{"report_id":"510328c6-d525-4938-80cc-3a27cfcfb9fa","version":6,"status":"done","tags":[],"date":"2025-09-20T21:34:03Z","url":{"schema":"http","addr":"farnuq73xy.com/?campaign=dyyox7qOWp\u0026click=62C79E50-9669-11F0-8786-3D5621112A2F\u0026network=yo\u0026version=13\u0026zone=193132","fqdn":"farnuq73xy.com","domain":"farnuq73xy.com","tld":"com"},"ip":{"addr":"172.67.147.84","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"popupblockergold.pro/discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=","fqdn":"popupblockergold.pro","domain":"popupblockergold.pro","tld":"pro"},"title":"Popup Blocker Gold"},"submit":{"url":{"schema":"http","addr":"farnuq73xy.com/?campaign=dyyox7qOWp\u0026click=62C79E50-9669-11F0-8786-3D5621112A2F\u0026network=yo\u0026version=13\u0026zone=193132","fqdn":"farnuq73xy.com","domain":"farnuq73xy.com","tld":"com"},"ip":{"addr":"172.67.147.84","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T21:34:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"farnuq73xy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"popupblockergold.pro","ip":{"addr":"104.21.47.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":12604,"sent_data":1737,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:5.2.3","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":1678,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":196040,"sent_data":505,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"popupblockergold.com","ip":{"addr":"104.21.69.55","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":574041,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":5728,"sent_data":528,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"farnuq73xy.com","ip":{"addr":"104.21.95.194","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":856,"sent_data":580,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"popupblockergold.pro/discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=","fqdn":"popupblockergold.pro","domain":"popupblockergold.pro","tld":"pro"},"ip":{"addr":"104.21.47.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9e2764bb5f02f84300b66bf2c565475e","sha1":"45e4694e1659ed0ae5a50e81b92976c1e3bdd00e","sha256":"e6fea2009016f1af420090678996a6d986fb3264c92b9cd033b9421bd8934dbc","sha512":"abc9a5afce587cb7c539ab67c654bb4a7fe420471ac0ed405cf43d0848d51a09831ed14d2604cb82f9ea0b3a2948cc0908df2e07f810fb42048f5272dc6c0e55","ssdeep":"","tlshash":"14f068a94a6616b41677b029471f79002ab684e36024e801be8cee424fe0f1a64fa1c3","size":464,"data":"","first_seen":"2025-09-19T09:57:11.61313Z","last_seen":"2026-01-01T09:04:30.113927Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"popupblockergold.pro/discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=","fqdn":"popupblockergold.pro","domain":"popupblockergold.pro","tld":"pro"},"ip":{"addr":"104.21.47.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"36ef873daefd7db85f27eced9351d245","sha1":"8f11a14de388800629166411a90665f774b63afc","sha256":"f3baf2e83dd072272b133521562a7963ce8e1e44283e4f5ae9dc68664809f8f2","sha512":"7c498b723600a2bb387a4de14469aaebef3019963176d7c2cbe3e8abc6ae8efc543074d6be97c0cc03ba03bf816d9082cfd0c3fa06bc65dc501c74dac6825ca2","ssdeep":"","tlshash":"cdc0801510d2508547af6115c716a455259532114fa096d1f44cd456779c0553413656","size":158,"data":"","first_seen":"2025-09-20T21:34:25.43392Z","last_seen":"2025-09-20T21:34:25.43392Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"popupblockergold.pro/discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=","fqdn":"popupblockergold.pro","domain":"popupblockergold.pro","tld":"pro"},"ip":{"addr":"104.21.47.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-20T21:33:41.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"popupblockergold.pro","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 13:22:01 GMT","end":"Sun, 23 Nov 2025 14:20:26 GMT"},"fingerprint":{"sha1":"70:2C:91:20:30:7F:51:62:84:B9:9B:9C:B0:77:50:42:75:CC:1E:DD","sha256":"AB:05:80:41:B7:47:29:24:4B:03:13:34:61:27:13:2A:C9:D8:50:A9:8C:16:E4:F2:25:B9:D8:45:25:D2:EA:59"}}},"request":{"raw":"GET /discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw= HTTP/1.1\r\nHost: popupblockergold.