash":"3a415bf28988109107d696463bcbb6649f0cf1196982cd83f14b5a9cdffa25483f63dd","first_seen":"2025-07-26T19:36:31.946552Z","last_seen":"2025-12-05T22:28:10.008517Z","times_seen":15,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/logo.png","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:22.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 14:06:22 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 09 May 2025 17:39:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: \"681e3db7-bfea\"\r\nexpires: Fri, 19 Dec 2025 00:19:35 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 1259207\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yfZmiYqEByQQXAJGMJpEAkg%2B2srQ99XyTZupSZJ4nvh6P2nSVcHNIYvmVLmMFpH3mmZA%2BJoQLSFiVo2NtRqpRl6X%2BgrCkfo%3D\"}]}\r\ncf-ray: 9a839fd15be0712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":49130,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"831d5a8f163bc7344ec385be01f50cf0","sha1":"33a352556853a67d2c5d5374fac4aa2e698db5a2","sha256":"43260b1ba4a6d3ad579b138788b1c8124c7a99433c87a9b0add56e9bbf81dfd1","sha512":"e42ae3fd3bdb2e10cd084933faa921ce67113dfb533f6b3bbf13072e02e9ee31f79d8ddbf912292313c3590ed1c432a8b500c0ad8b3e04fa92bafe964eb3c31e","ssdeep":"768:pEg5Qu3u1ypFyHHEPT9GHdPXCjIFfrz09W/mTvrkMyDLcgKZ9tF:poD1MFy8T9Yd6WP0wArbUcfZ9tF","tlshash":"6a23e104dd5885214656e0919be74a20ef12ceb459bab29030bfed8fe823f71ad4bcc5","first_seen":"2025-07-26T19:36:31.855293Z","last_seen":"2025-12-05T22:28:10.02545Z","times_seen":15,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:23 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 1ec64ffdbfbb4e4840784238056ce537\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-06-07T01:43:01.133971Z","times_seen":18245,"resource_available":true,"data":null}},"time_used":166,"timings":{"blocked":62,"dns":1,"connect":17,"send":0,"wait":21,"receive":18,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/favicon-16x16.png","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.274Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"GET /favicon-16x16.png HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1; cf_clearance=5HY_8tmkDFWGXQjvqgMsxn39ynSxe7d_coLsFIopYoo-1764770783-1.2.1.1-d3Alq_oBdZgLIbKYNCfYoNO_9lFM9NRJxyt3MmWaNUST0Ed8f1as2VJTNHMFHWXt1P6QhrfQTulmnKdTDX9EaVgBKg_5p4iSPA8EPaZjKFfLY.IcUut8vjHrJIYOwSd9mk0gWDYb70U1_DdYdte__LsT6iY70NvnRonAbSE.Q_ob3TpP6nhAchpERXyRN2a7FSDpxe8ap5BgnFDLeDJJhKi5ZPM2YiuwyWwLLCQXI6w; pp_main_86be1b57d34beb8211a61a0fb677dce0=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 14:06:24 GMT\r\ncontent-type: image/png\r\ncontent-length: 608\r\nlast-modified: Fri, 09 May 2025 17:39:03 GMT\r\npriority: u=6,i=?0\r\netag: \"681e3db7-260\"\r\nexpires: Sat, 13 Dec 2025 07:24:57 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 1752086\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yB%2FGyZPshQbLFmOJiBcryB5a3zUVc1sZBZto5fnYvl6trZRlpT1tZMHH64vMAI3qG2G0NXJZ9kgISvpg6%2F3N8xzCvc1ar5M%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9a839fd9bc84712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":608,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"994e6528e3dec09c6195e07e4c49a70d","sha1":"484fbccb880578ca39b987f04711e1f69b0c00c3","sha256":"e058dd2d81cff54eae43d3a462f7057a0f13f40beb2b062dc7628b4fe123a6ed","sha512":"ca559e33e8a449b7d21f14af85fcdf2282e3ce561627d2b923cfd44215ed476b3b6c3f7e1a29f48a286bbd82d8a5aefe0e6b09a7da55f3537539cac1363732e0","ssdeep":"","tlshash":"80f0b755c64bd42c2f5c2655e6b0f0005e0572cc054ae5cf3e0fa2bde20612e0f31047","first_seen":"2025-07-26T19:36:31.875155Z","last_seen":"2026-05-11T00:16:12.013226Z","times_seen":18,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/39/f5/24/39f524c427ff2e1233925be1ad9eae1a/1708593117.