{"report_id":"529cb3d3-a7c9-46de-a69d-b16825d7ab2c","version":6,"status":"done","tags":[],"date":"2025-08-28T23:32:20Z","url":{"schema":"http","addr":"gyanigurus.xyz/view/68b02595e0115","fqdn":"gyanigurus.xyz","domain":"gyanigurus.xyz","tld":"xyz"},"ip":{"addr":"172.67.208.157","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"gyanigurus.xyz/view/68b02595e0115","fqdn":"gyanigurus.xyz","domain":"gyanigurus.xyz","tld":"xyz"},"title":"The Importance of Daily Exercise"},"submit":{"url":{"schema":"http","addr":"gyanigurus.xyz/view/68b02595e0115","fqdn":"gyanigurus.xyz","domain":"gyanigurus.xyz","tld":"xyz"},"ip":{"addr":"172.67.208.157","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-02T23:32:20Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"pl27302971.profitableratecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"torchfriendlypay.com","ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-09-01","domain_rank":191479,"first_seen":"2025-07-30T13:31:49.539518Z","last_seen":"2025-08-27T16:24:56.203714Z","alert_count":10,"request_count":10,"received_data":12868,"sent_data":9218,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.highperformanceformat.com","ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-10-15","domain_rank":366864,"first_seen":"2024-10-23T18:32:34.138968Z","last_seen":"2025-08-22T04:44:47.256243Z","alert_count":1,"request_count":1,"received_data":34929,"sent_data":459,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-08-27T15:27:14.649202Z","alert_count":0,"request_count":1,"received_data":156623,"sent_data":464,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-08-27T15:12:56.836113Z","alert_count":0,"request_count":1,"received_data":412942,"sent_data":435,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-08-22T06:18:22.747826Z","alert_count":0,"request_count":5,"received_data":181274,"sent_data":2390,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-08-22T14:31:34.988902Z","alert_count":0,"request_count":2,"received_data":846,"sent_data":902,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pl27302971.profitableratecpm.com","ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":146866,"sent_data":928,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-08-26T21:51:48.445996Z","alert_count":0,"request_count":2,"received_data":171926,"sent_data":824,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"gyanigurus.xyz","ip":{"addr":"172.67.208.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":5369922,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":108660,"sent_data":3027,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:5.0.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"C3.js","description":"D3 based reusable chart library","website":"https://c3js.org/","common_platform_enumeration":"","icon":"C3.js.png","categories":["JavaScript libraries"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-08-26T21:51:48.43432Z","alert_count":0,"request_count":1,"received_data":496,"sent_data":766,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-08-27T15:14:26.687687Z","alert_count":0,"request_count":1,"received_data":28611,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-08-22T09:38:58.27174Z","alert_count":0,"request_count":10,"received_data":355549,"sent_data":4612,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"rashcolonizeexpand.com","ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-09-01","domain_rank":31106,"first_seen":"2025-06-27T17:12:36.133274Z","last_seen":"2025-08-23T10:19:23.785243Z","alert_count":4,"request_count":4,"received_data":10112,"sent_data":4825,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-08-27T15:20:49.600294Z","alert_count":0,"request_count":1,"received_data":103221,"sent_data":466,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-08-27T15:11:05.791298Z","alert_count":0,"request_count":6,"received_data":245778,"sent_data":3294,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.show-sb.com","ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":187612,"first_seen":"2024-08-31T03:46:04Z","last_seen":"2025-08-23T06:25:22.651006Z","alert_count":0,"request_count":2,"received_data":4574,"sent_data":988,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-08-27T18:43:56.966874Z","alert_count":3,"request_count":3,"received_data":14239,"sent_data":5357,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"gyanigurus.xyz/view/68b02595e0115","fqdn":"gyanigurus.xyz","domain":"gyanigurus.xyz","tld":"xyz"},"ip":{"addr":"172.67.208.