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Sep 2025 21:33:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CNxwWzXwAaNxUchmz2aacYpDD0V2yQCdwWu0ucK6FvaWBO0CN8jC2zS8nc0LbYn6q03whjlbbfWB2vW9t5qhnlXRIcO%2Bxu4hQiFJR0a1n%2Fq8ww%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: _asd=17584040214291117; SameSite=None; Secure; Path=/; Domain=popupblockergold.pro; Max-Age=31536000; Expires=Sun, 20 Sep 2026 21:33:41 GMT\r\ncf-ray: 9824714ccc4c56ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:5.2.3","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}],"data":{"size":3128,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"33f4d723ad0b241c03975cc40eb60165","sha1":"297b7069d291e9005d3af8443f0da89445a47a4c","sha256":"b710b120338b626f884af8f8d86b0b253fba981ac571844a9e9eaebc36d93b30","sha512":"ccfefbe973cbc91250abd88ff1325b5087d0b6dcb2615e9d36277496957a3392caf76802467b5a7b73e9225455fb3c3e5451e5615e4a64f492fa666eb466ff78","ssdeep":"","tlshash":"f351d521e9e0106b31a380446fa1be497f524143c901ea50f6fda6994fdef4288f32ce","first_seen":"2025-09-20T21:34:25.408392Z","last_seen":"2025-09-20T21:34:25.408392Z","times_seen":1,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":0,"dns":5,"connect":1,"send":0,"wait":95,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://popupblockergold.pro/discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=","date":"2025-09-20T21:33:41.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/bootstrap@5.2.3/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://popupblockergold.pro\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://popupblockergold.pro/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Sep 2025 21:33:41 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 30336\r\ncf-ray: 9824714e3a5221fe-OSL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.2.3\r\nx-jsd-version-type: version\r\netag: W/\"2f955-d5HdHzFzoNYsw5wh0q1x/I2tDnI\"\r\ncontent-encoding: br\r\nx-served-by: cache-fra-etou8220160-FRA, cache-bma-essb1270026-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\nage: 979531\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=0VSQk3EENLBB46um0bkUTQKDUrDR81wxFjZalToDraZAixjI%2B%2B%2B2g4Pi9wnEzgi9tzKVOUlTAQUf0rkMIEkgZSzeAwhJjO9uTQmT1McdHOnrAt3vXwTkx01ukYmiYpwhSY0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":194901,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65305)","md5":"3f30c2c47d7d23c7a994db0c862d45a5","sha1":"7791dd1f3173a0d62cc39c21d2ad71fc8dad0e72","sha256":"c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a","sha512":"49b891fdebaca612a8315557cac4ca1bfed5b1e5a28be63715d1ebb741292a0a53a1979e9a1a8779978b58b849badcffdaeb76570d6e4048f631b445f9354150","ssdeep":"1536:ZtGg9JfWgeQK5wlP72qgOfI3N9LsqkVkpz600I4lp:ZtGg9JfWD9kVkpz600I4lp","tlshash":"991482d6f190307d98a7c2499591fefd866fa585d7120aaaf0137b6807ca7c30963ecc","first_seen":"2023-04-05T16:04:29Z","last_seen":"2026-06-10T00:29:27.081199Z","times_seen":8489,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":13,"dns":1,"connect":1,"send":0,"wait":9,"receive":4,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"popupblockergold.pro/chromewebstore.png","fqdn":"popupblockergold.pro","domain":"popupblockergold.pro","tld":"pro"},"ip":{"addr":"104.21.47.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://popupblockergold.pro/discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=","date":"2025-09-20T21:33:41.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"popupblockergold.pro","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 13:22:01 GMT","end":"Sun, 23 Nov 2025 14:20:26 GMT"},"fingerprint":{"sha1":"70:2C:91:20:30:7F:51:62:84:B9:9B:9C:B0:77:50:42:75:CC:1E:DD","sha256":"AB:05:80:41:B7:47:29:24:4B:03:13:34:61:27:13:2A:C9:D8:50:A9:8C:16:E4:F2:25:B9:D8:45:25:D2:EA:59"}}},"request":{"raw":"GET /chromewebstore.png HTTP/1.1\r\nHost: popupblockergold.