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:24.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/39/f5/24/39f524c427ff2e1233925be1ad9eae1a/1708593117.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:24 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 35466\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 22 Feb 2024 09:12:06 GMT\r\netag: \"65d70fe6-8a8a\"\r\nexpires: Fri, 05 Dec 2025 14:06:24 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35466,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 468x60, components 3","md5":"acc99775e2456ac87de2033f1c69cda0","sha1":"b0f2628f87dc04be70656f57d1fab953b8f67702","sha256":"6fd218922630db31d39b26ee964c8e8aadd72111789cc4e12cea1b1065a9954e","sha512":"efcc35a20c6fdc6ad0791492fe607c5d307f488972e72471ed850d09830f8dca5a432ec23b723806818408e4e5443db2de5d4fef65b8f61db653a7bdb2967d99","ssdeep":"768:2QQnHP0fyJS8q8WPe+Oqk08uaCd1YuRl7KA4rfwWZi+10bS26K:2QQv0fyJS8FQ8mZ/Y5ASZi+eD","tlshash":"f3f2e0ed541dd43a072e468d890c846033802ba633f3ee9065f46cedd4d7d9fbaab961","first_seen":"2024-05-28T18:49:21Z","last_seen":"2026-05-23T03:34:25.254918Z","times_seen":32,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":113,"dns":32,"connect":19,"send":0,"wait":22,"receive":28,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/2/img/banner.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/2/img/banner.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 29534\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 16:16:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67f54bcb-735e\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 1243576\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wbrZNLWKAoaNuRcaB9UzelnBl1Y%2BqhNzwCh32NWuxmxor8%2FVMluNOITXLxtm%2BQ1yQZ2axgkbA%2BWFW9%2B9pX4AgswXJT5i5yXqrDYoROUn\"}]}\r\ncf-ray: 9a839fdf2991b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29534,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 400, 8-bit colormap, non-interlaced","md5":"563e092f6677dac51659d62dccd159bf","sha1":"d04ac2cbce54e7c4849bbe28ecef94b464f3246e","sha256":"9d9611a42fcdbfd80c5d0774a743891691d0a09ce3c9830ceab54e920dbb64e1","sha512":"c2e1135a6b532df9332a2cc53477df0f3a2e69be2b45ab5ced0d764b977b6bc4b1362775957b96c5ae7862c73dbcbfb07f115074f3b554ea1ec8ff3afe2f1dc8","ssdeep":"768:ftP+gBsKWXjW1Mg3j/xQkRSP8d2iOF4aI:12gBsnXiH3tkUoo","tlshash":"a1d2e1512e22c71b09c92debbe15d8f6f8617da7f835692d201db2ac906639fc2501dc","first_seen":"2025-07-06T07:29:12.195371Z","last_seen":"2026-06-01T04:11:07.377064Z","times_seen":1150,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/2/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:25.