{"report_id":"447fd9a1-5e92-4ff9-afd0-7bebbb837bd4","version":6,"status":"done","tags":[],"date":"2025-09-26T01:17:49Z","url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"title":"404 - Page Not Found"},"submit":{"url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-31T01:17:49Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"ducksintroduce.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"ducksintroduce.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"thefacux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"thefacux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"luluvid.xyz","ip":{"addr":"104.21.35.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-03","domain_rank":0,"first_seen":"2025-08-09T16:04:45.147783Z","last_seen":"2025-09-12T15:52:45.512532Z","alert_count":3,"request_count":4,"received_data":131596,"sent_data":1706,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"ducksintroduce.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2023-06-18","domain_rank":0,"first_seen":"2023-06-18T10:08:43Z","last_seen":"2025-03-01T17:46:24.747555Z","alert_count":2,"request_count":1,"received_data":0,"sent_data":365,"comment":"","tags":null,"fingerprints":null},{"fqdn":"thefacux.com","ip":{"addr":"139.45.197.116","port":80,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-10-25","domain_rank":680157,"first_seen":"2022-10-25T18:26:07Z","last_seen":"2025-09-25T05:17:59.564459Z","alert_count":6,"request_count":3,"received_data":221300,"sent_data":1095,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"xadsmart.com","ip":{"addr":"104.153.197.251","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2020-04-18","domain_rank":39181,"first_seen":"2020-04-19T20:24:06Z","last_seen":"2025-09-22T02:54:55.124023Z","alert_count":0,"request_count":1,"received_data":285,"sent_data":524,"comment":"","tags":null,"fingerprints":null},{"fqdn":"lulustream.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-05-30","domain_rank":53849,"first_seen":"2021-01-28T23:47:14Z","last_seen":"2025-09-22T08:03:15.744173Z","alert_count":0,"request_count":1,"received_data":748,"sent_data":438,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"c.adsco.re","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2017-02-14","domain_rank":100769,"first_seen":"2017-11-29T18:42:15Z","last_seen":"2025-09-22T02:54:55.1185Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":394,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.xadsmart.com","ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2020-04-18","domain_rank":409261,"first_seen":"2020-04-18T18:24:57Z","last_seen":"2025-09-22T02:54:55.218661Z","alert_count":0,"request_count":1,"received_data":42463,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-09-21T22:11:31.071214Z","alert_count":0,"request_count":1,"received_data":422224,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"rshmauyblkmymau.xyz","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-09-26T01:17:50.065569Z","last_seen":"2025-09-26T01:17:50.065569Z","alert_count":0,"request_count":2,"received_data":0,"sent_data":832,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"javascriptURL","is_inline":false,"md5":"68934a3e9455fa72420237eb05902327","sha1":"7cb6efb98ba5972a9b5090dc2e517fe14d12cb04","sha256":"fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa","sha512":"719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d","ssdeep":"","tlshash":"aa3000000000000c000000000000000000000000000000000000000030000000000000","size":5,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-05-14T14:49:40.676768Z","times_seen":72813,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7cca5f9b5738b48211392dfa1be658a4","