{"report_id":"4731a4a3-d357-4592-ac93-216a7560ebd7","version":6,"status":"done","tags":[],"date":"2026-01-27T13:05:17Z","url":{"schema":"http","addr":"ryanair.top","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ryanair.top/","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"title":"Ryan Air | Airdrop","dom":{"size":45749,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (31537)","md5":"69b6227c35118964126fe512b91c805b","sha1":"83048094e7447afed308b7e0b1de3390f1a2b4a3","sha256":"f37fd60630dfbbf735171d29674520a8586b5082774fc4ba3d0e0b01cfd03f65","sha512":"97a2036eb99f55a06f06c3c4c670e204758c8116d4d1858349dd5295c90f8287bdff4ba05a3f29ed3e42a1aa3a0945ba5c529a98fb1f947e854719bde6729488","ssdeep":"768:nhzQH2L0r82It4uSRhKut5NFgl+FU+xHyvfSDIJPJWf3b8fzwZPROHXL0hDgmwcp:hzqyrYrau0WXTa7kYwAw","tlshash":"d4238160f150493b760762ef5bd6af2d32b270a688676648f3bc85c0eb86df79c72414","dom_hash":"domhashc7091579b192badfc4073018b8607116","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ryanair.top","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-03T13:05:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-01-25T22:14:35.458366Z","alert_count":0,"request_count":8,"received_data":164024,"sent_data":4256,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-25T22:17:37.642954Z","alert_count":0,"request_count":2,"received_data":26468,"sent_data":954,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"lite-api.jup.ag","ip":{"addr":"3.164.240.45","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2021-09-15","domain_rank":1536175,"first_seen":"2025-06-01T22:48:15.859785Z","last_seen":"2026-01-25T21:41:49.555987Z","alert_count":0,"request_count":1,"received_data":3346,"sent_data":492,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ryanair.top","ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":17,"request_count":17,"received_data":873905,"sent_data":7390,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ryanair.top/","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ffa6179807717b13a595344c0c8e0b1a","sha1":"d0fd6c97e8228344cc3fb22dc2dc2a0d96daee00","sha256":"17a017e69302421e1226ba5a75440dde39572094d0be91a968126c3f393ee73d","sha512":"a345b3449d9776b6f24ce45d811746ad5d4a1d08f2733ce6ed97c704f4489aa767ddf0c6e901a384ee6db06e782b51665ccae18401c27c5096243d36d23c7f44","ssdeep":"","tlshash":"3fd05e215037d208b630b8111f9a7b843652537247a494a03f6fd641bf6620fc2acfdd","size":277,"data":"","first_seen":"2026-01-27T11:09:08.773719Z","last_seen":"2026-01-27T13:05:22.150377Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/6njrf.js?2hywh4i","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b145c88e83377262a351336163061ff5","sha1":"59efd68efe90253337fda9792bab63f9abdd210d","sha256":"5993816224888839422b57a35416f801d79ac18761a0c2e97c9d454272940971","sha512":"2ea4592dc02530b936208881d7ebc62a7dd2a66279e1f8a0adec0d1338e1db322f483b498fa87dd5e650580bf08655bf8e5ecbbc3efdcec76ecc37eddc6fb3a0","ssdeep":"192:QAUq20+TcYh24D8jvW4dDKya0wSV8FzIFPmn66dkSX:z18TcOXwwIFk66ddX","tlshash":"a9d1946835803032806b55c723e247a6783de589eb6380b172bd09e75f65ccd72dbb76","size":6429,"data":"","first_seen":"2026-01-27T11:09:08.76329Z","last_seen":"2026-01-27T13:05:22.145872Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/_nuxt/assets/index.js?obtqsn6","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5bc58101d69b150534fb9131c6da308","sha1":"78926c3ad2d55c258c7da0092b28b6a82ae02694","sha256":"b6c677e6511637991799e7d9d9ec7a0e45481167f5f07247a598066e9a63fc6d","sha512":"18b9781bb9c0419ea04582117e7b1ab11e5c823f9f90730ae3fb88efa9a2d392b976c7607434b50c46cf3d634064e3871e25d5f6c88ce4c18dd8a80e8c403fcf","ssdeep":"12288:00aHHS1YJlLxZLHmrfj6jpICQaK6gQcA0QLhfHGCAh4Q9L7xLO+MS7sSVjMFZIG:00aHHS1YJlLxZLHmrfj6jpIC6QcA0QLt","tlshash":"d5e4d79b1005ed7d3916fde41c701cb618c0be5f9c4cd4beb2a9dc926136ab463aeda0","size":713952,"data":"","first_seen":"2026-01-26T11:18:45.967998Z","last_seen":"2026-01-28T06:42:37.110143Z","times_seen":126,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2a193900086148e14a47cf69b28d5b3c","sha1":"aec162774d5ae0e366b2b9366ab7b1c463389e6b","sha256":"a9a6a87705e8ca0ef3152297199ab54f6f598b827203786cc5fed93f6baa55f3","sha512":"a2a06b2858861d7e308392661dc498d4dc03ea6683e773f0e660521ee591f1b26b8adc29e106aa744815e243799da70e1c43b42828bbdf0222eb91d446298955","ssdeep":"12288:rRUmxLhbtSTxJonN6qBgN4gA4Gh3V/wE4EU+6bjNrPlY4ooRbwVIb:rRUmxLhbtSTxJonN6qBgN4gA4Gh3V/wn","tlshash":"67e4096f1105ad7e7d1ac1e52c7518c61a00ae9f9cccc8aaf6f8d0c2b675bb411bf990","size":683246,"data":"","first_seen":"2026-01-26T11:18:45.963979Z","last_seen":"2026-01-28T06:42:37.117893Z","times_seen":126,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"lite-api.jup.ag/tokens/v2/search?query=9R4zqfeasqeEKCEQxX89gbK5dXvkYegNxHmnZWjTpJWY","fqdn":"lite-api.jup.ag","domain":"jup.ag","tld":"ag"},"ip":{"addr":"3.164.240.45","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lite-api.jup.ag","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Apr 2025 00:00:00 GMT","end":"Thu, 30 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6A:C1:1A:55:81:46:51:60:92:8E:23:71:EC:0D:F5:22:E2:77:CC:B6","sha256":"9B:2C:9B:3C:A9:B9:32:F1:2E:E7:12:53:C3:E5:39:A9:B1:D1:92:0F:BD:83:0D:8B:73:33:20:78:3D:B0:C8:E7"}}},"request":{"raw":"GET /tokens/v2/search?query=9R4zqfeasqeEKCEQxX89gbK5dXvkYegNxHmnZWjTpJWY HTTP/1.1\r\nHost: lite-api.jup.ag\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ryanair.top/\r\nOrigin: https://ryanair.