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/2/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:25 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 08 Apr 2025 16:16:14 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OcqSOoUBME%2Fzxv%2FJo1KpShglCwhDbQ30w6Bh3UbyHTA7OOSGnIYmDNz7DQqurHAhgGspDx%2BzkmNbFuzt2gQXLKNe2k23ld7GEZTp8QuW\"}]}\r\nage: 1252410\r\ncf-cache-status: HIT\r\netag: W/\"67f54bce-149a0\"\r\ncontent-encoding: br\r\ncf-ray: 9a839fdf2992b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators","md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-06-07T00:57:18.112941Z","times_seen":12043,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ce5528fee74e374c42d94133842c25eb\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":802,"timings":{"blocked":352,"dns":47,"connect":92,"send":0,"wait":96,"receive":0,"ssl":213},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/fb/f7/c0/fbf7c04e669126c400d669cb6e625736.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /fb/f7/c0/fbf7c04e669126c400d669cb6e625736.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 31461\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: be03d65faa1e843c867a2390016e4924\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81896,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"59a2100b831609aa9e42b2a4361cae90","sha1":"a5d340cd79ed5a23780e989661094e23333d2451","sha256":"5b5e840674c23cd25fea46cdee84ca5a9e5965cd5f2228832aa7d2936e7e3b8f","sha512":"05138655554112f0139edb46d59c174f54a09867017c67cbb1c95fde888ad0b13cc9e70c09e2d205fc29db43a32e58a793ba15869665dedf3030d34d1782e3d6","ssdeep":"1536:h3Zs5j4xaqmOxsHZ0ob3meMv6Iqyi1+9Hef:h3Acx//xsHofv6zOM","tlshash":"d983c88d7f99f1ac03527072722fa21ef0290d126098d1a4e253f5fdaf78729e976b14","first_seen":"2025-12-03T14:06:51.413765Z","last_seen":"2025-12-03T14:06:51.413765Z","times_seen":1,"resource_available":true,"data":null}},"time_used":877,"timings":{"blocked":341,"dns":43,"connect":94,"send":0,"wait":101,"receive":92,"ssl":204},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/fonts/fontello.woff2?21002321","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"GET /fonts/fontello.woff2?21002321 HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/css/fontello.css?v=2\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 14:06:23 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 4772\r\nlast-modified: Fri, 09 May 2025 17:40:58 GMT\r\npriority: u=4,i=?0\r\netag: \"681e3e2a-12a4\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 462\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5mtLJ7mymg05SoMozvFmNy%2BTtSreVinlYYYrINl9R5xj6TSRaT20Iq3J7InrTCpaTEoJ%2FSV3tXbE47wLIz0pWapHMCEGZig%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9a839fd4bbfc712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4772,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 4772, version 1.0","md5":"c7c6d67a9322dcab85f7214751ad977a","sha1":"7d90727a9d50c80ca327daad9355eac60d908f07","sha256":"554419ffc747f420efc1cbd2ac6bd9c31253fce1f04c0890111e3592645ac57b","sha512":"f57a36fefa3b9396c0353515a2034e298986686632e7d9c5c7d3e3ba6ea9b6351916abf854455acc2738a072b52dde2b7564e6144762c6ef6e2fa850fbb24903","ssdeep":"96:yvyF/sFNOg1qJOtCqlhsUjb4ZvYyiINO7L4Al6A2fA/2jG6RNI5pspwO:yvV71qiCqXsUjbovsI2L4Qk4uG+NupMp","tlshash":"faa18e827c7fb6b7e7b600fe0b79f4d8ae46308c4a0b019895e1866e93f0260465d133","first_seen":"2023-06-13T08:47:53Z","last_seen":"2026-01-08T16:17:29.414817Z","times_seen":36,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:33:26 GMT","end":"Sat, 24 Jan 2026 22:33:25 GMT"},"fingerprint":{"sha1":"74:B9:DE:52:5E:A4:22:C1:3F:4E:90:E5:53:C1:13:27:E5:47:BB:D2","sha256":"0D:C6:A2:6A:15:63:9B:67:CF:55:A8:E1:E3:EC:AF:D3:57:2E:38:F3:44:79:B9:FC:61:8A:CD:64:82:05:64:6F"}}},"request":{"raw":"GET /97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:24 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: fe8c00fa393699d591d13f7f2029341c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":936,"timings":{"blocked":420,"dns":30,"connect":186,"send":0,"wait":100,"receive":0,"ssl":197},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/watch.141354653595.js?key=2f4725932e9319e9f9550229b2819c13\u0026kw=%5B%22aguea%22%2C%22twitter%22%2C%22web%22%2C%22viewer%22%5D\u0026refer=https%3A%2F%2Faguea.net%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:33:26 GMT","end":"Sat, 24 Jan 2026 22:33:25 GMT"},"fingerprint":{"sha1":"74:B9:DE:52:5E:A4:22:C1:3F:4E:90:E5:53:C1:13:27:E5:47:BB:D2","sha256":"0D:C6:A2:6A:15:63:9B:67:CF:55:A8:E1:E3:EC:AF:D3:57:2E:38:F3:44:79:B9:FC:61:8A:CD:64:82:05:64:6F"}}},"request":{"raw":"GET /watch.141354653595.js?key=2f4725932e9319e9f9550229b2819c13\u0026kw=%5B%22aguea%22%2C%22twitter%22%2C%22web%22%2C%22viewer%22%5D\u0026refer=https%3A%2F%2Faguea.net%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Wed, 03 Dec 2025 14:06:24 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://aguea.net\r\naccess-control-allow-credentials: true\r\nlocation: https://skinnycrawlinglax.com/watch.141354653595.js?key=2f4725932e9319e9f9550229b2819c13\u0026kw=%5B%22aguea%22%2C%22twitter%22%2C%22web%22%2C%22viewer%22%5D\u0026refer=https%3A%2F%2Faguea.net%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1\u0026shu=19e5f4b0025a2604d9a9fd4f1c2cf342189cc8b82da8e3a5031be535be6325b59738bc462dd4601e5a1169f12c736e7421a7882177f5db219d75a0771a5c0a673467ef94f899691788289cf28a1937ad54222e301a578168710b6a\u0026pst=1764770844\u0026rmtc=t\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzM3NDk4OSwiayI6IjJmNDcyNTkzMmU5MzE5ZTlmOTU1MDIyOWIyODE5YzEzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0OTEzNjE5LCJwaWQiOjQ1NjMyMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJpeHI4NTE4djkiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hZ3VlYS5uZXQvIiwidHoiOjEsImFyIjpbXX19.-12uHAnf0Jyq9kC42gl0UqFLYnauqpb_pTA6uF61t9U; expires=Wed, 03 Dec 2025 14:07:24 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e4a49b4a8b7d3a3224fddec0fa0046e5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5238,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":655,"timings":{"blocked":368,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/cdn-cgi/challenge-platform/h/b/jsd/oneshot/13c98df4ef2d/0.5080252881542632:1764769457:RAUteHOUIKrKONwpEO7IgVU8CNu_L_nLB9P2sWmJWJQ/9a839fcf19260731","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-12-03T14:06:23.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 03:42:54 GMT","end":"Fri, 30 Jan 2026 04:40:33 GMT"},"fingerprint":{"sha1":"69:B1:86:96:20:ED:AC:6C:96:5D:A6:2C:AD:3A:8A:6F:61:C6:6F:85","sha256":"65:66:58:01:C1:B3:64:37:02:F1:F5:44:71:83:52:FE:68:90:91:ED:FC:F1:C8:C7:35:64:A5:29:2C:1E:BD:95"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/jsd/oneshot/13c98df4ef2d/0.5080252881542632:1764769457:RAUteHOUIKrKONwpEO7IgVU8CNu_L_nLB9P2sWmJWJQ/9a839fcf19260731 HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12070\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=361ae441-6052-4bf6-91fe-41dbeac41050%3A3%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12070,"data":"g+jb9aUs9Jj9EQ$ULU5VpbazVT2VxPxllasU-XVH4zW4djVrHI0$4JUuVELjOc++VTKlVYVlzljUVDlUq$obKJ+BkibH4w+2TZu5QOAbqlVmU9y0b7wfVU0DMbIhZ9N2GUZMUAObaIVrueHV$fBxa+bWk8Uj06BKuzMVpytVU62ybudyw+bxVU4uCNLVy8sTVVyXVwF6aVVB1bVKQaMQVbVAutsaY7+yl2MVHCtJObIgUwGmR2MQVattd6jJV9aX$7jQfg5zuYdsMUPgb98U-jVju$eDDvxyMaC34iOG7dUiKm30biOGWGUyL3U5qyzcsWYo7MVaEhtUdbUUTMLlm3VUao5UfMB7-Mr-B9PDd-D643WzDbzU+pIUMV+falVUqhTe$HaHGux64bVc5pPyWYtX2zPajgdXMGYp2g5BK4YwpDOP3XMVENdK$EfywCRxTtVVyPIB0igeOauyBE0b+1YmE5q8bUc2CYzZZ7--VOmDD7UusGrQW1eKZxbcK6CaNJ68lVYRqVzyHPY+80HB0kU7t+8VF6M+X4baskylX9JgbVucjHgvIApu2p8E4j9VfvhH5E-Y0ARRvE-qrLIeyHI1UkaJlqB44ERLIqsAjtj3Ylj-O7Yh8utECP7umoeMsv0wfvl5d8-r5RGxxjWGHB7vFxGLxb2L7uGNR+7ZPE4WI22w$lyVUWRIH9hdUYTyEbuQV4Z85VyHDxAvE4VEdbh9EAcFxKwZEHlr2PaFpUvlYhQY9bObQV+gU6UFTlD9VLfsVVj5bsaJOcmVJQHwUtVcebDalTlITjeMwQ+ez2VcEwtTCHlPplwjHOEvbZUFe2wOHIaH9qvfNuFrVuHl0lQa4uxJVrgVbbTUUYQTXKe$0gEzYydayaagUx4lT2aKl$fGjFXUwHIu2ZpclpZgwJ9sasvbIUIUVlct2xEFlsp+u+7y+OtPzBVxQps9$I+5QHEF+QhO2OYs-5W$17z79bspKVjUe4kaIFZQ48pE1cHar$LT2tqHabwqVc1atla2vjHcJdqy$xYH0lmHfI0lqYCkxHVVwLyUx49Ia2HUhet+VE4wYVVJz04wljTRAocY+85fFdzgBL3Hr9MpPztlm7tQHdEpCBBURkDrmXB3W67CsElDT+BEjY2qbT$FbpsUTObTpqZVAOD2UHd0b5tazfmsD0wlVtl+2Lr+kTHQS$qxHfBVJTD1AHt8Rb4H$I6sH$jJSHyaw0eMgUabsml4Tj0F4V4tb7NjF2C$0$FYjFDmZ$LU1LU8r2OFlAzZY$ohIH-GUZvzjLzTIKV9Ec7HD9+TqrUFs+2fFV+mFE4LlQsCe0UFUJ09qQdwmVhODTjTb8DjdUYg93OsO2QV0asQV2ZKIXsa4qY+ierU2Nleec6ocMxTlAF4GFjdx4L7dPoM$cy-1rU62wwk+lb4wx-wEFGHocqF5Au8jCA8f3SAFDPJRVDYGFDGCrucDjILjIf8OLDN82QDJT70twqR2isTWubwuZpNgoMgD4aKhRiF1ab5GVlh09drS6Iit3RSW2Sq9dq2PN+Qj28rUfCvmjMspjhTv25VVJubUVS+y8NrIVzXbgVbTtQYBVW3FrKJ1h7Vlet$0lmIRorAshb9bHpwr9ljLUzwUH7MHAXUA4ryJTjVFl3jzhHyUS1bUxCryzoxjQMgxC4LtIeJ$WXMgUx6QbldjtE7NmTxjsN9jbk7DTbx0xtQwiQNb4OF9Ewjz289a5bVcRhDKsVTy$Ds9hJU5QpO0xVRPSNT6hY$HH$lxVOThdVY+NzFbiQYyaQVqrlwSza5yHHtM6tAVjUxTbgBggFr4Q4OVwCIdt23w+aFzVgNkQCMcVjjzdt49aVhcoeh3K9OTOYjdyPNQtaN2xRRO8xULV4xHZ6TqMNs9NUjd+jL403y80CFbjjTVKUF9cv0qzDULbZpIe0G04gXapdhX8gETzPmKjlj$ECC4VrVTrHaNN4B+-H2NgypQIlj7CqUV8xl0c$zLixxavgTZ4yl9HQV04oB+3bQjANYyVlzTrz2B1zXcE0qbl$XfIhZKlQEebLtAOIuVvbW7wagw5tHcdt2QN3OYytAGVV1Uf1NFJ1hyw+rb8yrFGMLi8gP+5du8QMVZvbCKPdhdCJ-O8J5b0hTA1xWImw3hS741sJIkGiNjfTw5eElw-KHT8VshwQvlNMCTtGshUV0aJ1aRC-V$5D75$+KMVYl190phcFcMqD5pFxQ4fr6d8CLtTf4hF5TAxYrrT7UcJPu-QuMKlYpR3Lpgb7yLN0WVgdMmtVFQW$gZNsa0f32jl-NwCtqCheEzlLy$hpgUDa3HlAZjUUF1a1dEzx9l-Yuro-C4q01$Ly-XdxHFTswKicKPOyA9IKlUtqMkCFAs0gsh2VEpKUldjH2QjyIP0g$gexOTxMPTp$TVYSfdVldHa9Jq1LzwHA6xJDdsEie6aB7eKaZghCWfDlljrOb3e-u3NAhbm0g$fmYa6szUxkA7CrQHgfamjKtUgCw0UgVNwF1G$gmRdUiUQriB7av7JDy+rdgb4pe831QrUjVjfAxJAqkU+P5Njehmcdfy8if3hhjcrjrPyVOd5Zq5EdUH7WffYJezp8TCF0hmHpvT5uqilytFXV+NXF4Ucd5jj5UF8$z+3JDxzVdUgchexI+ZHmC3XK0cwgcO7C11+pwj2xVsXMvM$s4G-8fAcQVJ6H95U0J$koy-albOoTrY2rXwjwySa7OOhJ+ME$NKbY4SsKVuptFhUtgEaBKxZ9smVgyBMf4eardFVHG7+QBtFyuDa1BXvsh2dcd+P8eT1pbxQChxF8eYaN2bRMx5JRWQ$iks9mPZZ6JRxvNjwj4AZCTBxYM08eTYJKH+OuegERTat9ICbdKQE1jEH1fcxm475r-yRRJ8-BVthF2hYUvb4gPaE9S7ZlAMLTrpxh-jdVsV26oyHr$589uttKgaxcfMxuokL$Y-60dZCjQ9Dj4ZtYD4HVQxh3r3hCqlwNx2uU8GQtuQScFX7255Jiz49bd+odEJxalvMVGwzaRiZ5Qwjb$J2p3EEEC-arggJsNIRuwVCBk4BtEfw-Qs6HTgRz5mzyWfjVWci$BZ4aPiPaAkR-7bcCYaQ1rFXl0WzcevAa9byuEODprKHaPIlwmSKr9QHuvY19X6e$+-jCfid-ubLQ-cMbXPbx2hB1TXN-7aVPiYpvSGHGfmy6T4ITh6FtNi6$wlVlD3VeARl5JaA6YJhq-rmqVb0X7OxUxlGtZsKhizEo$gvCGPj6pFvghwukZw8Ty9Y2A+Lh4urTSbFpv6L31sLxohvpuFrA$EyoouRyQQD5CuElpqb8xUyAcVhqgYNCUj0dy2Ua$p0bm$KphXMUfcusa8AVfe3BB9$Smo-r78vzTxU9-tsZwVbMD9St85xpTl64D0GFX3yvf42EtCwi8l9RgakvfR9UQhoXgEMmoDEEOVdV8$lUtTER9UxxZaoHVdNO5ii9FpFdoQoEgsVMpX+XvRi$VWzeNdyAGRGAxEjdy7LhwXMsqv5XLVvXMAFJiXPlJQ2V30SxKRhDbx8TOl-JWxQeElNENxUmJyGR3vGRky8lWpqHVylpbTERRwfiWdNEXTlV7V9VGhmEMEKQovSRz7qdEESDXlX0lyS0K02gplk$SeMYfdMJPi5XbcJhk$5DWx5gEdXiUdaRAjzDx9qmSs4Vg0aTrmSUEvdEljPEOJW$i08aiRlGgxtAzEOE6hvg2e8QEiOalgpXpEkR8TbEX91TfDeQJwmsl+Vk-EbDbWhRgvzg0JM+OhdO8$80WXNRIslO8ElyLEOUM2fi5iSjj9l1lKVrVyUdHH2loXQD+JjKOaMg6$EXPebE9AxaBQ7AF01TlRBwulhEhgxDimXi7miaMJWVCswHbAfVFuK$kgWYEdVieO8T5aV-HjQYEWlFj0tjOg+L5dPx5wXXIJZAd$Rm5J+2oO7gLdUHbyi0tjPsVkQs4Xq7pTVrE9VjzgFFz0FImEbNj6+tVkUVEQPVNEOHZEMyHV+ziQVE+WpsM+XDxwx7psVcke8sFRR0cD8xAsVfNHaXPid0EfNRm0EozOW$BEr+19zyBebdLXejSATUOj9$0Ir+bUtABpEI1RKYEHj5bDHwmTUvbEFetTUYU$vaMVdVjfAHEmTHOv0BfpNRRAFxu0Uvm$oxtlEPF4V-GgVPj-kXIgpXQT+oH+MDHibAiwVvRaBgA$FeAeVwyvbyUyFl17WvWx+IXguxe0EJYidiWvzTUgFObdKvEGyQ0CHupOKxFKGlEfrMoVjEldPR461DQOHKSRVYZjWeLpoHE9xw1pFQ1$EQl58UJE4LLabjDpWObQc2ZvNy4q+cc-mmSxNElxWsQjjT3ptl-s4YfYlA6ximb7bi9dFkNpFTWYsNNlMfzhMub3M3fdMffU6mXlE2XOlGcZN$zsVPGUl0sCrcp7SwVsF80GE$TQVdctRQH-iRl5H+agx7oEOvMt5d+ozD+dV08jciIwcfkx8hiYVqWXjfMy+1La$KAyBJ$uAYcqr78QVhkXQUCjbRITrDKhUHlqj5qAChCgc6bcXXF8IGfTKjDJ7$OlELtoEEli7l0qfwHujSRAyibddldsVLIBSmy0cdam$Gt2jeL$bLyab3qeLxcK43HmUAtQxuiwNvaMPhtfADtqdXAdPTc1+FaukjxXkJLlqwR9NTqlJQJm$MEL2dEpNv90E15YyR-v4+FSMZxevVvQEYvXVVxUW7JE6VjgFQjJroWEXaPwxXigVktvFXbyb1$kAsxVxSCwml5UVwgdbcevyktxeAbJed+rvjME9YVEWpDgtCKlkY+c2lF4GelITYEOBJPRlIlBzHg$HSdU-Y0ZsIHRbEl$9abwSD-ATgpHCzgDHQjjLmoihsVozEMmJVEmST+tbYqalOYJ7XqORYEP5YeyQQ5dEabdZHHfBlEEMiwlP9Vpjf-exsVWlyMmVJihiJr3rtlHpH4IMG$Bjryo0VbxAisFz0s5vgP3xG$SsylQ+ZP5LRXjhwTSj3MMCDp9TIqYeR-9Gm$bCTljCHClP-s-eTEsqsFFAek7VU8kQTjhCbKjpYrfxOj-IcMyNUauD7hRzsTBH4dmjX7dyIuH8xmvgmxHiUdVjCxebRxHAhgaRJl2PC8exBR9CCMNh+XA4bhfzEEg-hwRgHrLJ5LXQDGsq7a+d0d$P6FWumSw10cQVUQTT+Msa6iVKvEUlTjUjaTNIplfLCFhLqraHKLOYj0rIzmEMhaKyLjNF48YFqfjsGfEOHeAvjMEbjbc$Sia4ccrbTFIRJ7lYAFei94c9QQsstLrhqpVK0T6TZpJdxYmeXMKLzJ+O0eslo8bumySPi+BIL5jpylJPfPy9$Fduv01TOI408vX3x-V7yl+byRy8mP+iHVE69imVENmhPP4y+bm80ItUVE9BiWY5mfQWeycx$tEyIVPFTc+lhuhtppVLtMirl0aPRY5y6mySEFi7ALjJQVjDsIcXlkQMblfOAiJT0hCxQjjjK0Mg7+FarrtpyvjcPYkNRbdYmGgqk+aXmGlJt4qYG3GjJYE8PJ50-HdLNHSJ4JZWX3Uxpx3HpND6j2sCME$faPUiOYsEbvT69Y7XiVW+SdehCbqbYGT22qi0zfRpjpJcfPU8GQgWmEvQv+PPV6RH8WY+I+uYXMXMlEsKsqiWUYr8DlMheJdAlz4uERaVBExH8VWHfNOJ4ca+8AYE4E1BMzm0p2MDrV$LuImXU25bjL0TRkDE+od1EXdw-Q0EyqhhZV$+LwOY0s5Et+bcc3GGUr5RTfEMXMDTI4KP6TGT-TPfyusQmVvV9VRg$xLOa4t24tEcsyKmJAYi0C8TaMmJfAR4SaC$6AjLgYgpE606g2YYgVS4$8of4Ek4B2tb0M7VJbsui4Rm$+WRw+Ky3a+JSRsqOT7CljgluIQFIqsl1D7msltT22b$Ko7uAdg$uM58iW9YGI7bSbPbQLw$SPYVGJwV4EdCRVd3oTDYixIPdeYdCs3U5zh17mMeRsNATV+D4DBxgxllFq8kHctVKiyaWH3P5GdoTqX0fMsCFhWzDHkEJTAFI5jUL2u1gWYmPfCiHPobyLrb94BxMfuauTcq3phIZx5YWvXtividQb58FM4TIeyc+Ng9etqbiGfBMfE0308vUa8y8kYYMo9QKy87TUkFlHcEYzHLmd4RRbxXJyQAsV879KaMiT1ToN4qIq4CTK7xKUrfgPzmD+XdIVqN0fsf9JTgwkeEDe9exs5dJ$ZQUWJTeNANHSDSgTuYVdVCeFAFQVPJqMsam0BuH0WHozX6eMlPkuOip3kQ$jSRDcIHoLvTc0qsFxpogWvr290d0lrfW-I$FMx$MtkfobD+HugfU$C4CtF3kB4lDg6VWxAQkkh2eFQY$JFiV-7PKCUV0w1KAtWl4MalDuEOQr+FhXaB8uDgA6Jyx8husaDUraAyBVAxp7BU5Bbv926-6FDmTBo0t-8QLPWzRmFbjR9-yzTg4m0jylyxmEx8ZgTCIxDD+-8TiWsydahN5VR3S3IhlUFDe9yQYB+OOBFbdjHbE8SWDD6UzxaT-USdoPImATL-3pxq2oIY+cNhkQ0qobvmA6xtl7vz2VhXehhKXYKqVBb-rgqAv50gRM8Aic2xxgM-J91V$pH$6HtgJFRDWgDgVba9WIDD+YwjEwkVWzHrz0F+KuJ8fOT4z7JmOsNofzdNmoOMVSieygwIGzYwfVTPfLpV1Gio8B7osVqfWErhy82dAwfd5PzmbH9uxgHb9z8ocfxFBocwuKmLB0BqB6JP0LkXJ-rkYBeqX3$EXX0cOB1qKeCvm7$8xs8m8NtbXtb30GBfSZirpzBMjbpp+7r5fmSCE4BiJ557rEhULIf6Q6sC6BSOv9ZpOxkC1EbJWVe-cgA-4f3+ORj3vkae2NGSTfzm0vC8AhqSTf78$FJTV$5LbE$zEZqrjLoQ$P2KUtWHkxZKr8gVYA99VdzSUSQoHGBtHtb8ctLk0sqbhY28suUKcCRj6TESaYENxFt6Ky8htl021lRw5Kg2AH2vf-PVzlpKhDFGjh05Z167ZgHItmymdDNDZ775xvrOrhbZ9bKWRHqKk2DU68Frcu8uvesxWHPYUlvRhONArG5Ex71XwlhY1f+hqrQElxHtiZL5OLB1Kf2gdAXbqep08PJw4mI-rYP6ZP51rsGe$GJz5orVlkRgVdAwG4L+WuI4p-mEpKZojjyHmeCyWGop9ggpO$um-rorPOEujD7HRbdA7xehg9bEJZOK1FXKzxyy+2EermmZm4ubEXpgyyd2N28PEETPOOql6FeNVcZDqvkz3ZXdVvG$4s37SWOXtD-KwVQPvdqzfZyzb-6d7duYgd9dgueIWY98qbDBf$6TBjuXrkKR684jX8MPpefiOeNigiaV3w+5tME6EXy6M-l4fSvL8xGkSP$TzYME-9XP85bdYeIRfgdPmjtTNqIxDBMT+aR16WuKmkElQ9WHNiqRxsfzKBHbd3c80Ebljj9L49GG0m8EG2ESHvF-Ie7VVjgKfpUU6C$utqfd+F9qrl$Mq32xVgqmQllHVGCIaRVX6bcGV7WHCVWzgAaLxAUvj9-dAKL5x5GUYb9Hw+CZOParFl$bxJYaZUq8GVIbmrefBgUF9GVuFk1Vbu+OMmwGsV3lxjyBKlV5HxVVxmbRrV0UKw0lg$RtU8wEH3ZZFGoYMfMg4KGV5jMADMyPx6pgm2UPs02alOuC0wDjsVsUNeeFHszCbvzDx1l$qUqwFr6VsyXd2l9D7wHoV8ufe2cTNb6U9bb+HHTBUha201b83jfVsOD9uUPMsypZTBVIMrjtPxEUHyXCD9M2YQdaUbXm+mFby4l2jRQa2e3+42W8EJd+QxQeU42ASvykSWJetMbU28xEYoTgdmaIbxLDMTbUCHza4cLlFJdXPeVzaq4gww+C$zJQjw8CaVwCc-RJOf9W8c+e3rI78HjU3Y0rm0fMxNVz9f2DVhER6tIQdbiUsz7MEHyeUclXx4lqHF+XSUG+92wMBVpcpPVS2LVyPYtgsOtwhlysSUJ+$oaJeW98s-VFkFIdjPmswFSUUybKPHbi91IpMW7TIPNUXak2DlSbrHHJ6Z$WsVjG+vIpTKRmOU3rXQ2UR0bHcrMrlsUVZLUz6aJEYsJjmUl4KhzvjrMQH7s2dHWa-Cu8ECUtNa9RUjb43AFOVV9eIUHc6Hd$XHtQbhcFx5oT+hIypz7lcDtbx+v9HMeZ9F$eBXtgo9ybhc+wjDHVe4pPUbtpjFmwfHTw0zxb5jCFCerqVBTbIf2uVE-ZsQEOAl9wabq+0y2NTDVGwujWMvJgZQJKQVYN0r0+plaLM0brYdbD4yPf5Fkw-FzFA8Y+2b+VzgKJj0TdbMyolzTkxEHIb1UelrMJrD$wEpPalM6xwSTEUlHbKzas2KPVRUN0qTD9r3m6eLd$V89vFlwNb3JOAVJQ2K522rpjfqyAxBtaVkPv4e5lzQxbrzPVThUbH5HqKxC8EzcA$VOQ8M$zj+f$HhVs1fdEF+lBhO6K1QTzNPxMTFi4McmMUVzErjaHr$KQMEaz0MlpCLYBVggeFS0U2bdOQfxbezS0UMAGh89PjrMwc0Kt7QkQtVDLrMdAySe-AkZwzl00RZ3gpQGVSjkNxLjtN-9KVqMabYVQlNMUoKgEVzAqgoPE+BaJVO2id$vU5tYdK4k+HlalOY5yE$d809aD-Tq5imadBVxtOMOjrbVDCXN72p+NFNaosb3XwbZ5OxepV0a9Nd+NaqmJbciCOfac$k0e81wYbDfV41VuS9Tr7jEi9b945AEzN0dQqluaNuqP4UHCABENUvVu1Zla3ATYJd7xlVTKXIaVzSU$9SdYj4dT7xt$OOjfFzYjgbYaelVVUxllA+pN2wypM24wsTlTCg2x$vDsQ3m2bFalwvvSYyrHmXATEHtK3HmVkjjd$TlTeQUUlX6BhaZ6GVvsq6jIvMjy9qQXqaUEupVtxqW7Sjl6xX$j$$Vzg40x0rtaWtXbVNcfz04lTNwDea96sf4dyiUj5xY9pdQlkjQ0yQxVsfls-lSjzNzQGUrHMGJ+d$t2PXKTs1FWhU6ToQxb$fh674lKuJuRVXr1FCeYdQvQZUYhd0JiZsTNMEUFE1Ff$RrqLqEIL0GrH0vsVP9IVoPBdxEy$ahVe7HzGJdtm$H-2atAf1Fqt9bXaQoKmbLEf$Vd9ExKo2zyEWRd1TtwlPbmeELwXo$HtDobm4$MPyc9wu42NlzHiEAlYPtylSL5VVbO+OYMCQEwL01SVza5OWcawDlTlpxX+r$KiV1jMuXxp-T0U00ojEFpaV8a3jgb34zCYWN-Ud0HjIE5LOz9JVdZvEBUlodp$s++zuYbuYhlkqNulMpyNqmJTeyst1l3jP4vfCzalU$lhjBVXt9wTBTq5F+zlQj97$3+bV3jOcefHM9cGK-pmCrY5CP0guBPvsOseVpMHWAtv6mFHAj11gV2gmGaiHHtTwQ9qx9YshH1LiEaOtwPZFmlwkq6gvNUPyVeHhLwOpTbmf9mhE1lVq$5NvxFDUsKgVmQhyh5aG1ZxptRXHaJziMQbxhvglpubwp$CsSYjAY-MSgJUBtUiOWX+t1jxD2cbbXm4ZrHVTENVlL7NNpajaXxiHhD0It+QU5mGS0lLi5lWuesWsjIPLi5ev51f5xO$pD0ZrAq2EbGWbpskX$gqRPQVPMah0bQkqhll$Fsf3hYdkrtotEQI53RRp+2X5-GNcSI$30gNtUKEjaFC9Pt9r3PrGOcKBaGxb7E$Us2c4bmWg0NIlF35sfVQQUFyhPOfqFrmddefP9PqDvhgPQ9aJPN2YbAhd+tOMlVk-9mvIuSYkw983esQuz7UJO$Ar6GtQz8UkVMB35dK9m142VX-V+y25eL3q92EA$Vt+mqQ6xHVhi$M7lecx0tPLmwHet-+3j0$JFalOvu$tlQakHbgi$ZuJyFDVaCUEECH2St9QYtSLmbZ$RrMSzYspwmEkkuYy6YNtPBJOgvfNdpQSaTWQk$-bYpvQwj5cRSgIV$53VSH-wvSdIawy8wclvoqOHgqRlDcu4XwxiP9qfyTPXENdJgeMM$HJQ4sidlCtANaybC3x9dibfFP7GWxBxZww0c3bxMQGgxrVkrr0RxpkIqgHfhFrON0PiItCgdRzaQbrUUfiHifv4CThNaPNba1fhTrJRo5UGdVmdmAgH9qVxVrrJxdA$vN0fgNetULwLdHRXmfB2ct+wbUt7IwvsCVi02jVBhX5$qJa3GEiLhhK$3jXVYlYoy9qRpTF+atlOLj-GJyLFf4fVwECtdBgrQaVgRXruzMMGtQyr4YwcU27QIuV0yKyuzVLaA5pmysj5Y6WGEgjymls6QJ70SQTzdUV1VNm$TTNrpOU8aZPfwtTbzpdbUPfLeZXux-EG2ey8YYc1EeVsL7EH9N7$OVtlw5jky+8hNTLOIwTmFlwNRr9gNx1HNpPBqx+Zc7Zxm7PCCOq-$7RRVcCjeiyi72N0M55j-4CmYyyNaIVR40lBymEF36l-ufo$37vEHZhwUhm6jqLNcQNR0a9mHC+L0CCOrhPflDc8LeuY-7T59NEIKYmPBoqDPd70JWLwbOorcVl-JCcY74Oryw1o2xJbicpOgPm12VlIxgxud9NdCj-OC1YRVT90xCJGjJqBi0F97GPtGUgxZwRdf27P8-gsfzvhF5lvyq-7HxZDW$C7QCd7XsLUaq$h00CX7OPRDRhk9RB12N$3V2yYclCudKQvJfD0bFN715b+uy5QRhkWrCzPBB86DwlHXNe1Z-4WAZRhCir11Y7eIZzxTCiNDp6-jkv3wyCiNiPA-XIMaDHCWpqpY7laFMdC$GhbyU7by1stTBbRbAhxIaF9EbFjExC0Qb8BZwbf9REpmzHCkUxT1Mh-1Y7daKpBlB6d0y3Pk0L2ilkl-TVqQJiO9xV$MWcpHgYTKqgMcMLIy2EeTN2cR$GRapwQNEK-wjCh9dCmQ8mxKw8B0Rhlp-7TZ0Dr1F4D1-QGQTNw+Zc77pMgNt8ow8Ba0xMZ-CqPzx3117CAW-qqLzwLFN7CJ6-wq5zxL1r43y-gStKxaTf2y3yQgFxBemHOtRwyfg+xBdl8k-E1y8-LxKBRWrV4D1ig3xA9EQf80Ky-qzT+f7$1HWxJQNFHi5xTkbGZpXFjhKuOQBJhdJ+Z$hImR$Ca4fALgOCtmE$FAp2AUfi8Wpe4BP-jVtZxhksEcf97J1Z2yQHb9BYBUtU27glo1JgpZ7XjCQWLweHzTb-GVtVaxVAlKtH-QbLbxj8+d5qHdFl8+cjDdJ8BFecUX8TrDkBNjFVPUf3t6sMD7pZbSGgjVFLbir9+2oZgfuq6z$vBmr3VR7Fl$MelYBUTMs85rDryM9yecUjVVVDt3WtVZFFbEAiFVl2xlZLojElVJaAaAzajvahHpltjt82y4UVD1paHwW$dFjBFytZAjVVHyly$XJTYVuzElfL1b9hRfUqvNaV0pIp0YH9aV-bAlljEwTtrtjtv-Y+lV5ZMU8bIbEVpOlVVFUVXEVVdlc8rz8wQCACOjUjVKMpYuLhbOpy82PvSV0lQocGWs8DvHBzVDMaz-OVcv9EpulVT+cvHBr3VAfx9T8cvQ$xVj4VmUsbBvVB1OJBKYbIVkZ0j$VVLQvLB8cvDadM9wUxUiJ1vgB1aOlyWpHVH+DtR0V6ZYbleEV80WbyzbTC82rVVVhuBUDaCv7PNV9sc1Vd8rVPDFjgbOE2f8u0qDLFpCO-NYwjVeHx8YvauUS+rMM4P5kMdw942pr+3QOdMtuaIlZzsr97pCVz9y2Hou+HIyu$YERQdP4lbGbFOv05CiYPLV-pCHGziAhVubwqUWf463Z0fojX6eeHU-cVfMs-lFVlOfa-U7oXVl6iha2UiJMV9jmWAU9-V88BlrV$VXJHbUlbql0+l-7VhtFK1BmA4m2XxNtKZ+fMYQEs1Kuf9kyCHD3zyabalUlHcoBV0x0cjI2ebH9DCZPyVv-aIb82+rgWpcqQH-U8lVVEu14i+fMrLkWY99D-KvXZXL1il9CjUFVkZkjE8VFOrw-VVVkrVV"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 03 Dec 2025 14:06:23 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\npriority: u=3,i=?0\r\ncf-ray: 9a839fd72c35712e-OSL\r\ncf-chl-out-s: /0XLd8Oz1LV588KUMYNVqw==$1TgLyAAOupuYkGLNgE0nRw==\r\nset-cookie: cf_clearance=5HY_8tmkDFWGXQjvqgMsxn39ynSxe7d_coLsFIopYoo-1764770783-1.2.1.1-d3Alq_oBdZgLIbKYNCfYoNO_9lFM9NRJxyt3MmWaNUST0Ed8f1as2VJTNHMFHWXt1P6QhrfQTulmnKdTDX9EaVgBKg_5p4iSPA8EPaZjKFfLY.IcUut8vjHrJIYOwSd9mk0gWDYb70U1_DdYdte__LsT6iY70NvnRonAbSE.Q_ob3TpP6nhAchpERXyRN2a7FSDpxe8ap5BgnFDLeDJJhKi5ZPM2YiuwyWwLLCQXI6w; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=aguea.net; Expires=Thu, 03 Dec 2026 14:06:23 GMT\r\ncontent-length: 0\r\nserver: cloudflare\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=91KclNIxMAf6LS4mnL7QcTY8iTruXeZdFChPXEvdccM6p5wSVI8FTCNe7kZqe2YXE53kmo3AHhnGxQWKjW0VuYsdkePuX6I0TgF3xPltnxt47AqaBsBtNXEg%2Bno%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri, cfL4;desc=\"?proto=QUIC\u0026rtt=3313\u0026min_rtt=0\u0026rtt_var=4749\u0026sent=98\u0026recv=44\u0026lost=0\u0026retrans=0\u0026sent_bytes=80242\u0026recv_bytes=16784\u0026delivery_rate=19040686\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=0\u0026ss_exit_bw=0\u0026ss_exit_reason=0\u0026cwnd=24178\u0026unsent_bytes=0\u0026cid=18050f1b1addb9e5\u0026ts=1212\u0026inflight_dur=79\u0026x=55\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}