{"report_id":"4fcc6f1c-6e78-4da2-bd29-98698c590dc3","version":6,"status":"done","tags":[],"date":"2025-11-22T18:27:43Z","url":{"schema":"http","addr":"www.effectivegatecpm.com/fa5jkpnvm4?key=9a5502977bec78f591cea3212f5573cb","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":0,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"example.com/","fqdn":"example.com","domain":"example.com","tld":"com"},"title":"Example Domain","dom":{"size":513,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (498)","md5":"48d42939138bebc1c410b9068db7146e","sha1":"b44fb3c7361f983bd97506f44dbc8fb0bb62996a","sha256":"ee1b911b993f8ea72d99afa57352871948b6d2f7d7a535615f3c85e5dd235e2b","sha512":"c4426fbe7d51842944b5718b45b02e16f8bd881fc620b5082c9fa25d353be984ef0509931da7e2b41238ef35b946e2df6f809077b7ee31ad018fc0a57627e0c8","ssdeep":"","tlshash":"6df0544fc281212df4a281ef3cf271083614888813d50cb17cda7696ecc0172b37175d","dom_hash":"domhashd6e249b8a80dac2f7e8e29e08e8640d0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.effectivegatecpm.com/fa5jkpnvm4?key=9a5502977bec78f591cea3212f5573cb","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":0,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-27T18:27:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"protrafficinspector.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-11-18T17:36:30.087644Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":464,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fhvfd.com","ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2016-04-25","domain_rank":122504,"first_seen":"2025-05-26T08:28:54.840108Z","last_seen":"2025-11-17T19:29:46.401147Z","alert_count":0,"request_count":11,"received_data":81827,"sent_data":6353,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"example.com","ip":{"addr":"23.192.228.84","port":443,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"domain_registered":"1995-08-14","domain_rank":235,"first_seen":"2013-07-30T15:54:12Z","last_seen":"2025-11-17T11:08:04.766021Z","alert_count":0,"request_count":2,"received_data":1796,"sent_data":938,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.effectivegatecpm.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-10-07","domain_rank":0,"first_seen":"2025-10-08T14:50:50.686078Z","last_seen":"2025-11-21T18:37:36.959453Z","alert_count":12,"request_count":3,"received_data":47011,"sent_data":3828,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"ce604a9d8cd9340c3b3ec362bfca4daa","sha1":"f80fe4cb86a3bb8c8a752934bc6449dad0769ed0","sha256":"8a6cad3777d7634fa7a55c04635517166d501217c002f280d1c041e20919a095","sha512":"1a608aa8c218931187f104227fee0b3ecf92230cd55e1ce710c01928189857970bea9e79fc41d598b47595cf1ebd292e6091933724e677d0482460a84480b6cb","ssdeep":"","tlshash":"6ff082c7d7ee005317b2306a49785ecd032fd972cfc919ee2a931b0236989b4335c966","size":502,"data":"","first_seen":"2025-11-19T18:00:33.560046Z","last_seen":"2025-12-01T14:31:36.682971Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"00a04f8c6bad1b5fe7c7690a86053954","sha1":"a1f0f82b35ae66cc1199e1bc0bd8f219a44ed793","sha256":"a6f0080397e9f788a066eb9dc3958637c987333e1099072ea6a6db4bcbaaefa6","sha512":"27c93b4e68d5d8dc6c4a419d5fc37d984797426ee79d9069c80970406b07d6e394d95c9f4c0c5de3dedf1848f67d4e50cadbf51f9c1ae48c2d52bed3ef9e6d0a","ssdeep":"384:kJJaBn/sX64ZOXar9KyRdYkohA5BAUsA11gvuoSqKXJmtmKkVIAW4lhmogn3jc9D:kkkX6ckW+vvgqKH2AWMc4fWrL3eEhA2S","tlshash":"92f2e88832d3f49586321322c2ff57d9f17f9b51a85a8d208117e29678256ebc133eed","size":37023,"data":"","first_seen":"2025-11-22T18:27:44.976723Z","last_seen":"2025-11-22T18:27:44.976723Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.effectivegatecpm.com/fa5jkpnvm4?key=9a5502977bec78f591cea3212f5573cb","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d3a714af0c39a5bc114f13ed5bd85a31","sha1":"a36d73d2bfa1fd2a6fdfe9401bda96c3f20ffb89","sha256":"e3445fca152f4358259164e344c5b5ee9185e2d71f5dd5c8768fb9bde85ab0a1","sha512":"7c0c367a69c057d541c2da56cf9665ee214da71d565b1d9471c5f8fe354785909420277994630036b796503cdb6d73191c4f001cf9844239960fd2ebafed765d","ssdeep":"96:b2YfIuzVcmCmPIHIboIgpwGBoW8MnVeSa+ARn9nZPAP4d:b2YfTzSjkc6ozwEtn3a3V9WP4d","tlshash":"449151a22434b835407a1517e56f731537324e17ba027061a16c5af43d3dd8faa26fdf","size":4481,"data":"","first_seen":"2025-11-22T18:27:44.978636Z","last_seen":"2025-11-22T18:27:44.978636Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"4351f9cdce6d2eaf2a58216082bb86bc","sha1":"43a5a859e8ed7c7c0f3b9c11e90e2bc350fb65ba","sha256":"11bd6c1e4b2d8395e5c277dbbd9e22c71da63aa4291ddceef634459edf51714e","sha512":"3a8706860563f31f49f5ef8d49cfc8e181e498db3390456d8e28703e9994df53da0a3c678b132b874eaab480400808c8608fc5ea6eb5d9751c701fb5f1302820","ssdeep":"","tlshash":"72c09b8fd7db4052037234ab19155ddd5307d9b2cfc524c513c3070634154b5066cd55","size":135,"data":"","first_seen":"2025-11-19T18:00:33.563683Z","last_seen":"2025-12-01T14:31:36.71039Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.effectivegatecpm.com/fa5jkpnvm4?key=9a5502977bec78f591cea3212f5573cb","date":"2025-11-22T18:27:21.480Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.effectivegatecpm.