sha1":"5b9a825535d10c5d63971eb6b5b36307f378241c","sha256":"9a85b5cc5e3877fbbb55d80e8fdff0ca2e38d688f0bb81a2c4d20f6676071199","sha512":"9560e5a204674cbd8952f447c69c520befc16dcc8b9da5dfd8d29efc572a90cf2640e58aeb960b4712106eeb768e43e7fedb7168b433315d3146503c9d295c6c","ssdeep":"","tlshash":"8751f796714232648fea11a34f6f8889fe3f5ec0744f96e8a1c0b0a09d7dac4d143ed8","size":3069,"data":"","first_seen":"2024-08-19T19:36:10.630054Z","last_seen":"2026-02-02T19:14:39.240505Z","times_seen":32,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-ZBH92MV9JH","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ab06319899b1f022535437d4d37846ab","sha1":"60cb210aa447985030e583ce9f78178c313e9a27","sha256":"462ede71622c69509e214595d1ec743f90a1d8305cab6a8d7e495da63b40c6c6","sha512":"b1605bbf42fbd9cca596d127c6674d12c3dabeccc808dd2d243984a686ef12630721ccb717f72539bd65b7900b96503fb001d9dd9a8f79aca10d559acf3cbc94","ssdeep":"6144:PBEpmM2/RNpvYqkD1g1/9G1SvuVcH9+23WBj:56mLRYly/Lwr","tlshash":"439409ce73d674265396e478903f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","size":421620,"data":"","first_seen":"2025-09-26T01:17:55.250157Z","last_seen":"2025-09-26T01:17:55.250157Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"39e9966c2f5d52712e824ab3edbca45f","sha1":"ddb3468c2732449a17ed10930d1774ab8afef976","sha256":"cbe91b2cea9651985d6742ec237f2a0c6a5922d5522f0d2f98506d84e2b4a626","sha512":"c23b4b17875c851e5e6ebfddd0f7967890c93f29b047fb77f59a3fb60e0ddba5cb1ce200b3db69d2a6da2c45c6f7aa3da04a4431456eff2b2ab008c60cc8ac7e","ssdeep":"768:omQPrfnn5xQqLoYpWIDcPN7cwu6wvW7eiNWD4cDlWcL41UMt:Uj5lLoYZycwu6wQZhcDlWcLsUy","tlshash":"c7432f1c7c9260481952e3baa12b31d56a257200d86e4cf2b818d3d7de752df8da3fde","size":58930,"data":"","first_seen":"2024-08-19T19:36:10.630805Z","last_seen":"2026-01-27T17:30:52.308553Z","times_seen":26,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"86f3fba21507ebde291908c32806e03d","sha1":"8b5aca1c8e988e8b510595ca18150be9a6ab3f7a","sha256":"adbd2f5e67e7743fa0931ee7293eb3ac89eb1788e0c44f1dfb17920af9cedc39","sha512":"14dfee78f98d721f88060070a1ec2faec359f0533ebf0d620d91b2f19155e39647e5c9658207604209a2e61b979e228adb279d7ae065d65d065bf72b58167681","ssdeep":"","tlshash":"3ef02329b83010b0401b402af5bbcb1c7d73103115324980062da98a7db6e7fa460ae6","size":446,"data":"","first_seen":"2024-08-19T19:36:10.633053Z","last_seen":"2026-01-27T17:30:52.309891Z","times_seen":25,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d38461018a529f8e8287c5a039898573","sha1":"41684e56f0797069154601f14138c8b102e91665","sha256":"835e678884471c159564a4b3ee29daa6927febf8a49d11d28fee3927f0676947","sha512":"526ee3929dd28a2891fd3ab5656fa561fadd86e3379570158581047019a285a737bfbf8a14b83c79c223ba694ba96b87d65d499f3233bc74a625816aa1a86a19","ssdeep":"","tlshash":"eec08c88211b1c7051ab2e890b6fa208b00a3212b490a920391a63049f20f03e788814","size":165,"data":"","first_seen":"2024-08-19T19:36:10.637732Z","last_seen":"2026-04-28T09:23:48.49543Z","times_seen":26,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xadsmart.com/jquery.caret.min.js","fqdn":"www.xadsmart.com","domain":"xadsmart.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"782ce9ef5bdad4e1310f65681203505e","sha1":"26ad747ca342c29d98526d7b267366d0bf2539c3","sha256":"4c026c765a622c4f5ac04bbd2234526f4feffd69f119b682d77a2329afab1bca","sha512":"8ac9a6bce3343df668dd65751f7a2e55d66313b4402052a43effe065e507df5d18305a04f26542d934a0a8c79072325cffbbf878d42c58611a4111293b2c9ddc","ssdeep":"768:bt9rqAYKKSZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCtECntlqo7/:bbpZzFQ9JsTgZvfzmMzhYrTscp6Zd","tlshash":"20133aabb286282601e741ba503eb316b23305167812d458fcb9cdf96e3dd85117b7fc","size":41925,"data":"","first_seen":"2025-09-25T05:18:05.799219Z","