{"report_id":"4d301270-4d17-4624-ac1c-5b0731afc965","version":6,"status":"done","tags":[],"date":"2026-01-07T13:44:14Z","url":{"schema":"http","addr":"delta-executor.org/","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"104.21.40.188","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"delta-executor.org/","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"title":"Delta Executor v2.702 [OFFICIAL] - #1 Roblox Executor For Android/iOS","dom":{"size":8549,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3977)","md5":"c06c56d637c9d1262b9848ef44cb2f3f","sha1":"f19fe990196882c85c771496884192734db5f45f","sha256":"839ada7dbd0472ce44e3eb77881351c838dcaa26e08385e2fb41feaa1055b892","sha512":"4c65e524849ca5f9b1e51c3bcc5f385a9b662ac1aadcc25f2793b97a0ad9bf02d8ac804a2325c11c81712ce9e84af88594015c89e583dd6523f7f50dd2031081","ssdeep":"192:dOYntWhgrFWGkGYntWhgrFvdzWYntWhgrFWGkGYntWhgrFvvmCkCaO:dOKWhMEnGKWhM7zWKWhMEnGKWhMo2","tlshash":"0c022ba07891731ac57cb8bb44666b6dff90d7022a44afc376fcc2c927106b51d99f81","dom_hash":"domhashdc54fbe1ae197f2d0347c91caad45e38","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"delta-executor.org/","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"104.21.40.188","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-11T13:44:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":25}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"pl28268103.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"pl28268103.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"pl28268103.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"pl28268103.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"sourshaped.com","ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2026-01-03T09:56:38.479224Z","alert_count":6,"request_count":2,"received_data":7806,"sent_data":946,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"delta-executor.org","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-10-30","domain_rank":122254,"first_seen":"2025-03-10T20:40:25.627386Z","last_seen":"2025-12-09T13:46:18.984486Z","alert_count":13,"request_count":13,"received_data":780417,"sent_data":7282,"comment":"","tags":null,"fingerprints":[{"name":"PHP:8.2.29","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"WordPress:6.9","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Site Kit:1.168.0","description":"Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.","website":"https://sitekit.withgoogle.com/","common_platform_enumeration":"","icon":"Google.svg","categories":["Analytics","WordPress plugins"]}]},{"fqdn":"pl28268103.effectivegatecpm.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-10-07","domain_rank":0,"first_seen":"2025-12-29T10:41:41.731516Z","last_seen":"2025-12-29T10:41:41.731516Z","alert_count":4,"request_count":1,"received_data":107713,"sent_data":467,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2026-01-05T09:14:03.22878Z","alert_count":0,"request_count":1,"received_data":51794,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2026-01-01T07:47:27.133157Z","alert_count":3,"request_count":1,"received_data":377,"sent_data":421,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.highperformanceformat.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-10-15","domain_rank":366864,"first_seen":"2024-10-23T18:32:34.138968Z","last_seen":"2026-01-06T16:37:40.922668Z","alert_count":4,"request_count":1,"received_data":47166,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-12-31T21:55:03.360474Z","alert_count":3,"request_count":1,"received_data":85956,"sent_data":416,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-01-04T22:18:41.67311Z","alert_count":0,"request_count":1,"received_data":434864,"sent_data":437,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"realizationnewestfangs.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-02T06:26:57.543488Z","last_seen":"2026-01-06T11:26:41.787261Z","alert_count":16,"request_count":4,"received_data":21367,"sent_data":6117,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"35.156.32.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2026-01-06T22:19:32.329944Z","alert_count":0,"request_count":2,"received_data":854,"sent_data":904,"comment":"","tags":null,"fingerprints":null},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-12-31T21:11:25.087578Z","alert_count":3,"request_count":1,"received_data":530,"sent_data":770,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.highperformanceformat.com/40bee7d41b074c6214a845caf65e1e03/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"af9b7fa6e5688d84a26ab3455298571f","sha1":"24ad45cb534584d8770e8aeb6ae6d9b5a0a7894b","sha256":"5e7557c140143751ba86f5d370ad56e043926dced1ac46ccc70da86b810f6655","sha512":"423e03032e4c55a1a1139b5cb28ad8326d4b085eced09181ac55e7b4fe94c3330093e3018904f9a6d9226f8acc7281364e054affa2aa1c0d5d399172600304e9","ssdeep":"768:dB2Ee/5+sNKlKMHLQTwkf0R6sYeLvLoK12G6FYc0CEsC:dB2Em+aMHLQTwkf0bLDLoK12tFYN1R","tlshash":"ee23fa5dbf92f006165f70b7372fa106b15a8c19680cd89cfa07fda46d68f05e837aa4","size":46311,"data":"","first_seen":"2025-12-29T10:41:45.063263Z","last_seen":"2026-01-07T13:44:17.823667Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,d2luZG93LmRhdGFMYXllcj13aW5kb3cuZGF0YUxheWVyfHxbXTtmdW5jdGlvbiBndGFnKCl7ZGF0YUxheWVyLnB1c2goYXJndW1lbnRzKX0KZ3RhZygic2V0IiwibGlua2VyIix7ImRvbWFpbnMiOlsiZGVsdGEtZXhlY3V0b3Iub3JnIl19KTtndGFnKCJqcyIsbmV3IERhdGUoKSk7Z3RhZygic2V0IiwiZGV2ZWxvcGVyX2lkLmRaVE5pTVQiLCEwKTtndGFnKCJjb25maWciLCJHVC01TUdQSERCIik7d2luZG93Ll9nb29nbGVzaXRla2l0PXdpbmRvdy5fZ29vZ2xlc2l0ZWtpdHx8e307d2luZG93Ll9nb29nbGVzaXRla2l0LnRocm90dGxlZEV2ZW50cz1bXTt3aW5kb3cuX2dvb2dsZXNpdGVraXQuZ3RhZ0V2ZW50PShuYW1lLGRhdGEpPT57dmFyIGtleT1KU09OLnN0cmluZ2lmeSh7bmFtZSxkYXRhfSk7aWYoISF3aW5kb3cuX2dvb2dsZXNpdGVraXQudGhyb3R0bGVkRXZlbnRzW2tleV0pe3JldHVybn13aW5kb3cuX2dvb2dsZXNpdGVraXQudGhyb3R0bGVkRXZlbnRzW2tleV09ITA7c2V0VGltZW91dCgoKT0+e2RlbGV0ZSB3aW5kb3cuX2dvb2dsZXNpdGVraXQudGhyb3R0bGVkRXZlbnRzW2tleV19LDUpO2d0YWcoImV2ZW50IixuYW1lLHsuLi5kYXRhLGV2ZW50X3NvdXJjZToic2l0ZS1raXQifSl9","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"dff0ca5a5349be1e262e2fee65ca3bc8","sha1":"961afb125323eb68fa461c7a334d7c1d35233431","sha256":"1ad69091d1154b350bf87053abe0a961447b7d8bdcd1018d3dea9941c76214de","sha512":"ad97699d6907989743f3fedbf0f26b5c700cb2337418dd3e9c171da1e1c2bc188593cb322115d7afbcf700e35713ea05015817737d7abb694f71aaac01185766","ssdeep":"","tlshash":"f7f07db320c00cfbc8fb5502576b2b95334533c6e274201145d959103cdfe13a0d14c9","size":621,"data":"","first_seen":"2025-12-29T10:41:45.087228Z","last_seen":"2026-01-07T13:44:17.828755Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,alF1ZXJ5KGRvY3VtZW50KS5yZWFkeShmdW5jdGlvbigkKXtpZigkKCcjYWRzZm9yd3AtaGlkZGVuLWJsb2NrJykubGVuZ3RoPT0wKXskLmdldFNjcmlwdCgiaHR0cHM6Ly9kZWx0YS1leGVjdXRvci5vcmcvZnJvbnQuanMiKX19KQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"7e2f68678e88c5851db3952b17baefab","sha1":"978196bbe66a99b679736e86ce1b5c4dda62eb94","sha256":"d69a8d6f31cf66aad2a234826ee99d489ef0dc3c1dd09b443173ab97be4b27fc","sha512":"f40becdbaae6a4f19bf80b0095c08963ed4d1dbd157715a18fcb6a15b576d092a38b17e07e1454efe1ec2f41cc703b6caebdbb0ebbeeef356da8fcff36168a4a","ssdeep":"","tlshash":"82c02b6a05504d40486f02106473665e955335b04b40c051c2e6e0305c28018535f904","size":130,"data":"","first_seen":"2025-12-09T13:46:21.924248Z","last_seen":"2026-01-07T13:44:17.82955Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=GT-5MGPHDB","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"92a2a62b85c46bd59cb828e31e53d058","sha1":"c7c4ab78f219f66718501b3ced0f115f88a7a5c3","sha256":"ca7c1599208bf4ae152529fab362ebd80351acea32aa67e8a4ddd1f6dce5266e","sha512":"301f83c5893434dd502e879cd0c0c82a45ddeb81de71dbd0a8e287d69d4dda29880fd79911c248e4eaa647852d956a253bafe8b978ce9c037e062a3ae77aa806","ssdeep":"6144:B0NV1q/6Eh2phH4eHueXJjO67YM+TkDUao5fhkl0YH:8nihwH4aY/TkD2m","tlshash":"cd941ace73d670269396f078503f018ba57b29a2b45dc896f189cce02d74a9a4277f7c","size":434260,"data":"","first_seen":"2026-01-07T13:44:17.816814Z","last_seen":"2026-01-07T13:44:17.816814Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIGluYnJtZmFfc2V0dGluZ3M9eyJpbml0aWFsX2V4cGFuZF9maXJzdCI6IjAifQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"5733f7a9065e436001c843e9f871f7b1","sha1":"0e24ed4804