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.effectivegatecpm.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/debug?event=after_js","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","date":"2025-11-22T18:27:22.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"POST /api/debug?event=after_js HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://fhvfd.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"a60852f204ed8028c1c58808b746d115","sha1":"b0a98216a32426b9e66a4ac1eb6df2e96e1b495c","sha256":"843ac01149cced785dfebd0028d3b03ba78e286e1c6f9517ebfcdb609d97af4c","sha512":"8f08a640907f62411c90fdfb58f33b770baee98d1454f3f82cd65a32f7e378c223557cef762e39207faab39263c7a3fa2b4a4b01ff8892b8dabf7111958a169e","ssdeep":"","tlshash":"c71000000000000000000000000000000c000000000000000c00000000000c00000000","first_seen":"2023-03-26T00:57:33Z","last_seen":"2026-05-12T21:11:03.610674Z","times_seen":17645,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":12,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/favicon.ico","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","date":"2025-11-22T18:27:22.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nConnection: keep-alive\r\nExpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nPragma: public\r\nCache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/qlog/add","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","date":"2025-11-22T18:27:22.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"POST /qlog/add HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 3378\r\nOrigin: https://fhvfd.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":3378,"data":"{\"sync\":\"TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBcHAtKQ1AVSQZbGgxbGwkEVkYLASoQTktDC1BGTBkCRExXBQEfFA4eFkpPUhRLDk4+HQY0BV0ZMkBQW2kNHCYfDD1RESZOBwkxGBNcMR5fZkBBJRcYHyoBTzYaUUNQX0dQQB0yU1xHUxkQHAxXWAhFW1MSHw9JSARCT1lJbEYeRkNYWUBQABUbW1tCSQddCk8NCR8UHhYfSk9SFEsJVUNQXkdQWglPDQkfFA4eW1JEThoHGxtbWkJJHFUeTw0JHxQKEFtSRU4aDA9YDUhUWl4WBg4VAwIaWAAUSk9SFEsLTRVIVFteFg0FaFZRXFheSERXDE82Dl1DUF5HUFsdDkdMEQxKSFsAHAZcDBcbW1pCSRFcMQJVU2xfFAAcEFdYCEVbTggEMQAXTR0yW1xdUQ4MW1JFThoKFlUOGDEPF0QaBRUDAxpYEhwGEQ1KS0MJTUgJCh9RHgxTShEMSkhbBhk9VgUKG1taQkkRWwICRWZUVxcRDUpPUxRLCV8NSFRbXhYNHl4bCQZWRhoEAUACWVUbCxkeSUgEQk9HV0cUQFRVSgUMSgpbA1FGTBseVRoLWEteaR4BDQ0WFlcbWwNSRkwFF0dMVwdEHxQIDVtSVw5UHxRJCBoLSV4WHBsVAxF7HxcYSllAShkJG1tbXUdQQBQCFQMDGlgTDkpPUwpRSRVDHQZJSAVeXwMVEUETE1tSRFAAWVUbFgMGSUgFXl8DFRFBAkZDWFlATxBbA1FGTAIKFlRdGxtEUBlGQ1lZQEsIERtbW15ZRhhMHl8bCQdKVk1EVxFPS0MIU1JeR1BHDxoVAwIEQlRVSgERZw0cTQQJGg4WFlRdGxtZRQ8FW1JXL1cTEFUNC0FeXARORWBQXVIVEwpIOzYYWEkXUVFOPBtaWFkMGUsATl9ZGgNYCVpNF1FDTiwXVwUCGAsDB0pUSFhEQn4AC1wHBRZEQwdaQwcbHxQUFFtSRE4aGR0bW0gHBQZRHANWVR5GHgJUHhwHTwwLAwgZPiJJXQAZUktdVxZJCQwTT04AHE4EGFQCAWQnVl5XR1MIChgEWBJcD1RPCA8ZDgAOBx5ncAhfFBAcGhsDVEQJXQdHGAIXQwsfDVBAZjNfEAYBB0oHGFVMGgoNX0IHCEBcQQwTFykhTkAUSxFQDUhUWl4WGwRTGwlYDwgVRFcGSg9bA0MCGh8CR1RCGE5EQVQBHw4QAUwAD1wGCxoOEUQDQ1RWXhlYSFsYGUACSxFNFRodUV0bCAVBX1cYGQsURxQSUUYKTAMHBx8tUgEfWmZBUwsRHBsBXUhUGghSDF4JEANDXAUNUhtOUkpYWFoIUB0UV1NWWxAEVwkBDQQPXBAKVURVDlpBCldaWlpUTlNUDwgKBU5SW0RXDF9LQwlNSBoRUA5MOGN6ERpYChtKT1MUSxdYEUhUSSVdAF4FGx8UChBbUkVOGgwPWA1IVFhFGEwFVBsJAkJIWwwYQAJESBVDGBofUA5DXBsbUF4lCxsCV1gIRVtXFkhUWl4WGQkVA1VXFhccRFcNSwoJTENQTCcbWhsVF0ELACVSTUpZQFAAHV0EBExRFFUCHlIVEVUSOxYKHz1RBx1cGUhURkMYTBpeV2xdHx0KNxkHVg4NUUNQXFpEGEwOWFVcRCUAHBgBChpTSw1NSBgOHFABHxUDERRWRh4JGAdICB1KQ1BeR1BaAk8NG1ZYVzEqSllAVgUKG1tICwVfYT1BUlcRGlgHFgQaEGcOGFQUHkxRUEccClUbHxQKAhVKT0AaRVtaDR5MUQlJQk9dSkMUQFVVSgUMTEtDCU1IHgUAV0xXBxURRhYFDQ4aEFU2HVwVDw0fHUZMV0wbWkUlBRcMBw1RDVsDBwsCGBcYTAREZkdEEwAcBgFAAg8YVRIPQkkbRzEOX0tcWxMRFDdNVGcGC2YPDxkOABZUC1ZVQFNWRhAbKgFQGxZUCB8DSUhSDwFEXB8UExcmDREFXUtDXwAGHQ5eFgceaF5WVRELW1IBEE0MVRsIGTEcF1YxBl5NEQwcBRUbEE4aAApmFg8MNBldGjIBCQVpFRYmBhAVXRtbAwcLAhgXGEwERGZXUwkPDQcFPUsIH1gTA0xRFFUCHlIVEV8JOxoABw1VAAxUPgUeDgBVTFdRWF9FHxlVShYOUQwXTT4DCklIFl8JVQACAEMCVFFFBAxETVtTDkMJRwVZQFVaBwEbBRtZTAEJD1sVQwsIDRtYBwxDXGxfHkZDSldOGh0LWAcMBwgtRwEYRVpWaRMAW1JXWwBYQApVXExHUFUKG1JLR18JAQs3HAYaU1sbTUgNCh9EDwRQV2xfHkZDSldOGgoMShUFAzQbUDFcFQMRUgkUVBsAAFUADRQHBRwGUBhMDkJKR1kXOxAMKlAaU1tLBAcBCQsAMV4PCAQOQ1AmXkVSC1xMG01IDQcbVwUyXl0RDFhGVUoWDUsdWwNDSEJJH1EaBVhdEQxYDgocFAUaRVtLPh8HD1AOTA4GClUGGAZORURQDAhUDVdZXkZKBFcJGg8KDkoGSVERVAxeQBtNSAEKLV0KTw0bBwZCUBpZFFEOD0BdAl1eXxMAWglSWwMPQlZJWBRbW15bFUMLCg8bQAcCWVhfaRMACkpPOWUU\",\"async\":\"TBtXQwgXW1IOQFoIDRtbWkJJGl0AGUQbCQZWRhEBEQZdByZQBxgPBhcWVFwDFRFCFRAYBFdYCV0EFUMCBw8WUQAyXl9BVxcBW1JFThoLGE1DUBVJG0cxD1ZNEQxKSFsLHQNKDhBXBkhUW14WDQVWS1RfFAMmHBwPXUtDCU1ICgIBVwYMRV5aWB07DQEYBxpTSRVDBgsdF1hMVwdEHxQSDRccBkACEgQVQwkCAhdaGjJeXREMWFUdCkxTDlAfFFhaCF9fAAxfUxRRA0tTVAoWVg8IGFtQUw1aFBZCT1ZfVV8WDRgcED1RDVsDQ0hCSQZGDwtRUFBpCQsMGhYHZwAdG1tIV1NDDV1ZARsfFBsADw0HFlEaHEs+AwpJSBZMQRVaUlsKBRAPGz1RDVsDQ0hCSRFBHRlYVGxfHjtISk9AXBoJFBIfDAYbQEMLWEteFFZGGh0GFlcEJlAFNVxJSBYcCFpWUU9OO0pQRFUAUE1mV1peWEcBTEEVWl9fGQ8mARFAAktbFUMJARgGFlRPFRURWx8QEQcRQAJLE0oVCwlJXhYcMkJQVxRARhpZRgQICxsOTFtcXxMZWlsECR4OSl0dRUNbAFkbCVgOWF9FDUxBFVZSaRMAW1JXVghRTVpQC11dFA0KDgAJB1dOUB0NF1IBUUsJUQtXCEUWQk9WXVdfDg0WBhQOZwAdSkNQNTYP\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/win_request","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-22T18:27:22.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"POST /api/win_request HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 3884\r\nOrigin: https://fhvfd.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fhvfd.com/api/reverse?var=9819346\u0026feedId=3499\u0026ymid=c13f0bb7-124a-4630-809d-6980b09d6479\u0026var_3=300004\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":3884,"data":"ad_scheme=1\u0026p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026hil=1\u0026jsp=1\u0026ng=false\u0026ix=false\u0026pt=false\u0026np=false\u0026nw=true\u0026nb=true\u0026sw=1280\u0026sh=1024\u0026pl=https%3A%2F%2Ffhvfd.com%2Fapi%2Fsubmit_form_request%3Fp%3Dc13f0bb7-124a-4630-809d-6980b09d6479%26ts%3D1763836041%26z%3D9819346\u0026wy=0\u0026wx=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=1\u0026sah=1024\u0026navlng=en-US\u0026drf=https%3A%2F%2Fwww.effectivegatecpm.com%2F\u0026wgl=llvmpipe\u0026tb=false\u0026btz=UTC\u0026bto=0\u0026pnt=0\u0026pnrc=0\u0026bml=0\u0026bmi=false\u0026vsbl=true\u0026adex=%7B%22sync%22%3A%22TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBcHAtKQ1AVSQZbGgxbGwkEVkYLASoQTktDC1BGTBkCRExXBQEfFA4eFkpPUhRLDk4%2BHQY0BV0ZMkBQW2kNHCYfDD1RESZOBwkxGBNcMR5fZkBBJRcYHyoBTzYaUUNQX0dQQB0yU1xHUxkQHAxXWAhFW1MSHw9JSARCT1lJbEYeRkNYWUBQABUbW1tCSQddCk8NCR8UHhYfSk9SFEsJVUNQXkdQWglPDQkfFA4eW1JEThoHGxtbWkJJHFUeTw0JHxQKEFtSRU4aDA9YDUhUWl4WBg4VAwIaWAAUSk9SFEsLTRVIVFteFg0FaFZRXFheSERXDE82Dl1DUF5HUFsdDkdMEQxKSFsAHAZcDBcbW1pCSRFcMQJVU2xfFAAcEFdYCEVbTggEMQAXTR0yW1xdUQ4MW1JFThoKFlUOGDEPF0QaBRUDAxpYEhwGEQ1KS0MJTUgJCh9RHgxTShEMSkhbBhk9VgUKG1taQkkRWwICRWZUVxcRDUpPUxRLCV8NSFRbXhYNHl4bCQZWRhoEAUACWVUbCxkeSUgEQk9HV0cUQFRVSgUMSgpbA1FGTBseVRoLWEteaR4BDQ0WFlcbWwNSRkwFF0dMVwdEHxQIDVtSVw5UHxRJCBoLSV4WHBsVAxF7HxcYSllAShkJG1tbXUdQQBQCFQMDGlgTDkpPUwpRSRVDHQZJSAVeXwMVEUETE1tSRFAAWVUbFgMGSUgFXl8DFRFBAkZDWFlATxBbA1FGTAIKFlRdGxtEUBlGQ1lZQEsIERtbW15ZRhhMHl8bCQdKVk1EVxFPS0MIU1JeR1BHDxoVAwIEQlRVSgERZw0cTQQJGg4WFlRdGxtZRQ8FW1JXL1cTEFUNC0FeXARORWBQXVIVEwpIOzYYWEkXUVFOPBtaWFkMGUsATl9ZGgNYCVpNF1FDTiwXVwUCGAsDB0pUSFhEQn4AC1wHBRZEQwdaQwcbHxQUFFtSRE4aGR0bW0gHBQZRHANWVR5GHgJUHhwHTwwLAwgZPiJJXQAZUktdVxZJCQwTT04AHE4EGFQCAWQnVl5XR1MIChgEWBJcD1RPCA8ZDgAOBx5ncAhfFBAcGhsDVEQJXQdHGAIXQwsfDVBAZjNfEAYBB0oHGFVMGgoNX0IHCEBcQQwTFykhTkAUSxFQDUhUWl4WGwRTGwlYDwgVRFcGSg9bA0MCGh8CR1RCGE5EQVQBHw4QAUwAD1wGCxoOEUQDQ1RWXhlYSFsYGUACSxFNFRodUV0bCAVBX1cYGQsURxQSUUYKTAMHBx8tUgEfWmZBUwsRHBsBXUhUGghSDF4JEANDXAUNUhtOUkpYWFoIUB0UV1NWWxAEVwkBDQQPXBAKVURVDlpBCldaWlpUTlNUDwgKBU5SW0RXDF9LQwlNSBoRUA5MOGN6ERpYChtKT1MUSxdYEUhUSSVdAF4FGx8UChBbUkVOGgwPWA1IVFhFGEwFVBsJAkJIWwwYQAJESBVDGBofUA5DXBsbUF4lCxsCV1gIRVtXFkhUWl4WGQkVA1VXFhccRFcNSwoJTENQTCcbWhsVF0ELACVSTUpZQFAAHV0EBExRFFUCHlIVEVUSOxYKHz1RBx1cGUhURkMYTBpeV2xdHx0KNxkHVg4NUUNQXFpEGEwOWFVcRCUAHBgBChpTSw1NSBgOHFABHxUDERRWRh4JGAdICB1KQ1BeR1BaAk8NG1ZYVzEqSllAVgUKG1tICwVfYT1BUlcRGlgHFgQaEGcOGFQUHkxRUEccClUbHxQKAhVKT0AaRVtaDR5MUQlJQk9dSkMUQFVVSgUMTEtDCU1IHgUAV0xXBxURRhYFDQ4aEFU2HVwVDw0fHUZMV0wbWkUlBRcMBw1RDVsDBwsCGBcYTAREZkdEEwAcBgFAAg8YVRIPQkkbRzEOX0tcWxMRFDdNVGcGC2YPDxkOABZUC1ZVQFNWRhAbKgFQGxZUCB8DSUhSDwFEXB8UExcmDREFXUtDXwAGHQ5eFgceaF5WVRELW1IBEE0MVRsIGTEcF1YxBl5NEQwcBRUbEE4aAApmFg8MNBldGjIBCQVpFRYmBhAVXRtbAwcLAhgXGEwERGZXUwkPDQcFPUsIH1gTA0xRFFUCHlIVEV8JOxoABw1VAAxUPgUeDgBVTFdRWF9FHxlVShYOUQwXTT4DCklIFl8JVQACAEMCVFFFBAxETVtTDkMJRwVZQFVaBwEbBRtZTAEJD1sVQwsIDRtYBwxDXGxfHkZDSldOGh0LWAcMBwgtRwEYRVpWaRMAW1JXWwBYQApVXExHUFUKG1JLR18JAQs3HAYaU1sbTUgNCh9EDwRQV2xfHkZDSldOGgoMShUFAzQbUDFcFQMRUgkUVBsAAFUADRQHBRwGUBhMDkJKR1kXOxAMKlAaU1tLBAcBCQsAMV4PCAQOQ1AmXkVSC1xMG01IDQcbVwUyXl0RDFhGVUoWDUsdWwNDSEJJH1EaBVhdEQxYDgocFAUaRVtLPh8HD1AOTA4GClUGGAZORURQDAhUDVdZXkZKBFcJGg8KDkoGSVERVAxeQBtNSAEKLV0KTw0bBwZCUBpZFFEOD0BdAl1eXxMAWglSWwMPQlZJWBRbW15bFUMLCg8bQAcCWVhfaRMACkpPOWUU%22%2C%22async%22%3A%22TBtXQwgXW1IOQFoIDRtbWkJJGl0AGUQbCQZWRhEBEQZdByZQBxgPBhcWVFwDFRFCFRAYBFdYCV0EFUMCBw8WUQAyXl9BVxcBW1JFThoLGE1DUBVJG0cxD1ZNEQxKSFsLHQNKDhBXBkhUW14WDQVWS1RfFAMmHBwPXUtDCU1ICgIBVwYMRV5aWB07DQEYBxpTSRVDBgsdF1hMVwdEHxQSDRccBkACEgQVQwkCAhdaGjJeXREMWFUdCkxTDlAfFFhaCF9fAAxfUxRRA0tTVAoWVg8IGFtQUw1aFBZCT1ZfVV8WDRgcED1RDVsDQ0hCSQZGDwtRUFBpCQsMGhYHZwAdG1tIV1NDDV1ZARsfFBsADw0HFlEaHEs%2BAwpJSBZMQRVaUlsKBRAPGz1RDVsDQ0hCSRFBHRlYVGxfHjtISk9AXBoJFBIfDAYbQEMLWEteFFZGGh0GFlcEJlAFNVxJSBYcCFpWUU9OO0pQRFUAUE1mV1peWEcBTEEVWl9fGQ8mARFAAktbFUMJARgGFlRPFRURWx8QEQcRQAJLE0oVCwlJXhYcMkJQVxRARhpZRgQICxsOTFtcXxMZWlsECR4OSl0dRUNbAFkbCVgOWF9FDUxBFVZSaRMAW1JXVghRTVpQC11dFA0KDgAJB1dOUB0NF1IBUUsJUQtXCEUWQk9WXVdfDg0WBhQOZwAdSkNQNTYP%22%7D\u0026extm=320"}},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccept-Ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nLocation: https://example.com/\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":513,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"example.com/","fqdn":"example.com","domain":"example.com","tld":"com"},"ip":{"addr":"23.192.228.84","port":443,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-22T18:27:22.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.example.com","organization":"Internet Corporation for Assigned Names and Numbers"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 15 Jan 2025 00:00:00 GMT","end":"Thu, 15 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:0D:B7:AF:4B:2B:C9:04:0C:83:44:70:1A:CA:08:D0:C6:93:81:E3","sha256":"45:59:43:CF:81:94:25:76:1D:1F:95:02:63:EB:F5:47:55:D8:D6:84:C2:55:35:94:39:76:F4:88:BC:79:D2:3B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: example.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fhvfd.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/html\r\netag: \"bc2473a18e003bdb249eba5ce893033f:1760028122.592274\"\r\nlast-modified: Thu, 09 Oct 2025 16:42:02 GMT\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 363\r\ncache-control: max-age=86000\r\ndate: Sat, 22 Nov 2025 18:27:23 GMT\r\nalt-svc: h3=\":443\"; ma=93600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":513,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (512)","md5":"bc2473a18e003bdb249eba5ce893033f","sha1":"4d2ccb820d3be7199f10b4f644a17812ff816df0","sha256":"6f5635035f36ad500b4fc4bb7816bb72ef5594e1bcae44fa074c5e988fc4c0fe","sha512":"97343b6fb3419ddcdecc85bb2098bb5addcb6d89dabef9d0c03ec94aca7af5fd0fc745ca6e40e9fd8693a3c658e453b422c764182c74324dfb571cea0cf15abf","ssdeep":"","tlshash":"a1f00e4ac281212db9a285ea2ce271082619848827d41cb17cdfa2b2edc1232b37275d","first_seen":"2025-10-09T16:51:56.138866Z","last_seen":"2026-02-11T17:39:53.044712Z","times_seen":1144,"resource_available":false,"data":null}},"time_used":890,"timings":{"blocked":359,"dns":26,"connect":151,"send":0,"wait":171,"receive":0,"ssl":181},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.effectivegatecpm.com/fa5jkpnvm4?key=9a5502977bec78f591cea3212f5573cb","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-22T18:27:20.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 14:07:36 GMT","end":"Mon, 05 Jan 2026 14:07:35 GMT"},"fingerprint":{"sha1":"4C:76:9C:94:6C:42:34:72:A0:D2:AB:83:41:4F:50:A7:86:B9:29:0E","sha256":"51:E9:3D:E7:55:E3:07:4E:B1:52:4B:31:49:6B:73:49:75:A8:2B:47:1F:1C:38:82:10:F3:DF:F5:9C:F3:88:6B"}}},"request":{"raw":"GET /fa5jkpnvm4?key=9a5502977bec78f591cea3212f5573cb HTTP/1.1\r\nHost: www.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 22 Nov 2025 18:27:21 GMT\r\nContent-Type: text/html\r\nContent-Length: 2239\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nvary: Accept-Encoding\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNDg1NDg4MCwiayI6IjlhNTUwMjk3N2JlYzc4ZjU5MWNlYTMyMTJmNTU3M2NiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0Mzc1NTc0LCJwaWQiOjE1MjA5MDIsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTgsImFpZCI6MjgsInB0Ijo0LCJwayI6ImZhNWprcG52bTQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIiLCJhciI6W119fQ.ll01KtRQsu6JyHTX7ar1m4PxR8K7Zsz4DBzAZwBMsdM; expires=Sat, 22 Nov 2025 18:28:21 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: www.effectivegatecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: eb480dd707d0e4fa579b5afdfbf394c9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4627,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (4626)","md5":"77a6d442744c7a308a6601b61fd0d108","sha1":"67cf6c0e4045e041a854c4eda2102fdebf38f41e","sha256":"16e22d62a93f266fca4ee18fee5c5c2ed0a41b517933e9658a3bf648f84dbf40","sha512":"0df802a96df6189170da300c0e0ce5c8a8711cb5037caa99e7634922cf684830bb0f796860ab2cc444eb2de0274587645e0712eae7ed1d8b5905de1d9d7137e4","ssdeep":"96:z922YfIuzVcmCmPIHIboIgpwGBoW8MnVeSa+ARn9nZPAP4m:Q2YfTzSjkc6ozwEtn3a3V9WP4m","tlshash":"00a153922434b835407a1517e5af731937324e17ba027460a15c5af43d3de8faa16fde","first_seen":"2025-11-22T18:27:44.966342Z","last_seen":"2025-11-22T18:27:44.966342Z","times_seen":1,"resource_available":false,"data":null}},"time_used":686,"timings":{"blocked":295,"dns":13,"connect":92,"send":0,"wait":96,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-22T18:27:22.