last_seen":"2025-09-28T00:18:41.301407Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"thefacux.com/tag.min.js","fqdn":"thefacux.com","domain":"thefacux.com","tld":"com"},"ip":{"addr":"139.45.197.116","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"5796c902eca57d83912dae91c641d3bb","sha1":"2b37a6f66429088c23a72e0d0c5f5ea57856b8f9","sha256":"32daf1b243ddda963913d2568858320291b7665de870d44eedd180df19120496","sha512":"08dcb0fc836c9c0258cf5bc79e7802eb28cf6df6f7b86927ff73fbd31304cc7a7aebb2ff525e9cb60c37a598be98ff850da06720c97915c527d4e32d3a124a35","ssdeep":"1536:KORV5n7I9pN5MSHR8L6Ru5HjQdXog6wTEDtr0r0:KORVd4nQqvXoRGEhr0r0","tlshash":"60b30a9c625734711d7a9129785fc44daeeaef80048e89e4d0daac732653071d3bbfe8","size":109904,"data":"","first_seen":"2025-09-25T13:09:30.10894Z","last_seen":"2025-09-29T02:40:18.183898Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-14T14:58:26.673178Z","times_seen":218761,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-14T14:58:26.692352Z","times_seen":655691,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-26T01:17:23.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"luluvid.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 03 Aug 2025 10:45:01 GMT","end":"Sat, 01 Nov 2025 11:43:22 GMT"},"fingerprint":{"sha1":"DB:A2:0E:78:A0:5B:7C:D8:F0:7D:29:46:0B:78:AA:E2:51:F5:04:17","sha256":"01:7C:AF:F9:11:36:83:0B:B3:9D:D3:2A:12:90:E6:88:95:82:59:7A:F3:1B:8B:9C:97:26:78:07:35:7B:74:34"}}},"request":{"raw":"GET /hifmw1n6k3n6/ HTTP/1.1\r\nHost: luluvid.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Fri, 26 Sep 2025 01:17:24 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Wed, 28 Jun 2023 13:06:01 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q15kVUSMt85z%2BJoefE17aBAr%2B7KeXJey193EXi3WzPLPXkcIfFoFu4R3ejyCpfXoIVxeQkzDNqZ0ay6Z4XXuSaqaq5PenUYNJg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 984eebe1db25b512-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":64303,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (59459)","md5":"0f4d37217af88fd8e2556b8aa60f00e6","sha1":"948abf0d4376b7dadfddaa1b154ff30e12579afa","sha256":"56557ce1c652d51b1d073fbb75f5a57469e5d6c2b0671aeb2e733e840febe509","sha512":"89d087d699c79a936d53a839d0da2408b9af3cbf77eac8396a712c946f594ad6f5fff25a3f9c0466e5f599d4e5515989dbbc9da3929caba592e268431ab449ea","ssdeep":"768:3rrmQPrfnn5xQqLoYpWIDcPN7cwu6wvW7eiNWD4cDlWcL41UMK:3rxj5lLoYZycwu6wQZhcDlWcLsUB","tlshash":"b0534f1c7c9260581952e2bba12b31d57a257200d86e4cf2b818d393de752df8da3fde","first_seen":"2025-09-17T09:18:10.831889Z","last_seen":"2026-01-26T00:21:34.563085Z","times_seen":20,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":248,"dns":52,"connect":1,"send":0,"wait":51,"receive":0,"ssl":194},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-26T01:17:24.293Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /hifmw1n6k3n6/ HTTP/1.1\r\nHost: luluvid.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Fri, 26 Sep 2025 01:17:24 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Wed, 28 Jun 2023 13:06:01 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oR%2FCzIbdYYaaUHR9MIABf%2Bx3yViIAP65N73Jtp8ReS%2FddedEQOodO2NMvbmIWhGracAaruSBhMR3LGyIJNgILjuxeHcJyOGnB%2B7d\"}]}\r\ncf-cache-status: DYNAMIC\r\nContent-Encoding: gzip\r\nCF-RAY: 984eebe2ccfb35a6-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":64303,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (59459)","md5":"0f4d37217af88fd8e2556b8aa60f00e6","sha1":"948abf0d4376b7dadfddaa1b154ff30e12579afa","sha256":"56557ce1c652d51b1d073fbb75f5a57469e5d6c2b0671aeb2e733e840febe509","sha512":"89d087d699c79a936d53a839d0da2408b9af3cbf77eac8396a712c946f594ad6f5fff25a3f9c0466e5f599d4e5515989dbbc9da3929caba592e268431ab449ea","ssdeep":"768:3rrmQPrfnn5xQqLoYpWIDcPN7cwu6wvW7eiNWD4cDlWcL41UMK:3rxj5lLoYZycwu6wQZhcDlWcLsUB","tlshash":"b0534f1c7c9260581952e2bba12b31d57a257200d86e4cf2b818d393de752df8da3fde","first_seen":"2025-09-17T09:18:10.831889Z","last_seen":"2026-01-26T00:21:34.563085Z","times_seen":20,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":59,"receive":46,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ducksintroduce.com/41/91/13/4191137ead3c5a4fb3f9986533cad25f.js","fqdn":"ducksintroduce.com","domain":"ducksintroduce.