e1ac13dc768db1138ea82a6deb0bed","sha256":"42b19d31cbec1a3d3fddabd5c078218630103330782e78048bfceec893b7a2c9","sha512":"e715e7ab5a17f64ea1a652839c8c72fab02434a77a31fd88042bc2740bc62d0c1e6023317a1ad41b532679ea741b0d5455756522cf3342469c7e4980aa5b2e77","ssdeep":"","tlshash":"6e90045740c7f4dfc40f5370f4f553401f454414177147354c550f47550d1d37101455","size":49,"data":"","first_seen":"2025-09-14T04:55:09.402287Z","last_seen":"2026-02-05T06:15:33.920204Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,IWZ1bmN0aW9uKCl7InVzZSBzdHJpY3QiO2lmKCJxdWVyeVNlbGVjdG9yImluIGRvY3VtZW50JiYiYWRkRXZlbnRMaXN0ZW5lciJpbiB3aW5kb3cpe3ZhciBlPWRvY3VtZW50LmJvZHk7ZS5hZGRFdmVudExpc3RlbmVyKCJwb2ludGVyZG93biIsKGZ1bmN0aW9uKCl7ZS5jbGFzc0xpc3QuYWRkKCJ1c2luZy1tb3VzZSIpfSkse3Bhc3NpdmU6ITB9KSxlLmFkZEV2ZW50TGlzdGVuZXIoImtleWRvd24iLChmdW5jdGlvbigpe2UuY2xhc3NMaXN0LnJlbW92ZSgidXNpbmctbW91c2UiKX0pLHtwYXNzaXZlOiEwfSl9fSgp","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"d14dddb96e6ab600e7f4c14ae6ec6365","sha1":"6bbfd860e16d4f4c00d66c7d3bfd4eb9efc75e0b","sha256":"6c04d2b8f182ee9d167f8c7fb6d4e4eec084f885a28c40f0cb8d7733cfdd1497","sha512":"9f664d3a37b2b68931059722b946f67044e70e64b90c5547675d32766bb8dec09e5aee6e3af46da58484bfdc71b979e514b09060aa867f48bf646b421701f900","ssdeep":"","tlshash":"34d0cd7b17561f3904d3729531efb3417b73075574c001076cb4c5492f645c581ba4c6","size":291,"data":"","first_seen":"2025-05-07T10:58:36.426196Z","last_seen":"2026-04-04T02:53:36.179406Z","times_seen":605,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIGNvcHlUaGVDb2RlPXsidHJpbV9saW5lcyI6IiIsInJlbW92ZV9zcGFjZXMiOiIxIiwiY29weV9jb250ZW50X2FzIjoiIiwicHJldmlld01hcmt1cCI6Ilx1MDAzQ2gyXHUwMDNFSGVsbG8gV29ybGRcdTAwM0MvaDJcdTAwM0UiLCJidXR0b25NYXJrdXAiOiJcdTAwM0NidXR0b24gY2xhc3M9XCJjb3B5LXRoZS1jb2RlLWJ1dHRvblwiIHRpdGxlPVwiXCJcdTAwM0VcdTAwM0MvYnV0dG9uXHUwMDNFIiwiYnV0dG9uU3ZnIjoiXHUwMDNDc3ZnIGFyaWEtaGlkZGVuPVwidHJ1ZVwiIGZvY3VzYWJsZT1cImZhbHNlXCIgcm9sZT1cImltZ1wiIGNsYXNzPVwiY29weS1pY29uXCIgdmlld0JveD1cIjAgMCAxNiAxNlwiIHdpZHRoPVwiMTZcIiBoZWlnaHQ9XCIxNlwiIGZpbGw9XCJjdXJyZW50Q29sb3JcIlx1MDAzRVx1MDAzQ3BhdGggZD1cIk0wIDYuNzVDMCA1Ljc4NC43ODQgNSAxLjc1IDVoMS41YS43NS43NSAwIDAgMSAwIDEuNWgtMS41YS4yNS4yNSAwIDAgMC0uMjUuMjV2Ny41YzAgLjEzOC4xMTIuMjUuMjUuMjVoNy41YS4yNS4yNSAwIDAgMCAuMjUtLjI1di0xLjVhLjc1Ljc1IDAgMCAxIDEuNSAwdjEuNUExLjc1IDEuNzUgMCAwIDEgOS4yNSAxNmgtNy41QTEuNzUgMS43NSAwIDAgMSAwIDE0LjI1WlwiXHUwMDNFXHUwMDNDL3BhdGhcdTAwM0VcdTAwM0NwYXRoIGQ9XCJNNSAxLjc1QzUgLjc4NCA1Ljc4NCAwIDYuNzUgMGg3LjVDMTUuMjE2IDAgMTYgLjc4NCAxNiAxLjc1djcuNUExLjc1IDEuNzUgMCAwIDEgMTQuMjUgMTFoLTcuNUExLjc1IDEuNzUgMCAwIDEgNSA5LjI1Wm0xLjc1LS4yNWEuMjUuMjUgMCAwIDAtLjI1LjI1djcuNWMwIC4xMzguMTEyLjI1LjI1LjI1aDcuNWEuMjUuMjUgMCAwIDAgLjI1LS4yNXYtNy41YS4yNS4yNSAwIDAgMC0uMjUtLjI1WlwiXHUwMDNFXHUwMDNDL3BhdGhcdTAwM0VcdTAwM0Mvc3ZnXHUwMDNFIiwic2VsZWN0b3JzIjpbeyJzZWxlY3RvciI6InByZSIsInN0eWxlIjoiYnV0dG9uIiwiYnV0dG9uX3RleHQiOiJDb3B5IENvZGUiLCJidXR0b25fdGl0bGUiOiJDb3B5IHRvIENsaXBib2FyZCIsImJ1dHRvbl9jb3B5X3RleHQiOiJDb3BpZWQiLCJidXR0b25fcG9zaXRpb24iOiJvdXRzaWRlIiwiY29weV9mb3JtYXQiOiIiLCJjb25kaXRpb25zIjpbXX1dLCJzZWxlY3RvciI6InByZSIsInNldHRpbmdzIjp7InNlbGVjdG9yIjoicHJlIiwiYnV0dG9uLXRleHQiOiJDb3B5IHRvIENsaXBib2FyZCIsImJ1dHRvbi10aXRsZSI6IkNvcHkgdG8gQ2xpcGJvYXJkIiwiYnV0dG9uLWNvcHktdGV4dCI6IkNvcGllZCEiLCJidXR0b24tcG9zaXRpb24iOiJpbnNpZGUiLCJjb3B5LWZvcm1hdCI6ImRlZmF1bHQifSwic3RyaW5nIjp7InRpdGxlIjoiQ29weSB0byBDbGlwYm9hcmQiLCJjb3B5IjoiQ29weSB0byBDbGlwYm9hcmQiLCJjb3BpZWQiOiJDb3BpZWQhIn0sImltYWdlLXVybCI6Imh0dHBzOi8vZGVsdGEtZXhlY3V0b3Iub3JnL3dwLWNvbnRlbnQvcGx1Z2lucy9jb3B5LXRoZS1jb2RlLy9hc3NldHMvaW1hZ2VzL2NvcHktMS5zdmciLCJyZWRpcmVjdF91cmwiOiIifQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"98b01d92581821d687ab22dd6498d1ce","sha1":"de0d0d1b0d4b8b611b2eb7e3ffffcebff9b33b26","sha256":"44b854e047493d74cfd6ceda9491bc8d843c5212c96b8ae984a18c8db315dfa3","sha512":"4c8aa3cfdea929dd9530e8ec66162bb2437bd74fdbdf50422f7c1c310cbc8ac309c5d82b5ba373428b8fa0eb31c99fd0a45b59aa2f95dbaf7ee34de6f1384561","ssdeep":"","tlshash":"3e31dda1a02c56be239b0692ee37492cfa3d3599328ca0255d3fedf441d2414e3a6925","size":1528,"data":"","first_seen":"2025-12-29T10:41:45.076384Z","last_seen":"2026-01-07T13:44:17.832835Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"dc0923c33f2f758c84c52fbb61c834a3","sha1":"b058be2d1733bff3d424d94ace699f13151e3df7","sha256":"d37ef4938c8ae1d3621058c0b807b594bdff045977dab405590883e514289ac3","sha512":"428f2cdc01d9aa9d3dc8ed5a91cbbc7bc7f1e0e05118f0d8a5e817f78b4348022cc0f7219d8362cd7295faca28e22392b2766cbeabb3b65d2387366e142294eb","ssdeep":"","tlshash":"f4d0c77df0585e5020c2607fb471a016521791b9bd941130d75ebc49ff08be546afeeb","size":215,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T04:26:29.950086Z","times_seen":19999,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7d72b80690ba108f701c1b1a5e697720","sha1":"befbf4e1dec83cfd6b3a327a909be07a4f8ab490","sha256":"0d8bef99a34b9446ad386668c9742d804417dad6f930213a1dd1cbb8dacbd6e3","sha512":"7cc76f2ee11c4395caa4a50a63bbd1668733e4f8ba3d89189a8014364a7e93873434b7b7b7c7ab37f624d4558e064d913657c064dcc9b35f892a0f05e0991130","ssdeep":"192:q6e4j3qVXlu798fbuEO4C5/hsNs35PhSkzISM8Z:bel29YFts/Swau","tlshash":"62f153497542b57f393b7071d0af220b313970a3a84b4861e9b8f6d87c789792a23d7d","size":8109,"data":"","first_seen":"2025-07-25T05:28:04.240916Z","last_seen":"2026-04-04T04:26:29.950559Z","times_seen":16246,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,YXRPcHRpb25zPXsna2V5JzonNDBiZWU3ZDQxYjA3NGM2MjE0YTg0NWNhZjY1ZTFlMDMnLCdmb3JtYXQnOidpZnJhbWUnLCdoZWlnaHQnOjkwLCd3aWR0aCc6NzI4LCdwYXJhbXMnOnt9fQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"dfa26dcab41c374d9b1c323cbc6a00b7","sha1":"e1eb440174307bd37b8beb0058082816869b5149","sha256":"91298065cd81eab2bffad47c105c701f79ab70cd0728b510aad92adc34a74b91","sha512":"6d91520f1eb891f866271ff1525f899aa13130d894f881855a220bf0c43ed46b7afa9ba8b851112807c71450ce43e00f145dc216714ad90882c39a0f33cb051a","ssdeep":"","tlshash":"59b012e9784136c6d07920b7685005cd7600c50b3240b4337979b9dc083ab10a58cf42","size":106,"data":"","first_seen":"2025-12-29T10:41:45.090133Z","last_seen":"2026-01-07T13:44:17.835962Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"9eda5fb669436efa969569edce56f2de","sha1":"9379ef4b2f32403210eb913a75b991f2acfe3434","sha256":"5bfb1f5432d6ea3fb80260d23d5fdbd150170323be07ef6a030e234f449fcfa3","sha512":"7e84088581c6b5bfd24fa4fff943a43a7d48c5066fd5efc4246682f62e9f62f532491c04d92b3c1a0caf84457063eb67aff3c05ce256bafb61386fe92b074594","ssdeep":"","tlshash":"9c31d7e56011735ed7a8e8aa855a1b2cfbe05b05b9d84bc102f0c18ab3419b52e597a0","size":1530,"data":"","first_seen":"2026-01-07T13:44:17.836709Z","last_seen":"2026-01-07T13:44:17.836709Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-04T04:46:51.005054Z","times_seen":13161,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"50b527b7b3c4b0b48f57a5476a4011da","sha1":"57c036691f32754fc12fe60347a9b9857929c572","sha256":"fe791d190e2cd5e4d4b72720d2d362aaf5a69dcffa505c4f28c7d954b479a324","sha512":"c3f26c6d5993bcc75dc771ba698ee23ccacc80881cc65e3d0b67d0ee5692c52565b75537cef10c05fb4c662ba3f0338118312056e277002e069edef4034e1df3","ssdeep":"","tlshash":"9dc02b743f013b13e2383caf9b0213c6fcc14f037534760b56a8c18064902231480c43","size":145,"data":"","first_seen":"2025-12-29T10:41:45.083958Z","last_seen":"2026-01-07T13:44:17.838592Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"a52e999a92bfcbaa11371219e6a6d860","sha1":"9a63f73a413ec166d416ddf5f68fe878f2d095f0","sha256":"22a6854c07ed98a348ce113236906d1778264858f9e10e3f6259b14b05e98857","sha512":"ef0029609361fbec3f3b90477b1f1f6dc1799f07747fec44f41073452c4b7d5feb86259e05c5672a081f47fc97ff2ad8cea1ffffc203e5168d36e16259937395","ssdeep":"","tlshash":"d531eba170553312cabdb9f3414d7b6cff94d6021a846bc315b0c6c972145fa1dadf85","size":1800,"data":"","first_seen":"2026-01-07T13:44:17.840701Z","last_seen":"2026-01-07T13:44:17.840701Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIGdlbmVyYXRlcHJlc3NNZW51PXsidG9nZ2xlT3BlbmVkU3ViTWVudXMiOiEwLCJvcGVuU3ViTWVudUxhYmVsIjoiT3BlbiBTdWItTWVudSIsImNsb3NlU3ViTWVudUxhYmVsIjoiQ2xvc2UgU3ViLU1lbnUifQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b5ec6770aca50cd4c1fcc0b5bb6d40fe","sha1":"d853e9b91d963f111d50fea81ea4b45d59beae90","sha256":"624f13249f14f5cfbd9a8bac1db5040796059a3c1ea8559aef87ee46a97777f3","sha512":"3d30e36297e5a85c7fbc233d1aa87769363895c78a266a9082