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://popupblockergold.pro/discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=\r\nCookie: _asd=17584040214291117\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 20 Sep 2025 21:33:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 3435\r\nlast-modified: Thu, 08 Dec 2022 14:49:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"6391f984-d6b\"\r\naccept-ranges: bytes\r\nage: 25\r\ncache-control: max-age=1200\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dAa%2BtO01gsT1quomi%2F8cdUtM8XigQ3NGls27sFs%2F%2FfqLuMwDp5lVVjrdBKBejHCFOUfDw0z52ZtCjZMmnSWkuqiy04CrZCy89TxwNB4ku9AlhA%3D%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9824714e29bd56c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3435,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 58, 8-bit/color RGBA, non-interlaced","md5":"532cd53e793496222dcdcd6a9047a6fb","sha1":"507a9ca2df230c71265b1846505430bf5db31220","sha256":"2b74fcd6c38eb603d9c86cd1c8cb97ba423d200d7e3e555cbc5a704ac456e00f","sha512":"e272131d341b3c5b4f3d84aee55b370480494f07215a73ed2b40968e6c7bca64819850bd7401f4eb74cb31ba5a5208fed0e26b3189329061ceeb840f6a693de1","ssdeep":"","tlshash":"1a615bcd8624d39dcba545a5600dc4acfb3a066019078f4861f1f0570de522ebddadb6","first_seen":"2023-05-25T22:49:00Z","last_seen":"2026-04-02T06:42:10.926937Z","times_seen":140,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"popupblockergold.com/?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=","fqdn":"popupblockergold.com","domain":"popupblockergold.com","tld":"com"},"ip":{"addr":"104.21.69.55","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://popupblockergold.pro/discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=","date":"2025-09-20T21:33:41.565Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"popupblockergold.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Sep 2025 06:30:01 GMT","end":"Thu, 04 Dec 2025 07:28:39 GMT"},"fingerprint":{"sha1":"9B:E2:0A:5C:7C:83:3B:23:C7:71:DA:84:30:82:75:96:7E:1F:45:C2","sha256":"E0:48:D2:01:C1:D4:26:E3:37:AE:86:D6:7B:E6:24:63:30:BD:AC:57:34:F3:FE:7A:D3:F3:AB:3E:C8:A6:CF:12"}}},"request":{"raw":"GET /?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw= HTTP/1.1\r\nHost: popupblockergold.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://popupblockergold.pro/\r\nOrigin: https://popupblockergold.pro\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Sep 2025 21:33:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\naccess-control-allow-origin: https://popupblockergold.pro\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6NBtRdwl8l7b2OzEXw8zupJ4bNCNP8WEb2SryfgBgL7tQitv1cjw1PqkeEzPlbJ1z8ENHAuAQQ%2FfdCQfIkpEI2811FeMk84JXFzPynT4DZmTzg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nset-cookie: c0067=dyyox7qOWp; SameSite=None; Secure; Path=/; Domain=popupblockergold.com; Max-Age=157680000; Expires=Thu, 19 Sep 2030 21:33:41 GMT\nr0067=yo; SameSite=None; Secure; Path=/; Domain=popupblockergold.com; Max-Age=157680000; Expires=Thu, 19 Sep 2030 21:33:41 GMT\ncid0067=62C79E50-9669-11F0-8786-3D5621112A2F; SameSite=None; Secure; Path=/; Domain=popupblockergold.com; Max-Age=157680000; Expires=Thu, 19 Sep 2030 21:33:41 GMT\nz0067=193132; SameSite=None; Secure; Path=/; Domain=popupblockergold.com; Max-Age=157680000; Expires=Thu, 19 Sep 2030 21:33:41 GMT\ne0067=deleted; SameSite=None; Secure; Path=/; Domain=popupblockergold.com; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:01 GMT\r\ncf-ray: 9824714eed010b49-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4370,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"7acef1dbf39f7a5a28fa53632f676436","sha1":"b7092c00a19f55c0218f76fa8dc49c4396642799","sha256":"c9153237945c6cad61656f8e5115f8be99321d08e8f67ca3019fdb70b3c09dcf","sha512":"aad577a7752b2f6576ecf8b8c5e2ff1239a50bd86fd4d6bb7a0370a1df55aed89877cd81f1b187491415af7cab9197a2d11a1e7cfe29fd2f96323330db7d6b65","ssdeep":"96:FdCrrDGQB/LWIueg0WoKh0kUWGR+pzv/dlW62:FdCrriS/KIu/4kUWGRAdlWN","tlshash":"269175216cc8862b014108c1f776bf6de1c6d927e7538848b5fdc2696beaecacc1754d","first_seen":"2024-08-20T00:16:03Z","last_seen":"2025-09-28T22:32:32.144402Z","times_seen":38,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":24,"dns":7,"connect":1,"send":0,"wait":222,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"popupblockergold.pro/images/favicon.png","fqdn":"popupblockergold.pro","domain":"popupblockergold.pro","tld":"pro"},"ip":{"addr":"104.21.47.90","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://popupblockergold.pro/discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=","date":"2025-09-20T21:33:41.