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.456Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /41/91/13/4191137ead3c5a4fb3f9986533cad25f.js HTTP/1.1\r\nHost: ducksintroduce.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T14:59:10.506438Z","times_seen":15171651,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"ducksintroduce.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"ducksintroduce.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"luluvid.xyz/hifmw1n6k3n6/","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.602Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"HEAD /hifmw1n6k3n6/ HTTP/1.1\r\nHost: luluvid.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/hifmw1n6k3n6/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Fri, 26 Sep 2025 01:17:24 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uC3gC3kHWJicvaMtgOBB5Cjm9f89izwM7HJYHkA6scUkojt4%2FmTTxqJFxb4FX99AAMn4BsZ9uVi41RTGm5PZonB%2F42qEYDdrntTS\"}]}\r\nContent-Encoding: gzip\r\nCF-RAY: 984eebe4be6f35a6-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T14:59:10.506438Z","times_seen":15171651,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-26T01:17:24Z","timestamp":1758849444,"ip_dst":{"addr":"172.18.0.20","port":50098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2025-09-26T01:17:24.393692+0000\",\"flow_id\":778874764159726,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.21.35.199\",\"src_port\":80,\"dest_ip\":\"172.18.0.20\",\"dest_port\":50098,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"luluvid.xyz\",\"url\":\"/hifmw1n6k3n6/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":21300},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":21,\"bytes_toserver\":1737,\"bytes_toclient\":23350,\"start\":\"2025-09-26T01:17:24.289518+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"thefacux.com/5/6042705/?oo=1\u0026aab=1","fqdn":"thefacux.com","domain":"thefacux.com","tld":"com"},"ip":{"addr":"139.45.197.116","port":80,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.603Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /5/6042705/?oo=1\u0026aab=1 HTTP/1.1\r\nHost: thefacux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nOrigin: http://luluvid.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Fri, 26 Sep 2025 01:17:24 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://thefacux.com/5/6042705/?oo=1\u0026aab=1\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\nTiming-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T14:59:10.506438Z","times_seen":15171651,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":68,"dns":43,"connect":27,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"thefacux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"thefacux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xadsmart.com/jquery.caret.min.js","fqdn":"www.xadsmart.com","domain":"xadsmart.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1376341044.