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json\r\ndate: Tue, 27 Jan 2026 13:04:57 GMT\r\nserver: cloudflare\r\ncf-ray: 9c48757719af2d87-ARN\r\ncontent-encoding: br\r\naccess-control-allow-origin: https://ryanair.top\r\ncache-control: public, max-age=10\r\nvary: Origin, Accept-Encoding\r\naccess-control-allow-credentials: true\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 365d682e9b4889986ad44f252accf6b0.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: wnPJU85mD8plvRMK4LQ1bufYaGfc6iWGBE4egBAbgAXltS2ztKv6Wg==\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2654,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"062d4c2bac05eacd351558a2519b9c90","sha1":"d502e4358992779d126f250d02531b9eff5e9adf","sha256":"0b3b78f3e906b74919f5d5afbb194856bc0050cf80e6180e1890e9e816e82714","sha512":"0a09fee3080b6227df9bcca2a2ad9ae3215d5b426af8cc99df7ed647c8384525f8138a6a4c50be47bf10e3bd063e164869ac5b38bfa089a66f17e1c2ffc20c72","ssdeep":"","tlshash":"3c5196f1976a20e4cbed578a84c83f5102e229d3891114d6bfb84edc84da16fa60ce1f","first_seen":"2026-01-27T13:05:22.124138Z","last_seen":"2026-01-27T13:05:22.124138Z","times_seen":1,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":40,"dns":15,"connect":8,"send":0,"wait":91,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/api/visit","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"POST /api/visit HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ryanair.top/\r\nOrigin: https://ryanair.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:59 GMT\r\ncontent-type: text/plain;charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iJeC%2Fcb3ejCBIPGKjtPDB6asF5sngy%2FW2Lwc8OpgUtrhiJsMs4jid9Y6UTTevv4GkC78iPYb8NuxePfV%2BWZY8TrGsh6OLovmiSrz\"}]}\r\npriority: u=4,i=?0\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c48757809340883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-06-06T18:13:29.331635Z","times_seen":422990,"resource_available":true,"data":null}},"time_used":1791,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1791,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/images/coin.svg","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /images/coin.svg HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: br\r\nage: 6974\r\ncf-cache-status: HIT\r\netag: W/\"696e9cd7-13a3\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y1uUkUPE1TIXdU36CvbaD2X99hkdKfFImODuVjULbHSORNN8ouYeZu6uBXH3FVo8hOb8MiKPd%2B14B5t7urqtQ7MnX3mgAOmKK%2Fi6\"}]}\r\ncf-ray: 9c48757208810883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5027,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9d23869f76d47b5c77afdf8c14cbbb52","sha1":"1cc2ee3d63a60208ba2ec241cba633e61e116aa3","sha256":"387c8bbb63962dfce4942f2596ed731b972a1e03db3bff8abc67c9ae97921a94","sha512":"2bbc921b16fa8b62889adacf6557634ef515b7b9bd113534d7d671115b9b432a482b8ae5fd512cb8f1be6c037b36d617bd82fcc35731b09ca3d27bb15f348058","ssdeep":"96:NZrgo+DmmnE9ht506zProP25WhRRlCWh1HxiRSwRft+BQdJUlo5L9:DSnEN50wPyDRBTH0RSwRft+Aa2","tlshash":"d2a1c8fc77f065a55a88c7edef06806a3daa54f3be408280f04c5f9e4b96812dc976c5","first_seen":"2026-01-27T11:09:08.76039Z","last_seen":"2026-01-27T13:05:22.128521Z","times_seen":2,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/images/marinade.svg","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /images/marinade.svg HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: br\r\nage: 6974\r\ncf-cache-status: HIT\r\netag: W/\"696e9cd7-2677\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HEiHONhf0nVWMk2FF%2FbQzURx7AijXu40Nt1MWjQ%2FNRIGSSQlzQg0%2BSy8bmVxADI1Gjd9gV5gyS27Wmchp62bgH9i%2Fdp%2FWIkmrEaX\"}]}\r\ncf-ray: 9c48757208840883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9847,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5cb11fd2b4b91716c41205eb17e9d960","sha1":"d5e2cb59069a886204c8284813a02ecee6082250","sha256":"bf19d99498915d1aec2f355703d23bb5655de09d5b2bbcb88828aa00d9d6a3a6","sha512":"6e8df520180ffde25b12c20447d7b3ae364a11f1104c1cd5e5ee7d96978b69c43aa749db6e293e1e2acc9d6c3568a0a2841cb26ff2e105f5929b9225ab46b26b","ssdeep":"192:OXI9CbNZ73IhN47x5QO6tQuPOmU/m6FJIReX1gZss6+:+ThZ73eKVT6W05U/m6oeXdK","tlshash":"5012d8ec6be271f0f849e7e4e51698b63b1b35fb7611cb18c3856d21e64100eca79c86","first_seen":"2025-09-02T07:43:09.38934Z","last_seen":"2026-05-24T00:38:30.379728Z","times_seen":447,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ryanair.