f8216d53245886b5d7e01327a6226b7317c2dacac09c91d12fd63b814cf76cdc83100453c97428","ssdeep":"","tlshash":"a5b09b6d5246a663d1913e441381d423c03108984209441ff15580dd6615d931ccd447","size":121,"data":"","first_seen":"2025-05-07T10:58:36.42153Z","last_seen":"2026-04-03T19:34:45.040502Z","times_seen":461,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ad81beb0a28e87fe3ce3742823d264a8","sha1":"f0aa1a71cc5d0b2b40e1b009486fc627f7703878","sha256":"10531cb9ccd59383133c85843a19c55ba0a27d1a2eb912628e9bd7f68b479aa5","sha512":"ed7834311ae7828b03aa5a7411e9f4bbf5066879ee89fe01f83fa28d1a299733d0a81eea1cc4ab97477bf80c13c5ecf94e398d95c3bd3a2911d480b651c6fb78","ssdeep":"","tlshash":"9131ee7df5291636095661fde399e341a030f0dadc428424efb5cc5ea8cce9548abdf2","size":1717,"data":"","first_seen":"2025-07-25T05:28:04.194173Z","last_seen":"2026-04-04T04:26:29.955907Z","times_seen":10915,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-includes/js/jquery/jquery.min.js","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-04T04:45:42.22765Z","times_seen":684536,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIGFkc2ZvcndwX2Jyb3dzZXJfb2JqPVtd","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"41a964c08076f3e7768516da0ab48173","sha1":"fc5b37087a4c3ea55fbb66c69512b7e0378115f6","sha256":"8f8510517c2f545eadbd2910f1bd68aae15da12ed1404aa8af080b7001ec79c9","sha512":"bb67a85298b08f7bb101b35254235fdb460b49f9e91bc8af1cd3c0df4523581555e9d10a97ea0f0ab8bd25796327d31ed8da3069a74b8ffab23032f49e83ffe9","ssdeep":"","tlshash":"aa800020200e03c22c00300008c20e0a2a0823a008a320c808a3022823000000088008","size":27,"data":"","first_seen":"2025-10-07T10:00:18.764053Z","last_seen":"2026-01-07T13:44:17.844597Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl28268103.effectivegatecpm.com/39/6f/b8/396fb8d27a213d15997be2bc74f85e0c.js","fqdn":"pl28268103.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f1010df38e6fe918924f0d7f029dc38f","sha1":"f8ea078eb079d8d88e54028d5947d07a0f2301d8","sha256":"632d79ab43fccca4896cfde311e0cfa1b7a0a488b6201449e85d715a435c83a8","sha512":"84d5f8ee6b9f8f223e9d35bcc58971dd3889dd14bdfaf23ddb4b26e27526314796b4dfa2660784d4a804d2f6fc28bcbcb89f71e40bd5d37800d7317589342ad8","ssdeep":"3072:Emz17aMWZ44SXdVY4lDKVVbZ4i3/9j9y1UglGewsY:Emzw194LwsY","tlshash":"7ea3c788bfd0f06d129a6473223f950ff11a4e42505ce558e907f8e66abc32af47db64","size":106856,"data":"","first_seen":"2026-01-07T13:44:17.808487Z","last_seen":"2026-01-07T13:44:17.808487Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/litespeed/js/4e830e8f77d1b440db8aae5f58e7b612.js?ver=7c25f","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4e830e8f77d1b440db8aae5f58e7b612","sha1":"796038cafdc345b4227b9bdb5c52a696a5aa8f79","sha256":"b02276c277fd5ee27d3702ce9a340437136ed8f473a853f91df94fae42df5630","sha512":"12fee64d8425fc6e8ad350c97403722501c5d894db9c42a380b9de7910f3fd2172728a680881c9ccbd03c85d9606726bbe908f0393863281aa8349a4735c5e8c","ssdeep":"768:lK60LP3m4qJ+h4MWq4BDKrrdBKhR/BdT683dX4ryKD6Fmc27gROnoW9oCwSHXf:0rP7Q+hkbKnb2h683dIryKD6FaoW9OY","tlshash":"a4133aec7154627646fb3afa70ffe24a327634d9950584049028dcd92dfcc8612a7fba","size":45275,"data":"","first_seen":"2025-12-29T10:41:45.058743Z","last_seen":"2026-01-07T13:44:17.824566Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIGFkc2ZvcndwX29iaj17ImFqYXhfdXJsIjoiaHR0cHM6Ly9kZWx0YS1leGVjdXRvci5vcmcvd3AtYWRtaW4vYWRtaW4tYWpheC5waHAiLCJhZHNmb3J3cF9mcm9udF9ub25jZSI6ImFjZmI1NWVhMTIifQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"8b10ec95914578a434516028efdf94af","sha1":"35f94d640a7514458a77ba45a459410d09f03781","sha256":"80bb584b8aca58cc6d3546bb88a1507ac3c8750abcf14fead1ef66f5ea901f76","sha512":"6449182fd4bf196181244273ce9e94db78ce675bfceeb2671be7ad94a06f89cecb5dc00fae2db5a796447a7b2f1eac9ece533d03dd44fe8a4f1bcb855e80879b","ssdeep":"","tlshash":"cfb09b1745454fd375440ec048e57f5f576d71b2b5514dc59aefe05813441459b44245","size":118,"data":"","first_seen":"2026-01-07T13:44:17.850724Z","last_seen":"2026-01-07T13:44:17.850724Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"90b1410b77aaf5b99f0753359c4749e1","sha1":"4d34f9e71e28d0a67c14eb3ca5cf701f43e7f91c","sha256":"4699e3393484a63aba55183834802fdb3b9623bd16cbff865db70f3787ba779e","sha512":"961840a3d1db1d80403855a81965f5b0fb711a23f0cddaaf7b08a4fd698bdcde9bc16384d6bf37e1728cc06fa93f732ef1bfa20c70f3cfd273cabcd1332d5b69","ssdeep":"96:A6oz+OGZFxYntN0hg37FajfGk/eYntN0hg37Fajy1jD9fACfMEDaH:wzWYntWhgrFWGkGYntWhgrFvvmCkCaH","tlshash":"87911b906cd17369d56db8bf456a571cbf50d2032a48efc376ecd2866b106b41d98fc0","size":4562,"data":"","first_seen":"2026-01-07T13:44:17.852917Z","last_seen":"2026-01-07T13:44:17.852917Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d3fb31fc4a0b37980210c57f2698989d","sha1":"82a161b3a63cf0d5a5b37e9eacdfaf298bcbb55b","sha256":"45200934a32157fcedfec503f25c156ed7a19df9a9538269e7848ad8f1adc936","sha512":"69f23736f39a72a620c7ee834ab1745e31b0289d9724365899af60148af4a28c26c7f2bfd64649776390a2301775e2c5be863604d3c932f264eaf572f0c2b3e7","ssdeep":"","tlshash":"0fe0a330f14849201040c569f274c41110b2ca85dc2aed30f38db818f830989c1b7df7","size":408,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-04T03:43:01.582163Z","times_seen":14218,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIGdlbmVyYXRlcHJlc3NCYWNrVG9Ub3A9eyJzbW9vdGgiOiEwfQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"082dcdb34674ab2eab78cff639656ba9","sha1":"8f51206e7c7e76df918659de28243bb99f8b5029","sha256":"233a016fecca13a9852656b81620defe0d93ea0f30a949d9210a767a4d946808","sha512":"d61a0a5856740b6306b399a3c6920c0680858834affc37de5caf5fcfc0c81e4e7ba1c77e72fe57a348035fd591fcee8324389c2b020f286af38410e8ddaff004","ssdeep":"","tlshash":"e89004314044403500d74d003540c054d1d4c414c5cdc051d5d45443d330c004cdd540","size":40,"data":"","first_seen":"2025-05-20T18:41:12.955129Z","last_seen":"2026-04-03T19:34:45.031583Z","times_seen":180,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"sourshaped.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 452baa2151bafe508e55440310c9b673\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":550,"timings":{"blocked":269,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-07T13:43:51.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _lscache_vary=377c83b50617e39701a0dcb32cd74e96\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-powered-by: PHP/8.2.29\r\nx-dns-prefetch-control: on\r\nx-ua-compatible: IE=edge\r\nlink: \u003chttps://delta-executor.org/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://delta-executor.org/wp-json/wp/v2/pages/17\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\", \u003chttps://delta-executor.org/\u003e; rel=shortlink\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-litespeed-cache: hit\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6HhqackXoy%2B0ERM2UjLejWqtgJQj0HtWt4kDpH%2BJI5xR7OSCrnSiYzxuuf7MQD9zqtjcrpTVXSoitTMOc%2FljyudNefyrz2vmHGf3STuUYNA%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9ba3e2f38a36b4f3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:8.2.29","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"WordPress:6.9","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Site Kit:1.168.0","description":"Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.","website":"https://sitekit.withgoogle.com/","common_platform_enumeration":"","icon":"Google.svg","categories":["Analytics","WordPress plugins"]}],"data":{"size":117511,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (10263)","md5":"80f88eb76ebc05a02143e577cc3aabe5","sha1":"866c4c9d675b94ed61dc22a2725671e77aeb0893","sha256":"930161d77562e83770fb1e0d4f71c528ef90c4bd137bb8781755ddef77e55af7","sha512":"ce2ef3a49c87e46e3808ed23b30b84b9b125c88ab48d86a0169e56f7064c1d41d88e2d8b481e2b71ee481a6974093551cbee541d922f47f9e11922309be3b95e","ssdeep":"1536:RF2CXpPDypMxJ0DiKQIwyv9NqC9npF7QH1Jfup2otre:RFzpPu+J0XXqMpFQ1Jfup2X","tlshash":"5ab34ca3839019b7261f47acd259b30b751b9044db031af1f1fde064a5c8ee95bb2b4e","first_seen":"2026-01-07T13:44:17.804584Z","last_seen":"2026-01-07T13:44:17.804584Z","times_seen":1,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":10,"dns":2,"connect":1,"send":0,"wait":67,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pl28268103.effectivegatecpm.com/39/6f/b8/396fb8d27a213d15997be2bc74f85e0c.js","fqdn":"pl28268103.