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"popupblockergold.pro","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 13:22:01 GMT","end":"Sun, 23 Nov 2025 14:20:26 GMT"},"fingerprint":{"sha1":"70:2C:91:20:30:7F:51:62:84:B9:9B:9C:B0:77:50:42:75:CC:1E:DD","sha256":"AB:05:80:41:B7:47:29:24:4B:03:13:34:61:27:13:2A:C9:D8:50:A9:8C:16:E4:F2:25:B9:D8:45:25:D2:EA:59"}}},"request":{"raw":"GET /images/favicon.png HTTP/1.1\r\nHost: popupblockergold.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://popupblockergold.pro/discover.php?fr=dyyox7qOWp\u0026fy=193132\u0026fu=62C79E50-9669-11F0-8786-3D5621112A2F\u0026ft=yo\u0026fx=13\u0026fw=\r\nCookie: _asd=17584040214291117\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 20 Sep 2025 21:33:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 3924\r\nlast-modified: Mon, 12 Dec 2022 12:15:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"63971b7b-f54\"\r\naccept-ranges: bytes\r\nage: 47\r\ncache-control: max-age=1200\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FQWGo4GQHg%2FWhqXIBireRu32BUMQ6YO8vt1y6OI6dTOYDU7POYndoHCtIOqkAjc3axIhxheG%2FQBenWpFyMrY6RjIg2mEGmSHxdp4uOt9nIC5aw%3D%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9824714f99da56c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3924,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"48a27afae57ba337521df3846aeb9dca","sha1":"fca1d93411e2e7c4ae5e1bf2f0144fb67063b013","sha256":"92c816cd4965080bf4a3c3e1971441f40de461644a8987af8386c4abee5a9cfc","sha512":"eeaee017608da01c9bf6268ae3b83dc08e03c8152d7b591133b18aced8226a8c1f8c199374efdb29343c854e9d85c5eeb5dc56df77606a44e1a1b96977c4e41e","ssdeep":"","tlshash":"6081e8611da020a2d24b23349fd23884da634c53d593910eb39dcda76f34a857d8f34b","first_seen":"2024-07-11T01:14:39Z","last_seen":"2026-01-01T09:04:30.108099Z","times_seen":45,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"farnuq73xy.com/?campaign=dyyox7qOWp\u0026click=62C79E50-9669-11F0-8786-3D5621112A2F\u0026network=yo\u0026version=13\u0026zone=193132","fqdn":"farnuq73xy.com","domain":"farnuq73xy.com","tld":"com"},"ip":{"addr":"104.21.95.194","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-20T21:33:40.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"farnuq73xy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 16:08:51 GMT","end":"Tue, 16 Dec 2025 17:07:15 GMT"},"fingerprint":{"sha1":"87:93:BC:98:2A:96:7D:BC:71:C2:45:0A:17:3B:68:22:5E:F2:89:ED","sha256":"2B:CB:C0:90:33:E6:3C:91:AE:0E:76:81:35:5C:42:B0:70:7D:54:C5:18:4C:65:7A:CF:67:42:19:04:8B:EF:BD"}}},"request":{"raw":"GET /?campaign=dyyox7qOWp\u0026click=62C79E50-9669-11F0-8786-3D5621112A2F\u0026network=yo\u0026version=13\u0026zone=193132 HTTP/1.1\r\nHost: farnuq73xy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Sep 2025 21:33:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z9c9nvqt2qPLvfp74Q7J4xX%2FTJjVZj8cwfrs29v7JcvUEHQj4%2F4GzF1B7jVzRMOTss6n8vw8QwxzwKdXfyNHWxBNRv55GjpsG3eTJw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9824714a7c340b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":296,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"9bfa852c6e99181a3613639a1c047a82","sha1":"a519169c68ee3bdcb0af373f63e4265bec938666","sha256":"c60d4e5ee2581c3f6893be66c61ef30847918f969725306fc9d883d697c94eae","sha512":"bd680eb803fa5f9014acf55a140f628756e2a448f8481423df7a517dd2c7e7c579e4904dfa05289cd385a732e635c6d90e24bec6749106526cbae36f94a9aead","ssdeep":"","tlshash":"59e0c25714851e6e4378252118bc754d35ab3c05aaa858b1c443a09aa0ecf55d083336","first_seen":"2025-09-20T21:34:25.430903Z","last_seen":"2025-09-20T21:34:25.430903Z","times_seen":1,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":26,"dns":1,"connect":1,"send":0,"wait":136,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"farnuq73xy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}