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14500\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 23 Jan 2026 13:19:59 GMT\r\nexpires: Sat, 23 Jan 2027 13:19:59 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:09:13 GMT\r\ncontent-type: font/woff2\r\nage: 344698\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14500, version 1.0","md5":"e58febde317b69ceb51690ea201850c9","sha1":"d8fc94bf7a39043a7759bd564a7e16b3ea080736","sha256":"c268b459a9329e59fecf39a17618efd44c71735532048d60b12aab76a8c14914","sha512":"af17f0a6913d974bd7d38a060549dacd158c667abb08f830d44d302c1a1cb4f8106eeeb772d2b4066be2c5a1e763d26042c707343770f5e84b0f5165cab9d96b","ssdeep":"384:4VvSHMmDtGjtHrBRvGjLWPSNRXZpyJ+kC18bZ:4VvSsmDt6LBROj1RXZ4J+318bZ","tlshash":"8a52b05ef04e86f0b51f2a7ece5c6a1153725e56134f2e50e967b0c8c75e82a1e27142","first_seen":"2025-06-05T11:45:07.756161Z","last_seen":"2026-06-06T17:47:57.323232Z","times_seen":2755,"resource_available":false,"data":null}},"time_used":431,"timings":{"blocked":211,"dns":4,"connect":20,"send":0,"wait":8,"receive":1,"ssl":183},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/eba507615e5b42a7.png","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /eba507615e5b42a7.png HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:57 GMT\r\ncontent-type: image/png\r\ncontent-length: 8744\r\npriority: u=6,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\netag: \"696e9cd7-2228\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\naccept-ranges: bytes\r\nage: 6975\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rt0ARebnwMLtA1DyB6BJTmgvXOKXIlNvtaIEm5OGN99J3ryOvYSpslNKxAS8DrZqjz9S6O7qtPtUSIqXDshIWYoRND1Wf16f6h1x\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c487576b91d0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8744,"size_decoded":0,"mime_type":"image/png","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8c4b28995537f6d27289c515d1ae6cf5","sha1":"61df85a7ca3282c793293ea7ecf4cf272b1cb4e2","sha256":"e8dd890ffe29b1b1194cc1a4bb5ba3543a26b38f5dd0f407accb1775a72d96a8","sha512":"5f6f78f091ce3edd5bb48b064506daa38ba406549247c62e17cc0bdf4d02bc7630c95f974c62c66f6cee2e7ef0cd278112157326dae9a72ca3dd4e896cd8ba00","ssdeep":"192:sy2qEP+loRgUdIxQHtAUAfoOqyG8hQGQUNl2J2MQBu5:JEP+loiU2QHNo88hQPUNl2HOk","tlshash":"8802cf3ef4222b5f04e8596c16a2df43c3b44b67e909515efdc8e0adb1bd54062d923a","first_seen":"2026-01-27T11:09:08.7676Z","last_seen":"2026-01-27T13:05:22.133687Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/images/bonk.svg","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /images/bonk.svg HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: br\r\nage: 6974\r\ncf-cache-status: HIT\r\netag: W/\"696e9cd7-314a\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cl9bmfVCWqKHXe7HLXT10QhW4XMd5oplAA2bbPsVwYUfsUyHMmErFNgIRMKKNWgjRokqyTjZF6qibTkBWqnU8wwgDCN7pWSYNTkC\"}]}\r\ncf-ray: 9c48757208820883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12618,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"32264f4b5ef61d12d6c8c7585e844dcc","sha1":"28f5308df3de8e7435ed9f29c07271102455bffb","sha256":"22c0b5638dc650cc5fabd4b50dd2c24b0dccdc305ea37a8dc15aaf856b58a1c8","sha512":"33d0b30212a2408e4f0b435257efd055b0a0f8a3aa404e8c666de12528a446b7cc056270e6b3f79241626436351e520f046fb37d28bc04e28178d45a1a2f4b52","ssdeep":"192:FDLeI6N6VFklwNwKIxv6Cqc9I4jnMnX6TVlAaPyvGONdRvmiVTzvjxqVASFkM0/e:9Lm9wwtiCqVMMqTVlhPIzHeiVHvj6mrK","tlshash":"cb4297eab3a9e3d4f805e7f4872768743b6b2cfd2e20c59947d5aca0e95109d4858cc2","first_seen":"2025-09-02T07:43:09.420529Z","last_seen":"2026-05-24T00:38:30.426868Z","times_seen":446,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:24 GMT","end":"Mon, 23 Mar 2026 19:52:23 GMT"},"fingerprint":{"sha1":"43:39:AF:0A:74:F9:2F:1B:C0:1E:4E:89:21:30:C2:28:EC:9F:6C:67","sha256":"EA:F1:0E:C7:36:18:F3:9D:D1:D5:34:23:44:7D:6F:9D:2F:61:C7:81:09:9E:E9:C8:02:C8:F2:2C:0A:83:B3:A5"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 27 Jan 2026 13:04:57 GMT\r\ndate: Tue, 27 Jan 2026 13:04:57 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e85517dadd43448782d60d7f207fddce","sha1":"6cd31f870727ba8090fac9602b42524b4139a619","sha256":"88fbd0b95222be288587a149c324189ecbd8de0d6f0c94f528ec53857e52b66c","sha512":"5edc78df5bb062a9a2e1ea6724c14dd7eb80d77ea0fa9572de4bb0d52bbd0d163815b08a1ae77084f99fbefbb07715da1c61f0bb36fb498710c91387792955f8","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:vXuM0p2+4","tlshash":"04227792002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:13:11.065101Z","last_seen":"2026-06-06T16:52:50.458283Z","times_seen":29374,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ryanair.