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 21:45:50 GMT","end":"Fri, 06 Mar 2026 21:45:49 GMT"},"fingerprint":{"sha1":"4D:1C:0D:DB:A3:77:74:26:85:B0:AD:E4:B7:D6:63:03:F7:70:5B:C1","sha256":"9A:F3:3F:D6:D1:0C:71:F9:29:9F:CD:B5:C6:5A:D8:DC:57:BB:69:1F:2D:12:B6:B9:74:23:CD:5A:2A:D3:FB:BE"}}},"request":{"raw":"GET /39/6f/b8/396fb8d27a213d15997be2bc74f85e0c.js HTTP/1.1\r\nHost: pl28268103.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38096\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 6\r\nHost: pl28268103.effectivegatecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a3a406490334535b85c4faf1a3615e59\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":106856,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f1010df38e6fe918924f0d7f029dc38f","sha1":"f8ea078eb079d8d88e54028d5947d07a0f2301d8","sha256":"632d79ab43fccca4896cfde311e0cfa1b7a0a488b6201449e85d715a435c83a8","sha512":"84d5f8ee6b9f8f223e9d35bcc58971dd3889dd14bdfaf23ddb4b26e27526314796b4dfa2660784d4a804d2f6fc28bcbcb89f71e40bd5d37800d7317589342ad8","ssdeep":"3072:Emz17aMWZ44SXdVY4lDKVVbZ4i3/9j9y1UglGewsY:Emzw194LwsY","tlshash":"7ea3c788bfd0f06d129a6473223f950ff11a4e42505ce558e907f8e66abc32af47db64","first_seen":"2026-01-07T13:44:17.808487Z","last_seen":"2026-01-07T13:44:17.808487Z","times_seen":1,"resource_available":true,"data":null}},"time_used":823,"timings":{"blocked":309,"dns":40,"connect":91,"send":0,"wait":100,"receive":93,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"pl28268103.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"pl28268103.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"pl28268103.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"pl28268103.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/uploads/2025/08/Delta-Android-KeySystem.jpg.webp","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/Delta-Android-KeySystem.jpg.webp HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nCookie: _lscache_vary=377c83b50617e39701a0dcb32cd74e96\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 19336\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 24 Dec 2026 23:05:45 GMT\r\nlast-modified: Sat, 23 Aug 2025 10:03:10 GMT\r\netag: \"4b88-68a991de-f59b0cdc952ecb75;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1197486\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F5EYjduBKi841ZtQQJODPmMkHB360MtYStjrDwNkbkZA7vhZ3M4dt8WYZX6PVzReUkYXBY78K%2B4bzYI7LsfgO3mHpzVFQ%2FNjWQmIlH2t8L0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2f4cd600b06-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":19336,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 661x457, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c819fc3fb607b7794b021a0244b778f6","sha1":"630a6d0f1c1e47d72878c0348b83ee2889a7cb3c","sha256":"d254fe72dd8b64c2213e47fb77e5bbc4c8b33abc49722dd80ebd604ebe778059","sha512":"24779301c7358b8780bc689a4b124f7212b78994b402f493f5038bbcce088ad4310cb2b4559bc820f60de2705ce213e505ec43b931d6cd2dd65d4e748c98ad58","ssdeep":"384:myv/AjMYBKbFoTy5qXisCELkkk3XVX236GNEYQ17OAJGYu1py:mgYj0FD5YG93XZesYmAm","tlshash":"f692d0a5ca78f506f85615ead4b50504558f5ed932178313013ab3fbeb3a892cbeca1c","first_seen":"2025-12-09T13:46:21.89938Z","last_seen":"2026-01-07T13:44:17.811376Z","times_seen":4,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/uploads/2025/08/Delta-Executor-Latest-Android-User-Interface.jpg.webp","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/Delta-Executor-Latest-Android-User-Interface.jpg.webp HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nCookie: _lscache_vary=377c83b50617e39701a0dcb32cd74e96\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 25156\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 31 Dec 2026 08:51:23 GMT\r\nlast-modified: Sat, 23 Aug 2025 09:58:10 GMT\r\netag: \"6244-68a990b2-3a6b933aed641366;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 643948\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=skiDKb8utHXyag0%2FKNz13onH4PEWN6NPL%2Bj1ATwDYpmg%2FJqplxzNwGukhHUQb3YrLwmpLFGx1CX0QmpZEAlHreUlWnH9qMlr0vDEZDqoUx8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2f53daf0b06-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":25156,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 760x433, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"58a5c21fd4b1e335e8da8dddaa4dc6f8","sha1":"20aa39907e46ba03a998e1f3e846063b12e5d280","sha256":"9c2fa894223c5b11344dd5553811f1f85aa7d3e86b7e8b3ae219a7848b79f2d3","sha512":"bb4cb52dc1754d5e85e30ef9a11b0a7c41ab0477c71d4f1cb9546b3cc5b90e1cb2ac5f670208da87b43e2b307383f2c11638a68796b409b7e80cb3b72a2df97e","ssdeep":"768:oVigVEFe8ESdg2eCq3aYIjO9HfDkkXGbE:MieEI87EfUOpfIq7","tlshash":"46b2e0ac41954063dff7637c28e60524eaeebc73a60804d3df69bde56e04d47aa28dd0","first_seen":"2025-12-09T13:46:21.909959Z","last_seen":"2026-01-07T13:44:17.812699Z","times_seen":3,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/uploads/2025/08/Delta-Executor-official-logo.png","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/Delta-Executor-official-logo.png HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nCookie: _lscache_vary=377c83b50617e39701a0dcb32cd74e96; _ga_DCMWSBXYFZ=GS2.1.s1767793432$o1$g0$t1767793432$j60$l0$h0; _ga=GA1.1.1256574295.1767793432; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f3c827c2-b1e6-4607-ac3d-853ad4876835%3A1%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 7309\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 05 Dec 2026 16:53:42 GMT\r\nlast-modified: Sat, 23 Aug 2025 10:03:11 GMT\r\netag: \"1c8d-68a991df-b89b786b3b749c26;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 2861410\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BYkSHDRYp3nMcXll6D8tbmZaVO%2FKxkUGZExEeUTDBS%2F3mrZh6AaglRFMFniLCGScGJg0GHvOLULY9rlklXacHykx6EeXjnoqTx%2FREw1UNHU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2fb8aba0b06-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7309,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"3ab4d24d7ef310ed09d69f20a72c2799","sha1":"9565cb1b464f9b343f315caa4f3f769ec1ae19fb","sha256":"36aadf2991c9de9cfa79308f182326608c6dca4b5897dafca7c36b00f6544def","sha512":"7110ac6353ef2b4a8ea1b60a5020a1bf3ab996bd769507b8422c54ea43e6063be64978d2e06950afa55fc0fc6c4967f1827b5ad0e014c38f05f4a5ba7c2e7871","ssdeep":"192:bampQksISbiQeLJLSGrO1Cy+HBb5CYCCUXLHZ2ft2A:bdJPSGQ+Lg1Cz95CYbUbAgA","tlshash":"63e1ae39ac7203fab6fac1dd0a5ba0457610d24b809c09271788eb2539977a4f897956","first_seen":"2025-12-09T13:46:21.898256Z","last_seen":"2026-01-07T13:44:17.813605Z","times_seen":3,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/0e/3d/23/0e3d23863eff2e8bf535579f702fe030/1756656797.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:53.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 06 Jan 2026 02:32:52 GMT","end":"Mon, 06 Apr 2026 02:32:51 GMT"},"fingerprint":{"sha1":"8A:68:C7:51:16:AB:C0:0E:F3:A6:17:12:E1:07:66:95:36:27:86:2F","sha256":"79:02:9B:96:2C:55:77:35:46:DB:5C:3A:D0:CB:0C:13:BA:42:DE:12:27:8F:10:39:52:51:F4:1C:0A:CA:0E:E5"}}},"request":{"raw":"GET /cti/0e/3d/23/0e3d23863eff2e8bf535579f702fe030/1756656797.