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Sep 2025 10:33:14 GMT","end":"Tue, 02 Dec 2025 10:33:13 GMT"},"fingerprint":{"sha1":"2A:A4:F3:05:02:21:B5:01:E1:EF:C2:39:62:3E:8F:D4:4C:81:34:63","sha256":"7A:84:47:6C:5E:86:BB:DD:00:0C:5B:B3:12:58:38:C1:97:AF:2E:0C:CC:94:AF:AB:16:D3:66:B9:26:DD:91:99"}}},"request":{"raw":"GET /jquery.caret.min.js HTTP/1.1\r\nHost: www.xadsmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://luluvid.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 26 Sep 2025 01:17:24 GMT\r\ncontent-type: application/x-javascript\r\npopads-node: wb2\r\nexpires: Wed, 01 Oct 2025 23:17:26 GMT\r\naccess-control-allow-origin: http://luluvid.xyz\r\nlink: \u003chttps://xadsmart.com/\u003e;rel=preconnect\r\ncache-control: public, max-age=604800\r\nx-77-nzt: EwgBX63NDQFBDAG5TAoMAfdPZgEADAElE8IxAbdPBwAA\r\nx-77-nzt-ray: 2a494a154eeb7748c9e9d5680c3c161e\r\nx-77-cache: HIT\r\nx-77-age: 91727\r\nvary: Accept-Encoding, Origin\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":41925,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (1568)","md5":"782ce9ef5bdad4e1310f65681203505e","sha1":"26ad747ca342c29d98526d7b267366d0bf2539c3","sha256":"4c026c765a622c4f5ac04bbd2234526f4feffd69f119b682d77a2329afab1bca","sha512":"8ac9a6bce3343df668dd65751f7a2e55d66313b4402052a43effe065e507df5d18305a04f26542d934a0a8c79072325cffbbf878d42c58611a4111293b2c9ddc","ssdeep":"768:bt9rqAYKKSZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCtECntlqo7/:bbpZzFQ9JsTgZvfzmMzhYrTscp6Zd","tlshash":"20133aabb286282601e741ba503eb316b23305167812d458fcb9cdf96e3dd85117b7fc","first_seen":"2025-09-25T05:18:05.799219Z","last_seen":"2025-09-28T00:18:41.301407Z","times_seen":3,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":33,"dns":33,"connect":1,"send":0,"wait":21,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thefacux.com/tag.min.js","fqdn":"thefacux.com","domain":"thefacux.com","tld":"com"},"ip":{"addr":"139.45.197.116","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"thefacux.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 05:14:01 GMT","end":"Fri, 28 Nov 2025 05:14:00 GMT"},"fingerprint":{"sha1":"2B:6B:9B:10:A0:E6:07:DA:41:2A:78:A5:7F:AF:E0:B5:61:48:BF:99","sha256":"CD:E3:B8:1E:0E:EB:7C:55:D0:1B:7A:31:57:33:A0:78:B4:50:F3:DB:68:9B:E2:E9:50:94:D4:B4:2C:72:01:A9"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: thefacux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://luluvid.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 26 Sep 2025 01:17:24 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: f3a72452667fc0f6c70b374c2528e050\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":109904,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5796c902eca57d83912dae91c641d3bb","sha1":"2b37a6f66429088c23a72e0d0c5f5ea57856b8f9","sha256":"32daf1b243ddda963913d2568858320291b7665de870d44eedd180df19120496","sha512":"08dcb0fc836c9c0258cf5bc79e7802eb28cf6df6f7b86927ff73fbd31304cc7a7aebb2ff525e9cb60c37a598be98ff850da06720c97915c527d4e32d3a124a35","ssdeep":"1536:KORV5n7I9pN5MSHR8L6Ru5HjQdXog6wTEDtr0r0:KORVd4nQqvXoRGEhr0r0","tlshash":"60b30a9c625734711d7a9129785fc44daeeaef80048e89e4d0daac732653071d3bbfe8","first_seen":"2025-09-25T13:09:30.10894Z","last_seen":"2025-09-29T02:40:18.183898Z","times_seen":56,"resource_available":true,"data":null}},"time_used":226,"timings":{"blocked":83,"dns":0,"connect":26,"send":0,"wait":56,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"thefacux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"thefacux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xadsmart.com/uskdpalgfargw?lsdwVuMR=3\u0026WjcUvSiO=4\u0026UaFEXhzk=4988426\u0026YzruLGml=\u0026vHyNuqsK=0,0\u0026VwXGJzAc=\u0026PicDsaSJ=\u0026AGydPKvs=1280,1024,1,1280,1024,0","fqdn":"xadsmart.com","domain":"xadsmart.com","tld":"com"},"ip":{"addr":"104.153.197.251","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:29.