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 24836\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 23 Jan 2026 13:06:13 GMT\r\nexpires: Sat, 23 Jan 2027 13:06:13 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:08:28 GMT\r\ncontent-type: font/woff2\r\nage: 345524\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24836, version 1.0","md5":"938c6e8019b69313372c47dbb7a7c930","sha1":"b42951014c5eca12749d87a4706caf22dc4fe081","sha256":"a30ddcd349703aff7464c34bef3fffdff405ee50c113440d7c8693c02d210972","sha512":"5537c005cd8f321f26fe67f6292b3ec14e88ff4b2365311628dbbe4753e01e568f6881b9f2e7d71e8e6b2c261ed25f372829dd28f89f865ce574b4e1fec29614","ssdeep":"768:3KQaj5c95F1QmIwa55Go1COpZLpkkM46CU+YIC:ahj5cXow65xCM5pkkM468YB","tlshash":"a2b2f105ee49b3d4b276f1fcfa802884179282f27dabda8f3f2015981dd8e5b8d45320","first_seen":"2025-06-02T20:09:41.98255Z","last_seen":"2026-06-06T17:25:36.147788Z","times_seen":26773,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":174,"dns":1,"connect":22,"send":0,"wait":8,"receive":3,"ssl":145},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-27T13:04:55.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YH%2BgQ%2FRsenO4dadD26EXgocdS2gdquehb9YyvsiGxc2WQa0hjwc0QN%2F8wtmIC5baYxfmhlVuwfnL%2BkJqN3lEP6Gn9w2gS5q3tA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9c48756ddc7fb509-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26432,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (24147), with CRLF line terminators","md5":"b3967ca7034c5f0841e8d347fce46817","sha1":"231eced5f451ad52fd8b9ec82619cb6920737ae3","sha256":"f05450e9ca26b584a7342c768203afc5d3a66c788e9d5d468d4cfe3864428d5b","sha512":"db89d89340b418f9ea9d520dd81ab1414aa19e246c690e96db3a15e17ed67af2fb851db650e5deb9ced542db2ea36c2f37302748c70059764f57fdd2752f7c1f","ssdeep":"384:d3WtqY+SAaJdiEU74fyZwwq/N2oFRYXI+y7lFO90KX2La8HYc1RcWRyqtG:dYAaJ6yySwQ2WRYXIdlFS0KEYw5G","tlshash":"55c2b5701228113aa51755dbaf26333a32f772fee97b0105e7fd4a90e7d5c8ae832584","first_seen":"2026-01-27T11:09:08.759247Z","last_seen":"2026-01-27T13:05:22.138166Z","times_seen":2,"resource_available":false,"data":null}},"time_used":668,"timings":{"blocked":70,"dns":46,"connect":1,"send":0,"wait":528,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/_nuxt/assets/index.js?obtqsn6","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /_nuxt/assets/index.js?obtqsn6 HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:57 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Mon, 26 Jan 2026 11:15:44 GMT\r\netag: \"69774ce0-aea2a\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300, must-revalidate\r\ncontent-encoding: gzip\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CcF7978xJdxkdGuFJxX%2BJ3YLX6gJZsvi2KHimRXO6fUjSymw0hO8aALYbLnoSJt3FnIIkDtfhAg%2FYvbtqqQoZQ9RBjecQBBTase%2B\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c487572087f0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":715306,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (56736), with no line terminators","md5":"f5bc58101d69b150534fb9131c6da308","sha1":"78926c3ad2d55c258c7da0092b28b6a82ae02694","sha256":"b6c677e6511637991799e7d9d9ec7a0e45481167f5f07247a598066e9a63fc6d","sha512":"18b9781bb9c0419ea04582117e7b1ab11e5c823f9f90730ae3fb88efa9a2d392b976c7607434b50c46cf3d634064e3871e25d5f6c88ce4c18dd8a80e8c403fcf","ssdeep":"12288:00aHHS1YJlLxZLHmrfj6jpICQaK6gQcA0QLhfHGCAh4Q9L7xLO+MS7sSVjMFZIG:00aHHS1YJlLxZLHmrfj6jpIC6QcA0QLt","tlshash":"d5e4d79b1005ed7d3916fde41c701cb618c0be5f9c4cd4beb2a9dc926136ab463aeda0","first_seen":"2026-01-26T11:18:45.967998Z","last_seen":"2026-01-28T06:42:37.110143Z","times_seen":126,"resource_available":true,"data":null}},"time_used":520,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":512,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/images/solblaze.svg","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /images/solblaze.svg HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: br\r\nage: 6974\r\ncf-cache-status: HIT\r\netag: W/\"696e9cd7-2fb6\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C7zb8LXehTjjANk9I4vQxWpqiOM7G04reSqwKg3GmlGrT2l0vMrHqeym%2BsZp3mFvaY24HhhC8IJERrAGvqCpPr24RugAPVykif93\"}]}\r\ncf-ray: 9c48757218880883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12214,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e6c2726ae5e7cc1c0aa199ad3b7195b9","sha1":"e9dbc07a64cebfbd0389bcec396877b2f338e6bd","sha256":"b5ba7b16778896912b7712690a16b5eab96e9dc8643be4af77ec5a1e8b3e6b5b","sha512":"7d3f6b9f2259a8136531a9c09ade0c885e01239c4c49e6d9f4618d076361e325b7a73c5209440f733b9ca07eda312240fb4306a42a060b6733e8b474e37968d8","ssdeep":"192:Cebn8EmAexeRzs8VWOAluUFbpATzs9IQF/n9AY41RRodskit3dEamw2gq:Ceb8aexOAMnIb7XhGY41/ungq","tlshash":"9742b6debbe5a3f4a905f3c8875688793a532cf67b03cb38c3986e95b54104d8895c87","first_seen":"2025-09-02T07:43:09.409787Z","last_seen":"2026-05-24T00:38:30.314476Z","times_seen":447,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/cq478.css?adlnusz","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.654Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /cq478.css?adlnusz HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\netag: W/\"696e9cd7-b129\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: gzip\r\nage: 6974\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AkZaAW8p54iH5ZcAwgSWf3v8t1BcLpvHQKKdd0%2BGp8t%2FY%2FguyDtdAIij8nB6ugolzxjxcIzI7Ypp3DF2%2Fx3%2FMsDgN3IVXU%2FxbAQ%2F\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c487572087e0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45353,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"71606bbc2842b8413a8a40221ba821da","sha1":"20f917adbb6a8da0bbbf9f1fd8f606f924a2ed2a","sha256":"1a81c424339df962d46d5d4dd06d2551571e046d881027bffa743c6ca195639e","sha512":"318416ba311b766176a38ffc362fc3338f2215ecbad4071ae57d51e2b6b5056396520888cfc9384fedc0142c97177ab4f958b3f6f86d40197351b29cec2d9f9e","ssdeep":"768:YGSPv74K73iLcVLGAPY+wc9t0i4RzXqtUNrifUMbqAtfYCLQ:UPY+wut72ifpQ","tlshash":"e613f059e64212066533eba46ff2071cfb9980538b0291b97fcd72994ff51a886b1fcc","first_seen":"2026-01-27T11:09:08.772644Z","last_seen":"2026-01-27T13:05:22.141129Z","times_seen":2,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ryanair.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 24836\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 23 Jan 2026 13:06:13 GMT\r\nexpires: Sat, 23 Jan 2027 13:06:13 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:08:28 GMT\r\ncontent-type: font/woff2\r\nage: 345524\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24836, version 1.0","md5":"938c6e8019b69313372c47dbb7a7c930","sha1":"b42951014c5eca12749d87a4706caf22dc4fe081","sha256":"a30ddcd349703aff7464c34bef3fffdff405ee50c113440d7c8693c02d210972","sha512":"5537c005cd8f321f26fe67f6292b3ec14e88ff4b2365311628dbbe4753e01e568f6881b9f2e7d71e8e6b2c261ed25f372829dd28f89f865ce574b4e1fec29614","ssdeep":"768:3KQaj5c95F1QmIwa55Go1COpZLpkkM46CU+YIC:ahj5cXow65xCM5pkkM468YB","tlshash":"a2b2f105ee49b3d4b276f1fcfa802884179282f27dabda8f3f2015981dd8e5b8d45320","first_seen":"2025-06-02T20:09:41.98255Z","last_seen":"2026-06-06T17:25:36.147788Z","times_seen":26773,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":78,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/api/is-banned","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /api/is-banned HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ryanair.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:59 GMT\r\ncontent-type: text/plain;charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fi4siqUlxvVjlHSTmrtwndEh9fEdmF%2B7Y4F9e3kyA7n%2FJ1RuSobs6Sc3xtvdSVPmSrO9cDOYCYYFdowaAndZnjlMVbqBs%2BFRv4ER\"}]}\r\npriority: u=4,i=?0\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncache-control: private, max-age=300\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c487576d9210883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-06-06T18:07:07.502384Z","times_seen":114261,"resource_available":true,"data":null}},"time_used":1784,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1784,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/images/jito.svg","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /images/jito.svg HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: br\r\nage: 6974\r\ncf-cache-status: HIT\r\netag: W/\"696e9cd7-779\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vXNKHpIDsmlJyyVztp5SP%2BUbh0tWt8ztgCyRAHA1GgJiwf%2B0gbsTt%2FlPnHMMXhq9gi6jT%2Bv4jAx823%2F29s2Qs47QhDW%2FUzcRYbiQ\"}]}\r\ncf-ray: 9c48757208830883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1913,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b555eeb2c89878019ca271ce239f5144","sha1":"4689fc8b3d997acabf01e06139cdb5d44fd3b7bb","sha256":"5daa8b44652cf3cca0e22528f3e8b09a4a83c071ceb68e11af6138b240220615","sha512":"b3758eff6e3f56a6b9a2189b1fa55ad8af57fe46c233ad62db30dcde00f4333128ad0b96e0730cd36609b70ffe1e875509cd6891cd423dc3f0b9f435d3b0bf83","ssdeep":"","tlshash":"59410360a26d57a4a104ebe04b1a64762e9322f7352286284b9fd97864831df5cecdc9","first_seen":"2025-09-02T07:43:09.3868Z","last_seen":"2026-05-24T00:38:30.372697Z","times_seen":446,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ryanair.