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 51444\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 16:13:17 GMT\r\netag: \"68b4749d-c8f4\"\r\nexpires: Fri, 09 Jan 2026 13:43:53 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51444,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:29 16:20:35], progressive, precision 8, 728x90, components 3","md5":"e1777a2961908b35f79a77c5ab64bb88","sha1":"7115f98ff2a370bd0de059359701bf680c2fd69f","sha256":"7d07fa5d13965523a25f23c9e89fc1896c55e785998ff0eb814763ff3f3f1cc8","sha512":"f5308c63b2c0a27b1c3950d479124105c4f2ea8e7fb927f973aaf673a35e1ac3de58805a51db21b49a49b4c8b3867e2ee526d8d3b98c9fa50ac28afaec9a1fa9","ssdeep":"768:tYiS/vYyMgxzdJSqK1tEkSo0qQCBUPAkpfVBYocvnJ9zAAtm2:evRJyHv0TTYWfVBYjB9zAh2","tlshash":"7333e01a7a908fb2f8c196782065f383c3a29e94b7a32751b8dc771177b37955d4f202","first_seen":"2025-09-02T20:22:38.328959Z","last_seen":"2026-04-03T22:34:53.941286Z","times_seen":651,"resource_available":false,"data":null}},"time_used":394,"timings":{"blocked":168,"dns":1,"connect":19,"send":0,"wait":21,"receive":37,"ssl":146},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/uploads/2025/08/Delta-Executor-Latest-Android-User-Interface.jpg.webp","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.471Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/Delta-Executor-Latest-Android-User-Interface.jpg.webp HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 25156\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 31 Dec 2026 08:51:23 GMT\r\nlast-modified: Sat, 23 Aug 2025 09:58:10 GMT\r\netag: \"6244-68a990b2-3a6b933aed641366;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 643947\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zV9R70fsHudN9rqFSgc40BtPfA7a3Pf%2B%2BzHikJePx4Vrj7KFXF%2FcC7NYwrG8FhUqDMfmBPJ2rUuSvCD5VFu9MdcOSpvg8e8vEmtajNgqSINKig%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2f2a80476ef-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=GT-5MGPHDB","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:27 GMT","end":"Wed, 25 Feb 2026 15:49:26 GMT"},"fingerprint":{"sha1":"2C:B9:1B:62:2A:F9:04:B9:16:E2:30:B0:A8:B2:85:0C:68:BC:79:25","sha256":"AE:CB:A0:2C:92:1E:CB:D2:CB:6C:0D:37:5E:A2:4E:27:AE:4E:CA:0C:EC:53:D5:50:E6:C1:3D:EB:17:C1:F2:C9"}}},"request":{"raw":"GET /gtag/js?id=GT-5MGPHDB HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\nexpires: Wed, 07 Jan 2026 13:43:51 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 143533\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":434260,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"92a2a62b85c46bd59cb828e31e53d058","sha1":"c7c4ab78f219f66718501b3ced0f115f88a7a5c3","sha256":"ca7c1599208bf4ae152529fab362ebd80351acea32aa67e8a4ddd1f6dce5266e","sha512":"301f83c5893434dd502e879cd0c0c82a45ddeb81de71dbd0a8e287d69d4dda29880fd79911c248e4eaa647852d956a253bafe8b978ce9c037e062a3ae77aa806","ssdeep":"6144:B0NV1q/6Eh2phH4eHueXJjO67YM+TkDUao5fhkl0YH:8nihwH4aY/TkD2m","tlshash":"cd941ace73d670269396f078503f018ba57b29a2b45dc896f189cce02d74a9a4277f7c","first_seen":"2026-01-07T13:44:17.816814Z","last_seen":"2026-01-07T13:44:17.816814Z","times_seen":1,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":92,"dns":1,"connect":8,"send":0,"wait":24,"receive":24,"ssl":91},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:51:40 GMT","end":"Sun, 29 Mar 2026 00:51:39 GMT"},"fingerprint":{"sha1":"F3:CE:FF:C9:F8:70:23:18:40:13:70:96:1A:D1:FD:34:D3:CD:66:FC","sha256":"07:8C:A3:3F:1D:F1:E0:75:3D:26:20:F5:D5:75:64:CE:F7:40:6E:B7:BB:B9:EC:79:33:27:5F:51:2E:B0:12:E7"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a7e95d8fcce7c80e32c5382269c99d00\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":55,"dns":0,"connect":17,"send":0,"wait":18,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/watch.880661088388.js?key=40bee7d41b074c6214a845caf65e1e03\u0026kw=%5B%22delta%22%2C%22executor%22%2C%22v2%22%2C%22702%22%2C%22official%22%2C%22-%22%2C%221%22%2C%22roblox%22%2C%22for%22%2C%22android%22%2C%22ios%22%5D\u0026refer=https%3A%2F%2Fdelta-executor.org%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=8b119642-fed9-4b9b-b4bd-797975e07efe%3A3%3A1\u0026shu=d641fdfd801666e88dd5c90f63a340ba5bb29499394ab812ddaed742da3ce222a1287b6894e6955e48f88e4d4f9c4114a7099401ae704aad6337f2cd3592d9c91da95dc83ae7c16625a0f1b394ebf74a9f1402121c0473d89939d5\u0026pst=1767793492\u0026rmtc=t","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:53.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:46:27 GMT","end":"Sat, 28 Mar 2026 23:46:26 GMT"},"fingerprint":{"sha1":"14:D8:A4:21:72:37:E4:C0:CE:53:5D:C0:99:88:BB:F5:AB:09:9F:77","sha256":"E0:A6:B2:57:A8:ED:75:A3:DB:37:93:9B:8F:60:2D:A9:97:B8:E8:E5:77:A2:C7:8E:B2:CF:E2:E9:F7:6A:43:C7"}}},"request":{"raw":"GET /watch.880661088388.js?key=40bee7d41b074c6214a845caf65e1e03\u0026kw=%5B%22delta%22%2C%22executor%22%2C%22v2%22%2C%22702%22%2C%22official%22%2C%22-%22%2C%221%22%2C%22roblox%22%2C%22for%22%2C%22android%22%2C%22ios%22%5D\u0026refer=https%3A%2F%2Fdelta-executor.org%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=8b119642-fed9-4b9b-b4bd-797975e07efe%3A3%3A1\u0026shu=d641fdfd801666e88dd5c90f63a340ba5bb29499394ab812ddaed742da3ce222a1287b6894e6955e48f88e4d4f9c4114a7099401ae704aad6337f2cd3592d9c91da95dc83ae7c16625a0f1b394ebf74a9f1402121c0473d89939d5\u0026pst=1767793492\u0026rmtc=t HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://delta-executor.org\r\nReferer: https://delta-executor.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyODE2NzU4NSwiayI6IjQwYmVlN2Q0MWIwNzRjNjIxNGE4NDVjYWY2NWUxZTAzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1NDcxNTMyLCJwaWQiOjE2NjM2OTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6Im5ic2RtOXM2eiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJjdCI6eyJpZCI6MzE0MzI0NCwibiI6Ik9zbG8ifSwicmciOnsiaWQiOjE4NDQsIm4iOiJPc2xvIENvdW50eSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsIml3ZiI6dHJ1ZSwidXAiOnRydWUsInIiOiJodHRwczovL2RlbHRhLWV4ZWN1dG9yLm9yZy8iLCJ0eiI6MSwiYXIiOltdfX0.NqquWu84yZi7jS--NnbRn0YXL9ZGJIp3U9IRzTrp8pA\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:53 GMT\r\nContent-Type: text/html\r\nContent-Length: 2241\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://delta-executor.org\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=8b119642-fed9-4b9b-b4bd-797975e07efe:3:1; expires=Wed, 14 Jan 2026 13:43:53 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Thu, 08 Jan 2026 13:43:53 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Thu, 08 Jan 2026 13:43:53 GMT; path=/; secure; SameSite=None\npdhtkv23=true; expires=Thu, 08 Jan 2026 13:43:53 GMT; path=/; secure; SameSite=None\nuncs23=1; expires=Thu, 08 Jan 2026 13:43:53 GMT; path=/; secure; SameSite=None\nu_pl28167585=1; expires=Thu, 08 Jan 2026 13:43:53 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 304\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9d5fed7a50790f992f783ba2fbc3da7d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4594,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3718)","md5":"7b8556bccee292355f23e9cd79be37da","sha1":"c068014c69489304c77deb93c030c58684a92448","sha256":"b1255c6a27d88579c830551250cc9afde2611c5d29bb01c52bacd79d24d39c2c","sha512":"cf0366102927560507fe33fe9e88c90c8aac8b60abc1cccb519009f84ae5008e2607e01658383069ede2a33a70bbb2ac3ea22b7625b1afcd2c962ab7b76a43c3","ssdeep":"96:D6oz+OGZFxYntN0hg37FajfGk/eYntN0hg37Fajy1ZD9fACfMEDaH:LzWYntWhgrFWGkGYntWhgrFvVmCkCaH","tlshash":"8c911a906c917369d56db8bf456a571cbf50d3032a44efc376ecd28a2b10ab41da8fc4","first_seen":"2026-01-07T13:44:17.818319Z","last_seen":"2026-01-07T13:44:17.818319Z","times_seen":1,"resource_available":false,"data":null}},"time_used":400,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":400,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-07T13:43:50.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-powered-by: PHP/8.2.29\r\nx-dns-prefetch-control: on\r\nx-ua-compatible: IE=edge\r\nlink: \u003chttps://delta-executor.org/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://delta-executor.org/wp-json/wp/v2/pages/17\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\", \u003chttps://delta-executor.org/\u003e; rel=shortlink\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-litespeed-cache: hit\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w61h1b7jE%2B9PVi7YYD%2FmzkGOdrlQBmnTyZ9P3bXBNExHPciqmOPj0B8c0QYYYLde7vtMtAYUu%2FKgswvJg4ma7aBHyAZsvCOqYPkb4t%2BERtc%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9ba3e2ef5d94b4f4-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"WordPress:6.9","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"PHP:8.2.29","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Site Kit:1.168.0","description":"Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.","website":"https://sitekit.withgoogle.com/","common_platform_enumeration":"","icon":"Google.svg","categories":["Analytics","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":120606,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (10263)","md5":"8e3381aca8fe19e5592519334a302574","sha1":"a89983878f109159815f232a92b2e77b2679d420","sha256":"a77db4de0cd19d361e48c7a2ce7e46933c9322c6f4efd1cb5ea42fc374a53070","sha512":"ac61ede8ef6f9be9cdcb37070e15e6e1345cd887d816cdb97a2412ac84bdba9c46f8f76e11b2766895eadc1b36e39d0183717fb6ca341e961d1c01f85fe0903b","ssdeep":"1536:RF2CXpPDypMxJ0ftKQIDyv9NqC9nClkGH1Jfq1E2otrry:RFzpPu+J0cQqMCln1Jfqq23","tlshash":"10c33ca3939009b7251f43acd11ab30a751be144db0356e1f1fde06895c8fe95bb2b8e","first_seen":"2026-01-07T13:44:17.819586Z","last_seen":"2026-01-07T13:44:17.819586Z","times_seen":1,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":49,"dns":25,"connect":1,"send":0,"wait":166,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/litespeed/css/fe2fcf86994d9a7717a9c982dffcb9d4.css?ver=7c25f","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-content/litespeed/css/fe2fcf86994d9a7717a9c982dffcb9d4.css?ver=7c25f HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: text/css\r\ncontent-length: 20313\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 31 Dec 2026 08:51:23 GMT\r\nlast-modified: Thu, 25 Dec 2025 09:36:38 GMT\r\netag: \"24769-694d05a6-945ef485875bce8c;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 643947\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a4yi38P8KC%2BnAiwGeSoL04NIVn8LuF%2FDTdJnWrNzia1GmUg04yp3R1oQsxDBrsNEm4hG69RDFM7RxTSkAqs2WKZBFnPw8nB3PpDVGI0%2F%2F%2FIxmA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2f15bff76ef-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":149353,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (55871)","md5":"fe2fcf86994d9a7717a9c982dffcb9d4","sha1":"0e31c0a2986e328362336a3b7b8a0addf6208d1f","sha256":"fcf449db46591352db1735d4fa3e7d43872e209aa437ca239a912f9988b0c4b8","sha512":"be7a0d23f3362284dfe74470bcca8020c0628508595f6699c1229f41428a15739e8c627cc363a044df660565228f552828086956fd40afc075557fce2a2253fc","ssdeep":"3072:XoeJBCCUQg5MG7x+qehvX02dclkWwbFpPoBnnBY:BfUQg5MG7x+qehvX02dclkWiFuBnnBY","tlshash":"dce3a45017b4dcf935ff973a5e8de258a103aa41c64a5bebf066d290618ca490df3b0f","first_seen":"2025-12-29T10:41:45.061417Z","last_seen":"2026-01-07T13:44:17.820637Z","times_seen":3,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/uploads/2025/08/Get-Delta-Executor-Key.jpg.webp","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/Get-Delta-Executor-Key.jpg.webp HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nCookie: _lscache_vary=377c83b50617e39701a0dcb32cd74e96\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 32320\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 16 Dec 2026 07:20:47 GMT\r\nlast-modified: Sat, 23 Aug 2025 10:03:10 GMT\r\netag: \"7e40-68a991de-3d6d93ea5906f446;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1945383\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=faKBV%2B0TxwPcGF4UDdvq8ICajeD%2BWvPrhu6wemzEmKHDEHh%2BTWr31AUOpoC4EDQIkt4l%2FKcxgrTLtLqtVMyYnvHYXLvEVPPIIrx1rSQUk%2Fs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2f4cd5d0b06-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":32320,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 760x424, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5aa428d657e0141cd34ed28bb19843a6","sha1":"c0853bee3c741c9e5fbd3630192cde0d29859651","sha256":"367dfc8bbdb307b26b8b410a83eaf51f802437a62e36f0ccfab24c2d5dabb6c7","sha512":"89c36b363f8457bd798cb69a4827fca63e08d07a121b678ac8c2a3ce4ca16fbf4b5c987911e9d0d89434b1ea2c76b04d225b1b77828caafb0bd2c9c26d1b80c0","ssdeep":"768:nFouye5kQOemvJKpgJX59vlb/VohTDG1VEXZC61ENl:e5QFmvJKpgZlzVohDG1c+P","tlshash":"f1e2f17e0a37de17e12f3e6aea2107117b5c568da3138b44e9db8f27a815dd3322521c","first_seen":"2025-12-09T13:46:21.913842Z","last_seen":"2026-01-07T13:44:17.82197Z","times_seen":4,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"35.156.32.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://delta-executor.org\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://delta-executor.org\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=f3c827c2-b1e6-4607-ac3d-853ad4876835:1:1; expires=Sat, 05 Jan 2036 13:43:52 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"ae904c74ee45c431ff4f2a10c6340f51","sha1":"93da491677dad72e452d1140ea29f5bfac94fcd1","sha256":"f9ddeddcc791f6ee6cc674f7abac6a3f22b66f050139c5a22ea306379d8a8c43","sha512":"a390e6dcc49e9132fdf2b7ceacc53ef562a0c7b85167c593844707940e884713e211446eef185034b3fd743f7092b3757ddeca73a63141efbb75b73ef2e3f6eb","ssdeep":"","tlshash":"3e90044440517750c04d03c7003f315551c547f1d714307d1114c535c01034c731d017","first_seen":"2026-01-07T13:44:17.822644Z","last_seen":"2026-01-07T13:44:17.822644Z","times_seen":1,"resource_available":false,"data":null}},"time_used":472,"timings":{"blocked":223,"dns":0,"connect":21,"send":0,"wait":21,"receive":0,"ssl":203},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=739\u0026rd=739\u0026fd=573\u0026bv=25.12.4806\u0026tmpl=70","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=739\u0026rd=739\u0026fd=573\u0026bv=25.12.4806\u0026tmpl=70 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:52 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":667,"timings":{"blocked":288,"dns":1,"connect":92,"send":0,"wait":98,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/40bee7d41b074c6214a845caf65e1e03/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Dec 2025 22:06:14 GMT","end":"Mon, 09 Mar 2026 22:06:13 GMT"},"fingerprint":{"sha1":"FF:6C:F9:E0:24:86:DF:99:47:19:6C:03:2B:17:E7:3B:21:C6:76:11","sha256":"7D:B7:58:57:35:4C:C8:CB:D1:EC:C1:9D:A7:81:D0:9A:64:F9:9A:AD:FF:AB:A6:C6:0B:D3:97:CC:AE:D6:5E:A2"}}},"request":{"raw":"GET /40bee7d41b074c6214a845caf65e1e03/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18501\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 6\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3ef03975decf14f58dbc82ee224dfe11\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46311,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46311), with no line terminators","md5":"af9b7fa6e5688d84a26ab3455298571f","sha1":"24ad45cb534584d8770e8aeb6ae6d9b5a0a7894b","sha256":"5e7557c140143751ba86f5d370ad56e043926dced1ac46ccc70da86b810f6655","sha512":"423e03032e4c55a1a1139b5cb28ad8326d4b085eced09181ac55e7b4fe94c3330093e3018904f9a6d9226f8acc7281364e054affa2aa1c0d5d399172600304e9","ssdeep":"768:dB2Ee/5+sNKlKMHLQTwkf0R6sYeLvLoK12G6FYc0CEsC:dB2Em+aMHLQTwkf0bLDLoK12tFYN1R","tlshash":"ee23fa5dbf92f006165f70b7372fa106b15a8c19680cd89cfa07fda46d68f05e837aa4","first_seen":"2025-12-29T10:41:45.063263Z","last_seen":"2026-01-07T13:44:17.823667Z","times_seen":2,"resource_available":true,"data":null}},"time_used":765,"timings":{"blocked":278,"dns":1,"connect":92,"send":0,"wait":101,"receive":92,"ssl":197},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/uploads/2025/11/Delta-Executor-official-logo-New.png","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Delta-Executor-official-logo-New.png HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nCookie: _lscache_vary=377c83b50617e39701a0dcb32cd74e96\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: image/png\r\ncontent-length: 7309\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 02 Jan 2027 20:53:48 GMT\r\nlast-modified: Tue, 11 Nov 2025 06:27:49 GMT\r\netag: \"1c8d-6912d765-92d1f264c5af1d95;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 427803\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5UHo%2BVWQPcb3OBye04Gti72j4iqeBnTr5DZKmfGfNqTClKdpFSKn5y1IUWO0adZvA7LGc%2B4%2BFSG6ge652MepnZYnGWdSdB6mv0t8AwDG1Jk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2f53dad0b06-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":7309,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"3ab4d24d7ef310ed09d69f20a72c2799","sha1":"9565cb1b464f9b343f315caa4f3f769ec1ae19fb","sha256":"36aadf2991c9de9cfa79308f182326608c6dca4b5897dafca7c36b00f6544def","sha512":"7110ac6353ef2b4a8ea1b60a5020a1bf3ab996bd769507b8422c54ea43e6063be64978d2e06950afa55fc0fc6c4967f1827b5ad0e014c38f05f4a5ba7c2e7871","ssdeep":"192:bampQksISbiQeLJLSGrO1Cy+HBb5CYCCUXLHZ2ft2A:bdJPSGQ+Lg1Cz95CYbUbAgA","tlshash":"63e1ae39ac7203fab6fac1dd0a5ba0457610d24b809c09271788eb2539977a4f897956","first_seen":"2025-12-09T13:46:21.898256Z","last_seen":"2026-01-07T13:44:17.813605Z","times_seen":3,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/litespeed/js/4e830e8f77d1b440db8aae5f58e7b612.js?ver=7c25f","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-content/litespeed/js/4e830e8f77d1b440db8aae5f58e7b612.js?ver=7c25f HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nCookie: _lscache_vary=377c83b50617e39701a0dcb32cd74e96\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: application/x-javascript\r\ncontent-length: 13331\r\ncache-control: public, max-age=31557600\r\nexpires: Fri, 25 Dec 2026 18:37:26 GMT\r\nlast-modified: Thu, 25 Dec 2025 09:36:38 GMT\r\netag: \"b0db-694d05a6-e15ab4d5df6ef232;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1127185\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GQSNKihg2ao8VMDqcXNGNbfoFDfijbGBM%2FhqPiu%2BJMTMc1vj54ZtPNURizyv7kCXDWNH0l4sWOIIDnqd3ErxPCJCaKtveYjc0b4DjGFLORc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2f4cd610b06-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":45275,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"4e830e8f77d1b440db8aae5f58e7b612","sha1":"796038cafdc345b4227b9bdb5c52a696a5aa8f79","sha256":"b02276c277fd5ee27d3702ce9a340437136ed8f473a853f91df94fae42df5630","sha512":"12fee64d8425fc6e8ad350c97403722501c5d894db9c42a380b9de7910f3fd2172728a680881c9ccbd03c85d9606726bbe908f0393863281aa8349a4735c5e8c","ssdeep":"768:lK60LP3m4qJ+h4MWq4BDKrrdBKhR/BdT683dX4ryKD6Fmc27gROnoW9oCwSHXf:0rP7Q+hkbKnb2h683dIryKD6FaoW9OY","tlshash":"a4133aec7154627646fb3afa70ffe24a327634d9950584049028dcd92dfcc8612a7fba","first_seen":"2025-12-29T10:41:45.058743Z","last_seen":"2026-01-07T13:44:17.824566Z","times_seen":3,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:36:36 GMT","end":"Sat, 28 Mar 2026 23:36:35 GMT"},"fingerprint":{"sha1":"0E:EE:1D:ED:80:5A:CA:0C:1E:93:89:94:78:B7:34:91:38:D4:89:51","sha256":"CF:77:1B:FB:04:67:32:02:DF:D9:38:24:27:3D:A5:98:54:0C:4D:BA:C5:1B:62:FD:C1:E1:17:57:6F:63:B3:BF"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:52 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2c3c29f3a7b8183769707a7d453bb44a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-04T04:46:51.005054Z","times_seen":13161,"resource_available":true,"data":null}},"time_used":154,"timings":{"blocked":56,"dns":0,"connect":18,"send":0,"wait":20,"receive":18,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:46:27 GMT","end":"Sat, 28 Mar 2026 23:46:26 GMT"},"fingerprint":{"sha1":"14:D8:A4:21:72:37:E4:C0:CE:53:5D:C0:99:88:BB:F5:AB:09:9F:77","sha256":"E0:A6:B2:57:A8:ED:75:A3:DB:37:93:9B:8F:60:2D:A9:97:B8:E8:E5:77:A2:C7:8E:B2:CF:E2:E9:F7:6A:43:C7"}}},"request":{"raw":"GET /1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:52 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f30299eb409a4b134ca2ba62f33c17e1\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":663,"timings":{"blocked":278,"dns":1,"connect":91,"send":0,"wait":105,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/uploads/2025/08/Delta-Executor-official-logo.png","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/Delta-Executor-official-logo.png HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nCookie: _lscache_vary=377c83b50617e39701a0dcb32cd74e96; _ga_DCMWSBXYFZ=GS2.1.s1767793432$o1$g0$t1767793432$j60$l0$h0; _ga=GA1.1.1256574295.1767793432; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f3c827c2-b1e6-4607-ac3d-853ad4876835%3A1%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 7309\r\ncache-control: public, max-age=31557600\r\nexpires: Sat, 05 Dec 2026 16:53:42 GMT\r\nlast-modified: Sat, 23 Aug 2025 10:03:11 GMT\r\netag: \"1c8d-68a991df-b89b786b3b749c26;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 2861410\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6RGpdoL6S7txIVMTs9v9o7YTJfHYwjOymt%2FDFm9oCMythlRvUIslM7asrcaaHF4dx5xfJ8DgbMDmRGnoCp4sTlhLfhrapWdCCxFp8mzN1Rw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2fb8ab80b06-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":7309,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"3ab4d24d7ef310ed09d69f20a72c2799","sha1":"9565cb1b464f9b343f315caa4f3f769ec1ae19fb","sha256":"36aadf2991c9de9cfa79308f182326608c6dca4b5897dafca7c36b00f6544def","sha512":"7110ac6353ef2b4a8ea1b60a5020a1bf3ab996bd769507b8422c54ea43e6063be64978d2e06950afa55fc0fc6c4967f1827b5ad0e014c38f05f4a5ba7c2e7871","ssdeep":"192:bampQksISbiQeLJLSGrO1Cy+HBb5CYCCUXLHZ2ft2A:bdJPSGQ+Lg1Cz95CYbUbAgA","tlshash":"63e1ae39ac7203fab6fac1dd0a5ba0457610d24b809c09271788eb2539977a4f897956","first_seen":"2025-12-09T13:46:21.898256Z","last_seen":"2026-01-07T13:44:17.813605Z","times_seen":3,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/impr.gif?sid=H4sIAAAAAAAC_1RTvY8cxRPtsa1f8CNAYAxytgEBIN9e90zPR-MAcRgjC3_JNnKAQOqvWTc3Oz10z-ysV0IyWEIWIjgRQTZXe_YJMAgIyEDWHpkFkpeEC3wJfwFCcoz2vNJBBVWv-nXwqvvVx5vNHoqg4bsXz9mJKQq-Gvdx74WrplS29b3zV3oE9_HJ3lVTJvRkb7xIbvQyiWgfv9h7Q8t1uxpigjHBpHfaOJ3b8eo-C6a6y0if4T4N-ySmMHb_7X0TgOcBqNEeehqMmj_5Z_42GDmDcvjdKe3Xa1udeH3YFLy2DkZq-61yvbRtCcMDmLsA8nJ7eRusnyP0-SGw5fZyArCjrcUEIMwcHXr2IYhyeykTxOj2Y6WiAF2CUE9AO5qBLnbA8BlIexOMeoAApILzF6Ac3jlvXcuvP2b5gp2jI4_-BtPO0ZGHz0A5_HatMOPeZVs0tbGlh3HegRnPwAxmUDU7UE8CMO0OyPojMOo3tProLJTDrQu-sGDU7vOZIIQlNFzJtWIrVDCxIqhQKylLWRprnOpc7z-RyWfA_WFofACNCaDJA2iqAIZqt0dxRiXhUZIzJVNMOaVKC8yyEGPOZAqN_BCM2gDpbkDlbsC6-exBPJmj4Ng5cM098Nd2f1QJJbnKVYZJkiQ6y5SKJcN5EvGIYsFjIUJGGYsY5SIjoVJcq5SGikdSh2HISZilIskY1QmLY02zPMs0VTRnkhJCeYoZo5hwvVDIVRJFaR5KFcUsVEwyojiLlcwirlNJkiSMOc6JiBjVIk8pZzmhOCQhkZimkcoWSlQMXgXgawQj1UGrEbQeQcsRtAZBWyNoR91tVfjQd3dU4RtBljVc1qib2nqwyW_beqBLBNxtgFPdlqne9zdB1oenk9yrqV0kLupuyoXqNqs99NTCDcE3v27Cul58gdA6VZQInFKZhITyjMaS50msicYReNOB8YeA-wAmZo4uf3ACKjNHx8UcBN8BX-yANMeAN88Bb6dpmAG_BgzDpPxB6aLmK3qsZVNb17duAMp2UNVHoL4ebBZ76Oj00pW1e_v-fOePT0HL-2gZIF0HlevgPfMLgkFxa3rJtmjrkm09-v5CVZuhmfCFdy_XvNb_--pNfb21Tp055Te-fFUuiAW8e0X7-iwvlSkHHn29ZpTS7rR1UqOfzvirWlxs_LW1xpVNdfbia6fPDCunvTe2nAE3c_T_vz4Baebo6M9f7O9l_NJdkNUN8NWBTm8RiApBYRAU-uCciw78v3pxgDf9LRi4AHh9E8phByPXwajogBcb4JvD07py91_5PdoPEEUwFYVDW6JwC97s9vJIhxLjLE1IlOWaRFTJPM4oUwnHUaSh9nPzrjz-TwAAAP__oNcbzzUFAAA=","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:53.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:46:27 GMT","end":"Sat, 28 Mar 2026 23:46:26 GMT"},"fingerprint":{"sha1":"14:D8:A4:21:72:37:E4:C0:CE:53:5D:C0:99:88:BB:F5:AB:09:9F:77","sha256":"E0:A6:B2:57:A8:ED:75:A3:DB:37:93:9B:8F:60:2D:A9:97:B8:E8:E5:77:A2:C7:8E:B2:CF:E2:E9:F7:6A:43:C7"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTvY8cxRPtsa1f8CNAYAxytgEBIN9e90zPR-MAcRgjC3_JNnKAQOqvWTc3Oz10z-ysV0IyWEIWIjgRQTZXe_YJMAgIyEDWHpkFkpeEC3wJfwFCcoz2vNJBBVWv-nXwqvvVx5vNHoqg4bsXz9mJKQq-Gvdx74WrplS29b3zV3oE9_HJ3lVTJvRkb7xIbvQyiWgfv9h7Q8t1uxpigjHBpHfaOJ3b8eo-C6a6y0if4T4N-ySmMHb_7X0TgOcBqNEeehqMmj_5Z_42GDmDcvjdKe3Xa1udeH3YFLy2DkZq-61yvbRtCcMDmLsA8nJ7eRusnyP0-SGw5fZyArCjrcUEIMwcHXr2IYhyeykTxOj2Y6WiAF2CUE9AO5qBLnbA8BlIexOMeoAApILzF6Ac3jlvXcuvP2b5gp2jI4_-BtPO0ZGHz0A5_HatMOPeZVs0tbGlh3HegRnPwAxmUDU7UE8CMO0OyPojMOo3tProLJTDrQu-sGDU7vOZIIQlNFzJtWIrVDCxIqhQKylLWRprnOpc7z-RyWfA_WFofACNCaDJA2iqAIZqt0dxRiXhUZIzJVNMOaVKC8yyEGPOZAqN_BCM2gDpbkDlbsC6-exBPJmj4Ng5cM098Nd2f1QJJbnKVYZJkiQ6y5SKJcN5EvGIYsFjIUJGGYsY5SIjoVJcq5SGikdSh2HISZilIskY1QmLY02zPMs0VTRnkhJCeYoZo5hwvVDIVRJFaR5KFcUsVEwyojiLlcwirlNJkiSMOc6JiBjVIk8pZzmhOCQhkZimkcoWSlQMXgXgawQj1UGrEbQeQcsRtAZBWyNoR91tVfjQd3dU4RtBljVc1qib2nqwyW_beqBLBNxtgFPdlqne9zdB1oenk9yrqV0kLupuyoXqNqs99NTCDcE3v27Cul58gdA6VZQInFKZhITyjMaS50msicYReNOB8YeA-wAmZo4uf3ACKjNHx8UcBN8BX-yANMeAN88Bb6dpmAG_BgzDpPxB6aLmK3qsZVNb17duAMp2UNVHoL4ebBZ76Oj00pW1e_v-fOePT0HL-2gZIF0HlevgPfMLgkFxa3rJtmjrkm09-v5CVZuhmfCFdy_XvNb_--pNfb21Tp055Te-fFUuiAW8e0X7-iwvlSkHHn29ZpTS7rR1UqOfzvirWlxs_LW1xpVNdfbia6fPDCunvTe2nAE3c_T_vz4Baebo6M9f7O9l_NJdkNUN8NWBTm8RiApBYRAU-uCciw78v3pxgDf9LRi4AHh9E8phByPXwajogBcb4JvD07py91_5PdoPEEUwFYVDW6JwC97s9vJIhxLjLE1IlOWaRFTJPM4oUwnHUaSh9nPzrjz-TwAAAP__oNcbzzUFAAA= HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyODE2NzU4NSwiayI6IjQwYmVlN2Q0MWIwNzRjNjIxNGE4NDVjYWY2NWUxZTAzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1NDcxNTMyLCJwaWQiOjE2NjM2OTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6Im5ic2RtOXM2eiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJjdCI6eyJpZCI6MzE0MzI0NCwibiI6Ik9zbG8ifSwicmciOnsiaWQiOjE4NDQsIm4iOiJPc2xvIENvdW50eSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsIml3ZiI6dHJ1ZSwidXAiOnRydWUsInIiOiJodHRwczovL2RlbHRhLWV4ZWN1dG9yLm9yZy8iLCJ0eiI6MSwiYXIiOltdfX0.NqquWu84yZi7jS--NnbRn0YXL9ZGJIp3U9IRzTrp8pA; uid_id2=8b119642-fed9-4b9b-b4bd-797975e07efe:3:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1; u_pl28167585=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a1e201a470c665ed8e78b72e1ee2e17a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-content/litespeed/css/fe2fcf86994d9a7717a9c982dffcb9d4.css?ver=7c25f","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-content/litespeed/css/fe2fcf86994d9a7717a9c982dffcb9d4.css?ver=7c25f HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nCookie: _lscache_vary=377c83b50617e39701a0dcb32cd74e96\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: text/css\r\ncontent-length: 20313\r\ncache-control: public, max-age=31557600\r\nexpires: Thu, 31 Dec 2026 08:51:23 GMT\r\nlast-modified: Thu, 25 Dec 2025 09:36:38 GMT\r\netag: \"24769-694d05a6-945ef485875bce8c;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 643948\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9irfILAMlDgmo88guZlqgIM%2Bj232f0scjpyVw9vq71tru%2FFo2pCDuMSlWUo5kPmV%2BdHHec6%2F78YA%2FUsqQbSveP%2FglbuHaDFbdthyc%2BPL81Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2f4bd4e0b06-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":149353,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (55871)","md5":"fe2fcf86994d9a7717a9c982dffcb9d4","sha1":"0e31c0a2986e328362336a3b7b8a0addf6208d1f","sha256":"fcf449db46591352db1735d4fa3e7d43872e209aa437ca239a912f9988b0c4b8","sha512":"be7a0d23f3362284dfe74470bcca8020c0628508595f6699c1229f41428a15739e8c627cc363a044df660565228f552828086956fd40afc075557fce2a2253fc","ssdeep":"3072:XoeJBCCUQg5MG7x+qehvX02dclkWwbFpPoBnnBY:BfUQg5MG7x+qehvX02dclkWiFuBnnBY","tlshash":"dce3a45017b4dcf935ff973a5e8de258a103aa41c64a5bebf066d290618ca490df3b0f","first_seen":"2025-12-29T10:41:45.061417Z","last_seen":"2026-01-07T13:44:17.820637Z","times_seen":3,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delta-executor.org/wp-includes/js/jquery/jquery.min.js","fqdn":"delta-executor.org","domain":"delta-executor.org","tld":"org"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:51.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delta-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Dec 2025 18:02:57 GMT","end":"Tue, 17 Mar 2026 19:00:06 GMT"},"fingerprint":{"sha1":"CB:38:B4:2E:BF:F3:FA:DC:5A:90:29:7D:14:74:31:BF:76:53:92:F8","sha256":"D1:11:A9:5B:23:40:0A:14:32:2C:F9:48:C9:4B:4F:F2:C2:F1:72:FA:92:85:B6:94:38:4C:EB:5C:37:65:19:70"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1\r\nHost: delta-executor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nCookie: _lscache_vary=377c83b50617e39701a0dcb32cd74e96\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:51 GMT\r\ncontent-type: application/x-javascript\r\ncontent-length: 29531\r\ncache-control: public, max-age=31557600\r\nexpires: Tue, 15 Dec 2026 23:45:22 GMT\r\nlast-modified: Fri, 01 Aug 2025 10:21:19 GMT\r\netag: \"15601-688c951f-fa5b0a441030b202;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1972708\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=k2x0X%2F%2B6CEWNxYmmZh%2FpVpUfxOBqcfAZW4%2BexEfoQyHPnhPjPKODp0Dxk66VfG%2FyTPy3d%2F%2F1eRBvlt5hERlooN3bwzYMcQ5dyarpMosTROc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3e2f4bd510b06-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-04T04:45:42.22765Z","times_seen":684536,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"delta-executor.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"35.156.32.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://delta-executor.org\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 13:43:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://delta-executor.org\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=8b119642-fed9-4b9b-b4bd-797975e07efe:3:1; expires=Sat, 05 Jan 2036 13:43:52 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"84492c31f73b3d0e35090cd06ffe7c76","sha1":"495aff491d493ffc3e4b44bc4c13a9eff526d0e9","sha256":"89febe47f8e802391f9f270faac6290b482296a17db1c72cdee13afd507fc648","sha512":"76d994a5d50f55b7e1d35195c64c0cc976715833ca4ecd82390811515845f76c941039f23535041306c66723d08f7e0ea60c4d7cd2883f1d6e4333eebffcf796","ssdeep":"","tlshash":"ef90044d041d35054473c4d44cc51771013d5401305d504c1413d0f5150f557010c573","first_seen":"2026-01-07T13:44:17.826946Z","last_seen":"2026-01-07T13:44:17.826946Z","times_seen":1,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":-1,"dns":1,"connect":21,"send":0,"wait":21,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/watch.880661088388.js?key=40bee7d41b074c6214a845caf65e1e03\u0026kw=%5B%22delta%22%2C%22executor%22%2C%22v2%22%2C%22702%22%2C%22official%22%2C%22-%22%2C%221%22%2C%22roblox%22%2C%22for%22%2C%22android%22%2C%22ios%22%5D\u0026refer=https%3A%2F%2Fdelta-executor.org%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=8b119642-fed9-4b9b-b4bd-797975e07efe%3A3%3A1","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:46:27 GMT","end":"Sat, 28 Mar 2026 23:46:26 GMT"},"fingerprint":{"sha1":"14:D8:A4:21:72:37:E4:C0:CE:53:5D:C0:99:88:BB:F5:AB:09:9F:77","sha256":"E0:A6:B2:57:A8:ED:75:A3:DB:37:93:9B:8F:60:2D:A9:97:B8:E8:E5:77:A2:C7:8E:B2:CF:E2:E9:F7:6A:43:C7"}}},"request":{"raw":"GET /watch.880661088388.js?key=40bee7d41b074c6214a845caf65e1e03\u0026kw=%5B%22delta%22%2C%22executor%22%2C%22v2%22%2C%22702%22%2C%22official%22%2C%22-%22%2C%221%22%2C%22roblox%22%2C%22for%22%2C%22android%22%2C%22ios%22%5D\u0026refer=https%3A%2F%2Fdelta-executor.org%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=8b119642-fed9-4b9b-b4bd-797975e07efe%3A3%3A1 HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://delta-executor.org\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://delta-executor.org\r\naccess-control-allow-credentials: true\r\nlocation: https://realizationnewestfangs.com/watch.880661088388.js?key=40bee7d41b074c6214a845caf65e1e03\u0026kw=%5B%22delta%22%2C%22executor%22%2C%22v2%22%2C%22702%22%2C%22official%22%2C%22-%22%2C%221%22%2C%22roblox%22%2C%22for%22%2C%22android%22%2C%22ios%22%5D\u0026refer=https%3A%2F%2Fdelta-executor.org%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=8b119642-fed9-4b9b-b4bd-797975e07efe%3A3%3A1\u0026shu=d641fdfd801666e88dd5c90f63a340ba5bb29499394ab812ddaed742da3ce222a1287b6894e6955e48f88e4d4f9c4114a7099401ae704aad6337f2cd3592d9c91da95dc83ae7c16625a0f1b394ebf74a9f1402121c0473d89939d5\u0026pst=1767793492\u0026rmtc=t\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyODE2NzU4NSwiayI6IjQwYmVlN2Q0MWIwNzRjNjIxNGE4NDVjYWY2NWUxZTAzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1NDcxNTMyLCJwaWQiOjE2NjM2OTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjEsImFpZCI6MjMsInB0Ijo0LCJwayI6Im5ic2RtOXM2eiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJjdCI6eyJpZCI6MzE0MzI0NCwibiI6Ik9zbG8ifSwicmciOnsiaWQiOjE4NDQsIm4iOiJPc2xvIENvdW50eSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsIml3ZiI6dHJ1ZSwidXAiOnRydWUsInIiOiJodHRwczovL2RlbHRhLWV4ZWN1dG9yLm9yZy8iLCJ0eiI6MSwiYXIiOltdfX0.NqquWu84yZi7jS--NnbRn0YXL9ZGJIp3U9IRzTrp8pA; expires=Wed, 07 Jan 2026 13:44:52 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 93b403119baf046f916d69c6a989d2c6\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4594,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":665,"timings":{"blocked":284,"dns":1,"connect":93,"send":0,"wait":96,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=f3c827c2-b1e6-4607-ac3d-853ad4876835\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=396fb8d27a213d15997be2bc74f85e0c\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=13","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://delta-executor.org/","date":"2026-01-07T13:43:52.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 22:13:33 GMT","end":"Sat, 28 Mar 2026 22:13:32 GMT"},"fingerprint":{"sha1":"A3:08:82:4A:9A:ED:6E:4C:29:FC:10:0D:1D:8F:8B:68:0E:D0:49:72","sha256":"B4:01:36:5D:F9:70:75:BF:F6:56:67:76:BB:CC:A2:D3:BA:69:61:33:56:FC:C7:21:69:6E:04:BE:95:D7:B2:F5"}}},"request":{"raw":"GET /pxf.gif?uuid=f3c827c2-b1e6-4607-ac3d-853ad4876835\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=396fb8d27a213d15997be2bc74f85e0c\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=13 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://delta-executor.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 07 Jan 2026 13:43:53 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b242b4d3902ec5c9d93c24e9ecdc5481\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":769,"timings":{"blocked":330,"dns":1,"connect":106,"send":0,"wait":109,"receive":0,"ssl":221},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}