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"GET /api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346 HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.effectivegatecpm.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nContent-Type: text/html; charset=utf8\r\nContent-Length: 39320\r\nConnection: keep-alive\r\nAccept-Ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":39320,"size_decoded":0,"mime_type":"text/html; charset=utf8","magic":"HTML document, ASCII text, with very long lines (36557)","md5":"9db96303a405091b80f916082ca0f80b","sha1":"5982e95015889f5ae85edb1e61568eb8fa68980a","sha256":"dc661c8d7b867094e4490100cce2b18a911a0770dbeb8182fa879cb4bd53276e","sha512":"ce5feeb09fb1e31972c988a7c7054303df8cec504335d0cd5b81ef7b3655571c7dc61bd229e46414582397e6bdfd4bba6d4de25361db6ed32f1975d026bc23ad","ssdeep":"768:9bf6CkkX6ckW+vvgqKH2AWMc4fWrL3eEhA2P:9yJ3vgRHfwRLuEhAW","tlshash":"d103e98832d7f09586322322c1bf57d9f17f9b11a85a8d20c117e29678256ebc137eed","first_seen":"2025-11-22T18:27:44.970298Z","last_seen":"2025-11-22T18:27:44.970298Z","times_seen":1,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":95,"dns":13,"connect":26,"send":0,"wait":53,"receive":1,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026rfhif=1\u0026ts=1763836041\u0026z=9819346","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","date":"2025-11-22T18:27:22.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"GET /api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026rfhif=1\u0026ts=1763836041\u0026z=9819346 HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nContent-Type: text/html; charset=utf8\r\nContent-Length: 38995\r\nConnection: keep-alive\r\nAccept-Ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38995,"size_decoded":0,"mime_type":"text/html; charset=utf8","magic":"HTML document, ASCII text, with very long lines (36557)","md5":"a7f713fccb51342b75350839a6a0f69d","sha1":"455cac34ccc1ebb7743e527496e58e4adc2f5369","sha256":"035adc78e716d2f6aa4796b27ebe83af92c8bd19a7033f198b0888d01ca66cfd","sha512":"bdb2a5805b3b495f2f2f872ad580708a2f6d9d9403fa57df3642bccc5d7d6d8a387e2c1aaa234671f93277fdeda639d328b827091c2421a231cac985181d8650","ssdeep":"768:tcVkkX6ckW+vvgqKH2AWMc4fWrL3eEhA2s:ZJ3vgRHfwRLuEhAF","tlshash":"ab03e88832d3f49587321322c1bf57d9f17f9b11a85a8d208117e29678256ebc137eed","first_seen":"2025-11-22T18:27:44.972098Z","last_seen":"2025-11-22T18:27:44.972098Z","times_seen":1,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/debug?event=before_js","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","date":"2025-11-22T18:27:22.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"POST /api/debug?event=before_js HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://fhvfd.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"a60852f204ed8028c1c58808b746d115","sha1":"b0a98216a32426b9e66a4ac1eb6df2e96e1b495c","sha256":"843ac01149cced785dfebd0028d3b03ba78e286e1c6f9517ebfcdb609d97af4c","sha512":"8f08a640907f62411c90fdfb58f33b770baee98d1454f3f82cd65a32f7e378c223557cef762e39207faab39263c7a3fa2b4a4b01ff8892b8dabf7111958a169e","ssdeep":"","tlshash":"c71000000000000000000000000000000c000000000000000c00000000000c00000000","first_seen":"2023-03-26T00:57:33Z","last_seen":"2026-05-12T21:11:03.610674Z","times_seen":17645,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":17,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/debug?event=before_run","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","date":"2025-11-22T18:27:22.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"POST /api/debug?event=before_run HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://fhvfd.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"a60852f204ed8028c1c58808b746d115","sha1":"b0a98216a32426b9e66a4ac1eb6df2e96e1b495c","sha256":"843ac01149cced785dfebd0028d3b03ba78e286e1c6f9517ebfcdb609d97af4c","sha512":"8f08a640907f62411c90fdfb58f33b770baee98d1454f3f82cd65a32f7e378c223557cef762e39207faab39263c7a3fa2b4a4b01ff8892b8dabf7111958a169e","ssdeep":"","tlshash":"c71000000000000000000000000000000c000000000000000c00000000000c00000000","first_seen":"2023-03-26T00:57:33Z","last_seen":"2026-05-12T21:11:03.610674Z","times_seen":17645,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":73,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/sf_touch?