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 24836\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 23 Jan 2026 13:06:13 GMT\r\nexpires: Sat, 23 Jan 2027 13:06:13 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:08:28 GMT\r\ncontent-type: font/woff2\r\nage: 345524\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24836, version 1.0","md5":"938c6e8019b69313372c47dbb7a7c930","sha1":"b42951014c5eca12749d87a4706caf22dc4fe081","sha256":"a30ddcd349703aff7464c34bef3fffdff405ee50c113440d7c8693c02d210972","sha512":"5537c005cd8f321f26fe67f6292b3ec14e88ff4b2365311628dbbe4753e01e568f6881b9f2e7d71e8e6b2c261ed25f372829dd28f89f865ce574b4e1fec29614","ssdeep":"768:3KQaj5c95F1QmIwa55Go1COpZLpkkM46CU+YIC:ahj5cXow65xCM5pkkM468YB","tlshash":"a2b2f105ee49b3d4b276f1fcfa802884179282f27dabda8f3f2015981dd8e5b8d45320","first_seen":"2025-06-02T20:09:41.98255Z","last_seen":"2026-06-06T17:25:36.147788Z","times_seen":26773,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":208,"dns":0,"connect":7,"send":0,"wait":8,"receive":2,"ssl":197},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ryanair.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14500\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 23 Jan 2026 13:19:59 GMT\r\nexpires: Sat, 23 Jan 2027 13:19:59 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:09:13 GMT\r\ncontent-type: font/woff2\r\nage: 344698\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14500, version 1.0","md5":"e58febde317b69ceb51690ea201850c9","sha1":"d8fc94bf7a39043a7759bd564a7e16b3ea080736","sha256":"c268b459a9329e59fecf39a17618efd44c71735532048d60b12aab76a8c14914","sha512":"af17f0a6913d974bd7d38a060549dacd158c667abb08f830d44d302c1a1cb4f8106eeeb772d2b4066be2c5a1e763d26042c707343770f5e84b0f5165cab9d96b","ssdeep":"384:4VvSHMmDtGjtHrBRvGjLWPSNRXZpyJ+kC18bZ:4VvSsmDt6LBROj1RXZ4J+318bZ","tlshash":"8a52b05ef04e86f0b51f2a7ece5c6a1153725e56134f2e50e967b0c8c75e82a1e27142","first_seen":"2025-06-05T11:45:07.756161Z","last_seen":"2026-06-06T17:47:57.323232Z","times_seen":2755,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":88,"dns":4,"connect":23,"send":0,"wait":14,"receive":3,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ryanair.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14500\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 23 Jan 2026 13:19:59 GMT\r\nexpires: Sat, 23 Jan 2027 13:19:59 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:09:13 GMT\r\ncontent-type: font/woff2\r\nage: 344698\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14500, version 1.0","md5":"e58febde317b69ceb51690ea201850c9","sha1":"d8fc94bf7a39043a7759bd564a7e16b3ea080736","sha256":"c268b459a9329e59fecf39a17618efd44c71735532048d60b12aab76a8c14914","sha512":"af17f0a6913d974bd7d38a060549dacd158c667abb08f830d44d302c1a1cb4f8106eeeb772d2b4066be2c5a1e763d26042c707343770f5e84b0f5165cab9d96b","ssdeep":"384:4VvSHMmDtGjtHrBRvGjLWPSNRXZpyJ+kC18bZ:4VvSsmDt6LBROj1RXZ4J+318bZ","tlshash":"8a52b05ef04e86f0b51f2a7ece5c6a1153725e56134f2e50e967b0c8c75e82a1e27142","first_seen":"2025-06-05T11:45:07.756161Z","last_seen":"2026-06-06T17:47:57.323232Z","times_seen":2755,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":78,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/images/orca.svg","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /images/orca.svg HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: br\r\nage: 6974\r\ncf-cache-status: HIT\r\netag: W/\"696e9cd7-eab\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tmsX%2Fp6wayCPBHvy4SVKDGDywkvqqwqyYmk%2FqAzxJNr%2B3bRedhK1jX6mfbsI%2BKVUMCrC7OZDk8%2BjXs9Zu37P8%2FpApOgKSesEa5Zw\"}]}\r\ncf-ray: 9c48757218860883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3755,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"399f1f0b7b8310ee13f5f344cf8d1194","sha1":"a2f3f47fce8eb5ad2b1865446591c3087c693ca6","sha256":"1b03e12e25d6722e35e48e8f63e6b740f004b74d828e8ad6d79c07615bcfe12a","sha512":"3b7b4b431ba516221ad79743433630dadb9ce869f4e6401651982bea4d87ebe2a18248a2722fe1d8fac295a89f235371f30314e29c9de56eb32e5f6bf143b676","ssdeep":"","tlshash":"157173ebb3c8a2c0d60ae3f49b2a54f9360316f94623c228c6e50f65f99209dc94c8c5","first_seen":"2025-09-02T07:43:09.392798Z","last_seen":"2026-05-24T00:38:30.306951Z","times_seen":447,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/images/pyth.svg","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.669Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /images/pyth.svg HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: br\r\nage: 6974\r\ncf-cache-status: HIT\r\netag: W/\"696e9cd7-912\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zL1o7IPeRC81QNkoaLnMMb17fbvPzx%2BXR2Z5QJ1UcEbggMVz6MsSA9HflSAcHzXvkEcbamLy8eA3qCmKsxxFwETChyUi4rO1Ol5z\"}]}\r\ncf-ray: 9c48757218870883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2322,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"37d619de40a237df97301e340b9b2447","sha1":"4503d4caddb600c467c92cb18cd5b2c13a056236","sha256":"e5e5d3c3bccd9d67b02f2ae4335e1b9f7add851b0df03eea4376ca8f39267a62","sha512":"d82646626adbee5cc7c9a709bd37b8eb8026eca69112bccd16e0b5791182ec16d8d967eee4aa99399cee3594d97bf5855bbd9fd7255a7093e090258990879db9","ssdeep":"","tlshash":"f541555122ac93e49906a7c4e715f0b2755328fd6883ca10ea32bb70b4505df8dd98c4","first_seen":"2025-09-02T07:43:09.414801Z","last_seen":"2026-05-24T00:38:30.311769Z","times_seen":446,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ryanair.