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"xadsmart.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 04 Apr 2025 00:00:00 GMT","end":"Tue, 05 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"57:60:97:0C:DC:E6:0F:0D:1B:04:5B:46:03:77:64:46:88:C5:CF:87","sha256":"14:CD:91:C4:51:65:3A:E9:F5:6D:CB:BF:EF:86:31:A9:7F:DD:F9:17:57:48:89:78:CE:C4:29:EA:76:4F:04:DB"}}},"request":{"raw":"GET /uskdpalgfargw?lsdwVuMR=3\u0026WjcUvSiO=4\u0026UaFEXhzk=4988426\u0026YzruLGml=\u0026vHyNuqsK=0,0\u0026VwXGJzAc=\u0026PicDsaSJ=\u0026AGydPKvs=1280,1024,1,1280,1024,0 HTTP/1.1\r\nHost: xadsmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\npopads-node: wb9\r\naccess-control-allow-origin: *\r\ncontent-type: application/javascript\r\nasf: -3\r\npopads-ec: ASE\r\ncache-control: public, max-age=604800\r\nexpires: Fri, 03 Oct 2025 01:17:30 GMT\r\ncontent-length: 0\r\ndate: Fri, 26 Sep 2025 01:17:30 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T14:59:10.506438Z","times_seen":15171651,"resource_available":true,"data":null}},"time_used":816,"timings":{"blocked":310,"dns":1,"connect":96,"send":0,"wait":196,"receive":0,"ssl":210},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lulustream.com/assets/img/logo.png","fqdn":"lulustream.com","domain":"lulustream.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lulustream.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 06 Aug 2025 06:34:26 GMT","end":"Tue, 04 Nov 2025 07:31:38 GMT"},"fingerprint":{"sha1":"8E:42:AD:57:AA:01:18:CD:F5:C8:1D:D5:AB:2D:59:5E:E3:9D:0F:3D","sha256":"32:6A:94:E5:CB:16:B9:31:C3:73:50:4C:B6:D2:DD:C3:43:BC:06:2C:C5:86:63:6B:0B:7F:49:38:58:B5:5B:15"}}},"request":{"raw":"GET /assets/img/logo.png HTTP/1.1\r\nHost: lulustream.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Fri, 26 Sep 2025 01:17:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nvary: referer, accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AJjcGNtJWF4Efjx7xeNm5zOmuwVuufRPhs%2BZhAhJGwkE0c8nbzhNsQ0jbNgu2xPb%2FSyEk5Xmce2LzVOIJgoOO9eEwtpKEsrzUjyi8A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 984eebe4485d56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T14:59:10.506438Z","times_seen":15171651,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":69,"dns":21,"connect":1,"send":0,"wait":7,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-ZBH92MV9JH","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/js?id=G-ZBH92MV9JH HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 26 Sep 2025 01:17:24 GMT\r\nexpires: Fri, 26 Sep 2025 01:17:24 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 140419\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":421620,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"ab06319899b1f022535437d4d37846ab","sha1":"60cb210aa447985030e583ce9f78178c313e9a27","sha256":"462ede71622c69509e214595d1ec743f90a1d8305cab6a8d7e495da63b40c6c6","sha512":"b1605bbf42fbd9cca596d127c6674d12c3dabeccc808dd2d243984a686ef12630721ccb717f72539bd65b7900b96503fb001d9dd9a8f79aca10d559acf3cbc94","ssdeep":"6144:PBEpmM2/RNpvYqkD1g1/9G1SvuVcH9+23WBj:56mLRYly/Lwr","tlshash":"439409ce73d674265396e478903f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","first_seen":"2025-09-26T01:17:55.250157Z","last_seen":"2025-09-26T01:17:55.250157Z","times_seen":1,"resource_available":true,"data":null}},"time_used":402,"timings":{"blocked":147,"dns":0,"connect":22,"send":0,"wait":42,"receive":60,"ssl":128},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"thefacux.com/tag.min.js","fqdn":"thefacux.com","domain":"thefacux.com","tld":"com"},"ip":{"addr":"139.45.197.116","port":80,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.605Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: thefacux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Fri, 26 Sep 2025 01:17:24 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://thefacux.com/tag.min.js\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\nTiming-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":109904,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T14:59:10.506438Z","times_seen":15171651,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":67,"dns":41,"connect":27,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"thefacux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-26","alert":"Sinkholed","trigger":"thefacux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rshmauyblkmymau.xyz/","fqdn":"rshmauyblkmymau.xyz","domain":"rshmauyblkmymau.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.778Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"HEAD / HTTP/1.1\r\nHost: rshmauyblkmymau.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://luluvid.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T14:59:10.506438Z","times_seen":15171651,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.adsco.re/","fqdn":"c.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.611Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: c.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T14:59:10.506438Z","times_seen":15171651,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":19,"connect":1,"send":0,"wait":0,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"luluvid.xyz/favicon.ico","fqdn":"luluvid.xyz","domain":"luluvid.xyz","tld":"xyz"},"ip":{"addr":"104.21.35.199","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:24.946Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: luluvid.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/hifmw1n6k3n6/\r\nCookie: _ga_ZBH92MV9JH=GS2.1.s1758849444$o1$g0$t1758849444$j60$l0$h0; _ga=GA1.1.1920142682.1758849445\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 26 Sep 2025 01:17:24 GMT\r\nContent-Type: image/vnd.microsoft.icon\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nLast-Modified: Thu, 01 Jun 2023 18:52:04 GMT\r\nVary: accept-encoding\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yIjhiGmTyMpDnNV3DkqMwqM5R6aDnd77s9PgzLkV6cLK32bwMqMh66YJ%2Bky%2Fk0E0QWRD624GtEOA4iLcclc5oK1tJAMOtnjoFDQK\"}]}\r\nCache-Control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"1c1-5fd15eeb261fb\"\r\nContent-Encoding: gzip\r\nCF-RAY: 984eebe6e83635a6-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":449,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 30x30 with PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","md5":"91a7665e37c2eeb49f2ee2fbc2e2d19d","sha1":"8f93836b06e6c2fac65258b7420c1df09ad58d37","sha256":"ff27be6c1a1eba3dc17d16581d680e8faba2536b565e90ad7c09c43d62495dd7","sha512":"2fd72836b18efe830a4f6efa526e01dbe267c65845c22272c90fe5df1a12266d266a34217bc89fb9e365ee009dc06a1a572744287b5b529ae8c87af20483d151","ssdeep":"","tlshash":"ddf0d4dbf5476008c3379ed5e46380cbf13cc1d50c9a704b0175791a4d453169391717","first_seen":"2023-08-28T18:58:56Z","last_seen":"2026-04-28T09:23:48.470196Z","times_seen":435,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rshmauyblkmymau.xyz/","fqdn":"rshmauyblkmymau.xyz","domain":"rshmauyblkmymau.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://luluvid.xyz/hifmw1n6k3n6/","date":"2025-09-26T01:17:34.566Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"HEAD / HTTP/1.1\r\nHost: rshmauyblkmymau.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://luluvid.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://luluvid.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T14:59:10.506438Z","times_seen":15171651,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}