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026z=9819346","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","date":"2025-11-22T18:27:22.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"GET /api/sf_touch?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026z=9819346 HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nContent-Type: image/gif\r\nContent-Length: 43\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"df3e567d6f16d040326c7a0ea29a4f41","sha1":"ea7df583983133b62712b5e73bffbcd45cc53736","sha256":"548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87","sha512":"b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041","ssdeep":"","tlshash":"c2900003caa08002c2a2c0300a0a03002f88a2300228030e80bc30acec3a3a22c02000","first_seen":"2023-04-05T03:49:37Z","last_seen":"2026-05-13T14:37:05.626142Z","times_seen":101593,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":60,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"example.com/favicon.ico","fqdn":"example.com","domain":"example.com","tld":"com"},"ip":{"addr":"23.192.228.84","port":443,"asn":20940,"as":"Akamai International B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://example.com/","date":"2025-11-22T18:27:23.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.example.com","organization":"Internet Corporation for Assigned Names and Numbers"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 15 Jan 2025 00:00:00 GMT","end":"Thu, 15 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:0D:B7:AF:4B:2B:C9:04:0C:83:44:70:1A:CA:08:D0:C6:93:81:E3","sha256":"45:59:43:CF:81:94:25:76:1D:1F:95:02:63:EB:F5:47:55:D8:D6:84:C2:55:35:94:39:76:F4:88:BC:79:D2:3B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: example.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://example.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\naccept-ranges: bytes\r\ncontent-type: text/html\r\netag: \"bc2473a18e003bdb249eba5ce893033f:1760028122.592274\"\r\nlast-modified: Thu, 09 Oct 2025 16:42:02 GMT\r\nserver: AkamaiNetStorage\r\ncontent-length: 513\r\nexpires: Sat, 22 Nov 2025 18:27:23 GMT\r\ncache-control: max-age=0, no-cache, no-store\r\npragma: no-cache\r\ndate: Sat, 22 Nov 2025 18:27:23 GMT\r\nalt-svc: h3=\":443\"; ma=93600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":513,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (512)","md5":"bc2473a18e003bdb249eba5ce893033f","sha1":"4d2ccb820d3be7199f10b4f644a17812ff816df0","sha256":"6f5635035f36ad500b4fc4bb7816bb72ef5594e1bcae44fa074c5e988fc4c0fe","sha512":"97343b6fb3419ddcdecc85bb2098bb5addcb6d89dabef9d0c03ec94aca7af5fd0fc745ca6e40e9fd8693a3c658e453b422c764182c74324dfb571cea0cf15abf","ssdeep":"","tlshash":"a1f00e4ac281212db9a285ea2ce271082619848827d41cb17cdfa2b2edc1232b37275d","first_seen":"2025-10-09T16:51:56.138866Z","last_seen":"2026-02-11T17:39:53.044712Z","times_seen":1144,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.effectivegatecpm.com/favicon.ico","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.effectivegatecpm.com/fa5jkpnvm4?key=9a5502977bec78f591cea3212f5573cb","date":"2025-11-22T18:27:21.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 14:07:36 GMT","end":"Mon, 05 Jan 2026 14:07:35 GMT"},"fingerprint":{"sha1":"4C:76:9C:94:6C:42:34:72:A0:D2:AB:83:41:4F:50:A7:86:B9:29:0E","sha256":"51:E9:3D:E7:55:E3:07:4E:B1:52:4B:31:49:6B:73:49:75:A8:2B:47:1F:1C:38:82:10:F3:DF:F5:9C:F3:88:6B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.effectivegatecpm.com/api/users?token=L2ZhNWprcG52bTQ_a2V5PTEwYWZhZWMzNTQwNGZmZDVlZGJhZDAxMzFiYjM4ZWU2JnN1Ym1ldHJpYz0yNDg1NDg4MA\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNDg1NDg4MCwiayI6IjlhNTUwMjk3N2JlYzc4ZjU5MWNlYTMyMTJmNTU3M2NiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0Mzc1NTc0LCJwaWQiOjE1MjA5MDIsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTgsImFpZCI6MjgsInB0Ijo0LCJwayI6ImZhNWprcG52bTQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIiLCJhciI6W119fQ.ll01KtRQsu6JyHTX7ar1m4PxR8K7Zsz4DBzAZwBMsdM; cjs=t\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.effectivegatecpm.com/api/users?token=L2ZhNWprcG52bTQ_a2V5PTlhNTUwMjk3N2JlYzc4ZjU5MWNlYTMyMTJmNTU3M2NiJnBzdD0xNzYzODM2MTAxJnJtdGM9dCZzaHU9MWQ3Mzg0YjY5MDE3OTNiNDI0NzQ3NTY5YjFhYTBkYjVhYWI1OTE5ZjFiMTBjODc4MzZhZGQxMDExMTU5YjVjMDkxZDJiOTQzZWNhODBiMjMzOWI0NjM3N2I5ZTUxNDNhNmI4ZTAzMThkZDAxODFlNGVkNDhkNWZhMGEyMTg1ZDk0Mjg4NTg3YzYyZTYwZDRlYjNkM2ZhY2NhNWEwZGQ1ODU2ZDgxZGMxMjMwYzA2NTBiNzNiZTImcGlpPSZpbj0mdXVpZD0","fqdn":"www.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-22T18:27:21.