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14500\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 23 Jan 2026 13:19:59 GMT\r\nexpires: Sat, 23 Jan 2027 13:19:59 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:09:13 GMT\r\ncontent-type: font/woff2\r\nage: 344698\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14500, version 1.0","md5":"e58febde317b69ceb51690ea201850c9","sha1":"d8fc94bf7a39043a7759bd564a7e16b3ea080736","sha256":"c268b459a9329e59fecf39a17618efd44c71735532048d60b12aab76a8c14914","sha512":"af17f0a6913d974bd7d38a060549dacd158c667abb08f830d44d302c1a1cb4f8106eeeb772d2b4066be2c5a1e763d26042c707343770f5e84b0f5165cab9d96b","ssdeep":"384:4VvSHMmDtGjtHrBRvGjLWPSNRXZpyJ+kC18bZ:4VvSsmDt6LBROj1RXZ4J+318bZ","tlshash":"8a52b05ef04e86f0b51f2a7ece5c6a1153725e56134f2e50e967b0c8c75e82a1e27142","first_seen":"2025-06-05T11:45:07.756161Z","last_seen":"2026-06-06T17:47:57.323232Z","times_seen":2755,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":225,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":214},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/6njrf.js?2hywh4i","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /6njrf.js?2hywh4i HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:57 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\netag: W/\"696e9cd7-191d\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: gzip\r\nage: 6974\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eCmcwCvzVmbGn7%2FXs1QlPn1vQkmzg2RYclUOImWFFjGpSE0%2BMU2UHu%2Bmiv%2FzHLpOvUkp6kWtj%2BY7jOgaBZm%2FIJ8N8hghsbd34BNe\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c48757508ea0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6429,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (6429), with no line terminators","md5":"b145c88e83377262a351336163061ff5","sha1":"59efd68efe90253337fda9792bab63f9abdd210d","sha256":"5993816224888839422b57a35416f801d79ac18761a0c2e97c9d454272940971","sha512":"2ea4592dc02530b936208881d7ebc62a7dd2a66279e1f8a0adec0d1338e1db322f483b498fa87dd5e650580bf08655bf8e5ecbbc3efdcec76ecc37eddc6fb3a0","ssdeep":"192:QAUq20+TcYh24D8jvW4dDKya0wSV8FzIFPmn66dkSX:z18TcOXwwIFk66ddX","tlshash":"a9d1946835803032806b55c723e247a6783de589eb6380b172bd09e75f65ccd72dbb76","first_seen":"2026-01-27T11:09:08.76329Z","last_seen":"2026-01-27T13:05:22.145872Z","times_seen":2,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/api/config","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /api/config HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ryanair.top/\r\ncontent-language: en-US,q=0.8;en\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:57 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OW461gQo%2BvL5xqKqqmbIdfbY7w%2FeTwZb713CNjaGqRdT4PHwstJ04W%2FG7oLJIlJZA3cSjpSIq7%2BQ9ixmwesMETel23eXsoUy%2BVFC\"}]}\r\npriority: u=4,i=?0\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c487576d9220883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":285,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"data","md5":"09de1609c3352ff4d1d99867c7e507ce","sha1":"31948e0688f9d61e066d40b1b2c8a242d3abc1e7","sha256":"843573c73a4844dbdc44c97dda3fb08ecb956347359b442290ff772b5349bda5","sha512":"19553f593a29be6d5a3bbb16d8e093d6c4574600275790401e9374b68747e927823dc581589180b08b162745b9cd63299061e7bb9b019bce92d2cbb404e81f8f","ssdeep":"","tlshash":"d8e023c18d9d33e2e58bd4648460bedbda6918b1546233be4c1374987cf1692140f536","first_seen":"2026-01-27T13:05:22.147175Z","last_seen":"2026-01-27T13:05:22.147175Z","times_seen":1,"resource_available":false,"data":null}},"time_used":523,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":523,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/eba507615e5b42a7.png","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /eba507615e5b42a7.png HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 8744\r\npriority: u=4,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\netag: \"696e9cd7-2228\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\naccept-ranges: bytes\r\nage: 6974\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3Lv5XUXD77bMGv%2BXZV%2F4lruwTN0C8oAK5pP9i14MzAmXZaqEJqDciF%2BaPVZncUHCqXilwsA2cHyGnbEGH5wp5RkpSIIZH26Nf78m\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c48757208800883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8744,"size_decoded":0,"mime_type":"image/png","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8c4b28995537f6d27289c515d1ae6cf5","sha1":"61df85a7ca3282c793293ea7ecf4cf272b1cb4e2","sha256":"e8dd890ffe29b1b1194cc1a4bb5ba3543a26b38f5dd0f407accb1775a72d96a8","sha512":"5f6f78f091ce3edd5bb48b064506daa38ba406549247c62e17cc0bdf4d02bc7630c95f974c62c66f6cee2e7ef0cd278112157326dae9a72ca3dd4e896cd8ba00","ssdeep":"192:sy2qEP+loRgUdIxQHtAUAfoOqyG8hQGQUNl2J2MQBu5:JEP+loiU2QHNo88hQPUNl2HOk","tlshash":"8802cf3ef4222b5f04e8596c16a2df43c3b44b67e909515efdc8e0adb1bd54062d923a","first_seen":"2026-01-27T11:09:08.7676Z","last_seen":"2026-01-27T13:05:22.133687Z","times_seen":2,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ryanair.top/images/metaplex.svg","fqdn":"ryanair.top","domain":"ryanair.top","tld":"top"},"ip":{"addr":"172.67.164.225","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ryanair.