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 14:07:36 GMT","end":"Mon, 05 Jan 2026 14:07:35 GMT"},"fingerprint":{"sha1":"4C:76:9C:94:6C:42:34:72:A0:D2:AB:83:41:4F:50:A7:86:B9:29:0E","sha256":"51:E9:3D:E7:55:E3:07:4E:B1:52:4B:31:49:6B:73:49:75:A8:2B:47:1F:1C:38:82:10:F3:DF:F5:9C:F3:88:6B"}}},"request":{"raw":"GET /api/users?token=L2ZhNWprcG52bTQ_a2V5PTlhNTUwMjk3N2JlYzc4ZjU5MWNlYTMyMTJmNTU3M2NiJnBzdD0xNzYzODM2MTAxJnJtdGM9dCZzaHU9MWQ3Mzg0YjY5MDE3OTNiNDI0NzQ3NTY5YjFhYTBkYjVhYWI1OTE5ZjFiMTBjODc4MzZhZGQxMDExMTU5YjVjMDkxZDJiOTQzZWNhODBiMjMzOWI0NjM3N2I5ZTUxNDNhNmI4ZTAzMThkZDAxODFlNGVkNDhkNWZhMGEyMTg1ZDk0Mjg4NTg3YzYyZTYwZDRlYjNkM2ZhY2NhNWEwZGQ1ODU2ZDgxZGMxMjMwYzA2NTBiNzNiZTImcGlpPSZpbj0mdXVpZD0 HTTP/1.1\r\nHost: www.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.effectivegatecpm.com/api/users?token=L2ZhNWprcG52bTQ_a2V5PTEwYWZhZWMzNTQwNGZmZDVlZGJhZDAxMzFiYjM4ZWU2JnN1Ym1ldHJpYz0yNDg1NDg4MA\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNDg1NDg4MCwiayI6IjlhNTUwMjk3N2JlYzc4ZjU5MWNlYTMyMTJmNTU3M2NiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0Mzc1NTc0LCJwaWQiOjE1MjA5MDIsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTgsImFpZCI6MjgsInB0Ijo0LCJwayI6ImZhNWprcG52bTQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIiLCJhciI6W119fQ.ll01KtRQsu6JyHTX7ar1m4PxR8K7Zsz4DBzAZwBMsdM; cjs=t\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.21.6\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nlocation: https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346\r\nset-cookie: pdhtkv=true; expires=Sun, 23 Nov 2025 18:27:22 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Sun, 23 Nov 2025 18:27:22 GMT; path=/; secure; SameSite=None\npdhtkv28=true; expires=Sun, 23 Nov 2025 18:27:22 GMT; path=/; secure; SameSite=None\nuncs28=1; expires=Sun, 23 Nov 2025 18:27:22 GMT; path=/; secure; SameSite=None\nu_pl24854880=1; expires=Sun, 23 Nov 2025 18:27:22 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 215\r\nHost: www.effectivegatecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0d647634bdc32c193d0a640b59067079\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":39320,"size_decoded":0,"mime_type":"text/html; charset=utf8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":873,"timings":{"blocked":282,"dns":1,"connect":92,"send":0,"wait":309,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"www.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/debug?event=alive_900","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","date":"2025-11-22T18:27:23.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"POST /api/debug?event=alive_900 HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://fhvfd.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fhvfd.com/api/reverse?var=9819346\u0026feedId=3499\u0026ymid=c13f0bb7-124a-4630-809d-6980b09d6479\u0026var_3=300004\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:23 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 2\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"a60852f204ed8028c1c58808b746d115","sha1":"b0a98216a32426b9e66a4ac1eb6df2e96e1b495c","sha256":"843ac01149cced785dfebd0028d3b03ba78e286e1c6f9517ebfcdb609d97af4c","sha512":"8f08a640907f62411c90fdfb58f33b770baee98d1454f3f82cd65a32f7e378c223557cef762e39207faab39263c7a3fa2b4a4b01ff8892b8dabf7111958a169e","ssdeep":"","tlshash":"c71000000000000000000000000000000c000000000000000c00000000000c00000000","first_seen":"2023-03-26T00:57:33Z","last_seen":"2026-05-12T21:11:03.610674Z","times_seen":17645,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fhvfd.com/api/win_request","fqdn":"fhvfd.com","domain":"fhvfd.com","tld":"com"},"ip":{"addr":"139.45.195.5","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://fhvfd.com/api/submit_form_request?p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026ts=1763836041\u0026z=9819346","date":"2025-11-22T18:27:22.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fhvfd.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 05:14:37 GMT","end":"Wed, 17 Dec 2025 05:14:36 GMT"},"fingerprint":{"sha1":"9F:2E:C8:A2:E5:48:E4:42:D5:0C:93:60:42:73:66:2F:FA:D0:B2:65","sha256":"2F:BC:AD:04:CB:EF:55:04:3B:C0:09:00:33:69:26:36:96:19:EF:89:BB:FA:45:5E:82:E4:90:E2:A7:17:56:2B"}}},"request":{"raw":"POST /api/win_request HTTP/1.1\r\nHost: fhvfd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 4087\r\nOrigin: https://fhvfd.