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 20:16:52 GMT","end":"Sun, 19 Apr 2026 21:15:38 GMT"},"fingerprint":{"sha1":"1E:EC:06:C5:90:6D:B9:84:44:C1:6B:F5:38:96:48:93:9E:0D:BB:72","sha256":"D2:65:49:75:F2:56:0E:42:08:DB:BA:24:15:A3:9D:6C:BF:16:30:2F:3A:16:DF:E0:6C:20:A3:01:60:E4:31:B9"}}},"request":{"raw":"GET /images/metaplex.svg HTTP/1.1\r\nHost: ryanair.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nlast-modified: Mon, 19 Jan 2026 21:06:31 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: br\r\nage: 6974\r\ncf-cache-status: HIT\r\netag: W/\"696e9cd7-ad6\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CknASbKHJnaxPawMreZEhMW%2F40I364Y5S5fy9lLNYoAqBTf8HBtPWsntR4RN2S8zHq6G8XFO5aPCyqHMIK2wLBw8bdDazRH2GQrF\"}]}\r\ncf-ray: 9c48757218850883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2774,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"14568298cbae655fd79fb65e4d75bebf","sha1":"37e12fe64bcc11848b8c979aed1164a33d726670","sha256":"d70763867ccbbd3ca57c1a327323a395798ed5c821d26c02e71667d46ea34086","sha512":"c76d53ca8cc2298b9fe604433f1ca76a6464939ed19640fc6262e54287e356a43aef2883212a2b1358d089843f8da724db7128bb5dce5e3f27da890fbe59e227","ssdeep":"","tlshash":"985153c1615827e1d8048be0df2e65b6227b1af4be82ea43f1569df23cc44de0d58bc6","first_seen":"2025-09-02T07:43:09.380851Z","last_seen":"2026-05-24T00:38:30.414552Z","times_seen":448,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-27","alert":"Sinkholed","trigger":"ryanair.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Manrope:wght@200;300;400;500;600;700;800\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:56.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:24 GMT","end":"Mon, 23 Mar 2026 19:52:23 GMT"},"fingerprint":{"sha1":"43:39:AF:0A:74:F9:2F:1B:C0:1E:4E:89:21:30:C2:28:EC:9F:6C:67","sha256":"EA:F1:0E:C7:36:18:F3:9D:D1:D5:34:23:44:7D:6F:9D:2F:61:C7:81:09:9E:E9:C8:02:C8:F2:2C:0A:83:B3:A5"}}},"request":{"raw":"GET /css2?family=Manrope:wght@200;300;400;500;600;700;800\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ryanair.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 27 Jan 2026 13:04:56 GMT\r\ndate: Tue, 27 Jan 2026 13:04:56 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15008,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"0ad4e9cc8948899d25eb47a31cace209","sha1":"c8a2ded69bfa8d2f4293fd3324009b36b4050256","sha256":"73ef72e9f525460bf321f3797f3c6d37aa65ea44ff78062c406fca0d98a55fc8","sha512":"1467da169a56c9e04d571063cfb541534f96920a0645641209b6e0dfcb36ce1313811515479a11731e59d2344622478ed1602dadf4531184524e611cddc867d7","ssdeep":"192:BJRKV3II8XDJi5V3PP8wiJDEV3WW89RJ8rV3118+4JlOV3MM8b/JGNV3TT80uJH0:bMEmkwU+ME02EQJ","tlshash":"7962a9900027e804eb470cd677ce7e39ad4e61567491c5ba5bfe1cd8adebd222320b5e","first_seen":"2025-09-05T04:53:42.941084Z","last_seen":"2026-06-06T17:48:45.585642Z","times_seen":3140,"resource_available":false,"data":null}},"time_used":462,"timings":{"blocked":212,"dns":1,"connect":20,"send":0,"wait":37,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ryanair.top/","date":"2026-01-27T13:04:57.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://ryanair.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 24836\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 23 Jan 2026 13:06:13 GMT\r\nexpires: Sat, 23 Jan 2027 13:06:13 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 04 Sep 2025 17:08:28 GMT\r\ncontent-type: font/woff2\r\nage: 345524\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24836, version 1.0","md5":"938c6e8019b69313372c47dbb7a7c930","sha1":"b42951014c5eca12749d87a4706caf22dc4fe081","sha256":"a30ddcd349703aff7464c34bef3fffdff405ee50c113440d7c8693c02d210972","sha512":"5537c005cd8f321f26fe67f6292b3ec14e88ff4b2365311628dbbe4753e01e568f6881b9f2e7d71e8e6b2c261ed25f372829dd28f89f865ce574b4e1fec29614","ssdeep":"768:3KQaj5c95F1QmIwa55Go1COpZLpkkM46CU+YIC:ahj5cXow65xCM5pkkM468YB","tlshash":"a2b2f105ee49b3d4b276f1fcfa802884179282f27dabda8f3f2015981dd8e5b8d45320","first_seen":"2025-06-02T20:09:41.98255Z","last_seen":"2026-06-06T17:25:36.147788Z","times_seen":26773,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":103,"dns":3,"connect":7,"send":0,"wait":9,"receive":8,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}