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fhvfd.com/api/reverse?var=9819346\u0026feedId=3499\u0026ymid=c13f0bb7-124a-4630-809d-6980b09d6479\u0026var_3=300004\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":4087,"data":"ad_scheme=1\u0026p=c13f0bb7-124a-4630-809d-6980b09d6479\u0026rfhif=1\u0026hil=1\u0026jsp=1\u0026ng=false\u0026ix=true\u0026pt=false\u0026np=false\u0026nw=true\u0026nb=true\u0026sw=1280\u0026sh=1024\u0026pl=https%3A%2F%2Ffhvfd.com%2Fapi%2Fsubmit_form_request%3Fp%3Dc13f0bb7-124a-4630-809d-6980b09d6479%26rfhif%3D1%26ts%3D1763836041%26z%3D9819346\u0026wy=0\u0026wx=0\u0026ww=1280\u0026wh=1024\u0026cw=1\u0026wiw=1\u0026wih=1\u0026wfc=0\u0026sah=1024\u0026navlng=en-US\u0026drf=https%3A%2F%2Ffhvfd.com%2Fapi%2Fsubmit_form_request%3Fp%3Dc13f0bb7-124a-4630-809d-6980b09d6479%26ts%3D1763836041%26z%3D9819346\u0026wgl=llvmpipe\u0026tb=false\u0026btz=UTC\u0026bto=0\u0026pnt=0\u0026pnrc=0\u0026bml=0\u0026bmi=false\u0026vsbl=true\u0026adex=%7B%22sync%22%3A%22TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBcHAtKQ1AVSQZbGgxbGwkHVkYLASoQTktDD1ZGTBkCRExXBAkfFA4eFkpPUhRLDk4%2BHQY0BV0ZMkBQW2kNHCYfDD1RESZOBwkxGBNcMR5fZkBBJRcYHyoBTzYaUUNQX0dQQB0yU1xHUxkQHAxXWAhFW1MSHw9JSARCT1lJbEYeRkNYWUBQABUbW15CSQddCk8NCR8UHhYfSk9SFEsJVUNQX0dQWglPDQkfFA4eW1JEVhRLF1tDUF5HUFoPHRUDAxpYFA1KT1IUSxxPAAZMUUIYTAVUGwkGVkYdBVdYCEVbSxUeTFFCGEwOX2ZcVBBGQ1hZQFYeJk4FSFRbXhYBHlRJRhRAVFVKHQtcDRxXQ1BfR1BXBjJYW1lpEwodDQ1AAllVGxYDADQZURceaFVWWB0QEUpPUhRLGlYNBRw0FlEeGV8bCQZWRg8NGwZXG1sDUUZMDBNZCx1WXUAUQFRVShsOZwcVSkNQXkdQVwEBWEtsURsJDBxXWAlFW0kHBkxRQhhMDkRQEQxKSFsLGRYaU0kVQwAdG1AOXkEVSV1CWF5JRFcSVhsaG1taQkkCWA8ZUVZBWyUAHBwQAUwGCxtbX0JJHFEdTw0JThpYFhBKT0BUBQ9UEQMeDlAYTB9BGwkUNwEKCVdOGhsJSUNQX1leFhoXWBsJBlZGDh9XWAlbQQlNSBkDUA5fXQUNHxQNDQ5KT1MUSw5QCUhUWl4WGRUVAwMaWBMASk9SFEsQQUNQX0dQQwgOFQMCGlgXGABXWAlZSw1NSB0DUA5fXQUNHxQJE1tSRFAAWVUbEgsZSUgFXFUHFRFCCTsdDQEHWx0cXUNQXkdQXh0YVhsJFDcLAwEZDllGTBdRSkY8G1oKAkBKE3guREhYW1IDSS5QD1xaUFJMWFkMGUFAQFVKXFtSEUk%2BXAIBAURABF9dBwgDB1oiEBoQBFcRVghSXkBbUBhMA0cbCQdWRgkMV1gaABdNBBgACh4ZHglRFEVfHxMcGk8LSzkwAggEGg4AWg8BGklXUFcSEA0CB0pTEEoxI1UCHEALH1lYXxsKAB9FAwtdHhxLWwMdOzsPBwNDXEFYGwhUGBEEFR8QXBYPHFEbRz4kDFBdQh8WFwkZT0gNHxQXAwscF0ZUBERpeg1YSFsAHA4aU0gVQx8HD1AOABhbVR8UHhYfSk9AUB0NSRJQQUQUXBgLUxdQWRdLGBgcTUscG1QIHjENHUYDMkVcQkMfFw1XBV9bWEpfUQgMXF8FXFlWFAcASVRUUEVbXERPAFlaDFtLUFhZAAAVQglZSF9DUQBaTwlVW0gRTw1WXA4KBwBYSFsYGUACSxFNFRodUV0bCAVBX1cYGQsURxQSUUYKTAMHBx8tUgEfWmZBUwsRHBsBXUhUGghSDF4JEANDXAUNUhtOUkpYWFoIUB0UV1NWWxAEVwkBDQQPXBYfABwEBVhfTRJXX1xEB1ZeAQkHB1weRFFNUwFaTQ9DRkwFFRZUXRsbR0xYXls9ISEaRVtXA0hUWl4WAAxHGwkULQ0XW0dAFEsJTUNQXkdQURgMWxsJBU1IWwAWQAJdQRVDDgNJSBlfQRVLR0JYXlRZWUBbASZWAwBMUUIYTANAGwkHVkYODFdYXggVSgRGTAQBVx4YFQMRehMKDBBVGgBfJg9VSEJJGl0KCVJXEQwcBRUbEE4aChFmDggENBtaCghPGwkbS0hbHxwMZwIcQBI1Ag4cUxoFFQMBB09IWwsaDlcbJl0EGhoDUA5cWRsbRVMUABYaV1gaS1UbBgsDDgJVCh4VAwMaWAoVSk9AXQdUbDJIQkkcWB1PDRtWWFcxKkQQDBpFW1oOBgEZLVMPAEJNEQxYFwsPF0AUSwlfDUhUSVAYTA5bTREMARlVSh8RSEtDCE1IHgUGFlRdGxtDWAgHW1JFThoZFVgVDAEZH2sKCENcUEIVFltSDkBRGiZYDw4cBBtQTFdRWF9FH0hbAQY9TBsQXQQEGklIUg8BRFwfFBMXJgsdEFcEEEwMNVZdLVscMllcRFMIRkMOFA5LDFUbCBkxCBpGAQBeTF4UQAIYBAYHFEsQSj4PCgwXFlQLVlVAU1ZGEBsqBV0KElZDUBoZB1FCT15KbEEfBiYDHBYaUx9YDRkLR1BdHTJAXFFpEQ0NN0NSDjYWSz4ECxwXRkxXUVhfRR9IWwEGPVwMClIVBR40AVUIDEVQEQwcBRUbEE4aAApmAgIcBB9dGwBoVkNTCAVbUhMDVBocRE1IDQcbUQAZaFBXFEBGSAwXWwlfQF9MU14NRhlaDwVdHlRPVU5FFwEMXhhYA1tXCENSTEEVWFVQEwgQCQEHZwAdG1tITEdQQBwMUV9aVSUXFh0HAV02EF1DUExaQgVXVAAIBRRWRhgMAwdKHRBKBBgxAhYWVE8VFRFVGwkJCRwFVjYQXUNQTEleFg0YRE1cWyUNHTdEQAJLHUoRRx0eEFkHGRpfXEQXRlVKFhdLHRZUPgMKNEAWVE9FXF5ZGB1NN0ZaCV5BAFU1WFtCB1tYFRURVRYNGgMqC1xLQxtDRkwIHUcaTw0bERpYCRwcHQ1cS0MbCxkaChUWQk9FZkZfHkZDShZTCw9JWwNdQ1pAAA9AAw8ABldcSVERTw5QQQkDWlcPRABZVBUVEVkbOxAMV1gaXUkBVQlfCkECCFRTWgQGTgVNXBEHWllAAVNaXgpLV1lPGxtSUh4NDQEaDFkFJlAFGUxRKWkT%22%2C%22async%22%3A%22TBtXQwgXW1IOQFoIDRtbWkJJGl0AGUQbCQdWRhEBEQZdByZQBxgPBhcWVFUDFRFCFRAYBFdYAF0EFUMCBw8WUQAyXl9BVxcBW1JEThoLGE1DUBVJG0cxD1ZNEQxKSFsLHQNKDhBXBkhUW14WDQVWS1RfFAMmHBwPXUtDCU1ICgIBVwYMRV5aWB07DQEYBxpTSRVDBgsdF1hMVwdEHxQSDRccBkACEgQVQwkCAhdaGjJeXREMWFUdCkxTDlAfFFhaCF9fAAxfUxRRA0tTVAoWVg8IGFtQUw1aFBZCT1ZfVV8WDRgcED1RDVsDQ0hCSQZGDwtRUFBpCQsMGhYHZwAdG1tIX1tDDVdaBg8RGlgFHR4QEEwAClwTNQcPUA5MTxsbUFcXFBgBEgxnAB0bW0hMR1BXGx5DVl5pEwAmWVdYGg0KSUwZGwkfXRpAUVZBW1hIWwsAEUwGFGYIDjFZUA5MH1JUXFQDUCZbTVMPUUANPlxeW0EBW08bG1BaEwcSNxwGGlNbG01IDQQBQExXFRsfFBcBDQAaBhpTW1MSHg8MUBhMH2hMWlJYXlsLRFFeWRtbVkdfWUZVQ1kBCgMbQlRADFhUAVFJW1FTCl1GA1dPGxtcVyUNHUpPQAxZQQ0CWw9YRFJXCVQOAwIbUE0MEAAIUEELUVoPUhEDTEEVWFdSExAQBxsDVDYQXRJIVDAvSQ%3D%3D%22%7D\u0026extm=334"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 22 Nov 2025 18:27:22 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 13\r\nConnection: keep-alive\r\nAccept-Ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"3328d8623c4f4fce5cb17405de72f941","sha1":"303058f96788510d354c7e0279e3fdabd79ea4b4","sha256":"314b114ac3769cff5d4625aecf57331f25e52ac84a8b583023d796cbefa74b04","sha512":"1b6b3d49768b39abb31ca17d079513983c45e3b671f504be68a42fec4b41d9e1307d6f5e015e8a22f2b9b5194af30cf624eec2c7604d7f3e52839a625bb1a5f6","ssdeep":"","tlshash":"db600030000000000300cc0000333000000cc030f0000c00000000cc00c0300c0cf30c","first_seen":"2025-11-19T18:00:33.552133Z","last_seen":"2025-11-30T18:40:08.197498Z","times_seen":7,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}