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"063877223b210e66c9ceb1fdda371598","sha1":"47cde3990de7fa587020a618b7c32c7e68025abe","sha256":"4cb2d0bc9eadefe25568cb1db86f2c42992c65e71e6f5e85d3160e94e7111361","sha512":"03a38caae3ed6ac2f985022d2d08a759a1e68cde8edb666afabae4aa9a67495c028b3dd1ad653a0af47568a892f05d461ed216a86831a2ebf5ce4cc68e8d9304","ssdeep":"","tlshash":"c3c02bcc314e0cb142f72700cb7fba00b1063224d8d46a314d493304cd30e03e744810","size":153,"data":"","first_seen":"2025-08-28T23:32:27.103035Z","last_seen":"2025-09-04T19:44:13.319348Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl27302971.profitableratecpm.com/f2/08/de/f208de889065add07342893ddae508c3.js","fqdn":"pl27302971.profitableratecpm.com","domain":"profitableratecpm.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5949547d7ab15a9b74a76f76ae8e5f7","sha1":"68e8c79de0d0cc5d9136eda1218f5629710e8508","sha256":"eb2b42714f3aac3f1b08322c1f37b097236838eb2af84edb2bc0f96c25cab5eb","sha512":"bbb18d27d1c851a5e174a8c27ee0ce7f24bcca5cb2f58e083cc0c4b1a54369f4da39638cd46483dae05e537c00a2c7bd7805eec3e3732dda95ce060e5f9fa232","ssdeep":"768:Y2bnYsmRoFqw648+QhS8u+Jcj/XcdNjN/mOdY08kUbTehzbcepwPf:Y2bnwx4x5O+jvcHdY0U3fX","tlshash":"8b63c7483f51b27802e6b8fa712fa61af0265c0195d8e4d8f503f4deae66719f036f25","size":72612,"data":"","first_seen":"2025-08-28T23:32:27.076171Z","last_seen":"2025-08-28T23:32:27.076171Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gyanigurus.xyz/assets/frontend/js/jquery.min.js","fqdn":"gyanigurus.xyz","domain":"gyanigurus.xyz","tld":"xyz"},"ip":{"addr":"172.67.208.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f252523d4af0b478c810c2547a63e19","sha1":"5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb","sha256":"668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404","sha512":"8c6b0c1fcde829ef5ab02a643959019d4ac30d3a7cc25f9a7640760fefff26d9713b84ab2e825d85b3b2b08150265a10143f82e05975accb10645efa26357479","ssdeep":"1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp9i:t4J+R3jL5TCOauTwD6FdnCVQNea98HrV","tlshash":"8893d7d9b6d6706287b734a851bf410bb17aa8eab40c4c60f058c8e47e74e9d507bf2d","size":97163,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-05T00:42:07.654531Z","times_seen":67315,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"055200ca6ced08cb7c70b0cf355f2934","sha1":"47954e5874854d3655cab9489c975432e97f0247","sha256":"318b655b38f133321825eb0cac02bf595e6eb8657d71946d387d0ca0d9d33030","sha512":"298ccdcec6f332bed1de30f194723603d9e47e9350225f75821495395bb248319e17528bc4ebc0bb7fc693143d6eff8f3e7b8e5af65f391d3d8ab22220f3e704","ssdeep":"","tlshash":"92312af7815ec45e5959e0e76cc40a98e862c2dfbb43ee1821b0af2af33900cd746624","size":1554,"data":"","first_seen":"2025-08-28T23:32:27.104844Z","last_seen":"2025-08-28T23:32:27.104844Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"877640a4756a5e0ba5262f08ed4ad9ab","sha1":"3d63d1533c1578203acb5f09992291e0e479f531","sha256":"3c301cdc32550210c538302f16364ea1279cfe9fbb7bcef9132ca3ef7693b350","sha512":"6fe6c6df93978d5b695acb13bb45b2a3d62f351f40af7b32fb6a4194f84c6199c7e9fdd08217f0c3029b27b273ec413f38904d9b89a5684b1b2cfbfb41e7cff0","ssdeep":"","tlshash":"fec02b683f2001127b303cad130823a44de056233031f61e5aacd080f49c03b00a3c00","size":145,"data":"","first_seen":"2025-08-28T23:32:27.106332Z","last_seen":"2025-08-28T23:32:27.106332Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1531ab8898097de916028ace57338841","sha1":"34e905d7e6ac5019356d163c2032fe0051b71e9e","sha256":"e2cde6a8b56a52aa8ce20f97bc38c2864d511e94e3b34db5f61f0fbafbd642d7","sha512":"3dc0557f27226bc16644875c89e4ecec789e273f3ed303f98f7ba3a4b8faf5bd591f6d2d079d08d3870da75069f78934f05d453f8d06573be1958377ef8ff7e3","ssdeep":"96:gozXGizROlD5rVb0nJCAS69nROlD5rVb0nJCAy1/DeCfMEDaH:pzLY5rVrArrY5rVrAWbeCkCaH","tlshash":"41a11bf25ddad13d581af0fb38a556486c30c14f2602ff0a3daceb16ab3815c4699e48","size":4775,"data":"","first_seen":"2025-08-28T23:32:27.108055Z","last_seen":"2025-08-28T23:32:27.108055Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"bfdce570ccdc243818222c0f1481071f","sha1":"ff821e93d41c8cb9d44e0e20a0ec394d6192d2eb","sha256":"15de5ee05e3ac32a467655a4626c7da93d1a6390f8532a6d5c91e2ef6f0a6431","sha512":"3845a67d74fafda276a4959dba9bc176f07b1b69c849053e098f17971d36e18aaced8f6432d9ab65b5539f5333ff340de9f224c6db3c7e9a8fa62b16a5d5165c","ssdeep":"","tlshash":"2d41c6b360ae65264d5af6b229c46a94ac64c19a1a02ef4a386cab55732804d539ad08","size":2032,"data":"","first_seen":"2025-08-28T23:32:27.109849Z","last_seen":"2025-08-28T23:32:27.109849Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"561acb3e541133bbdd2c0c19f8ee35a1","sha1":"ffd1353cf3f77d25f801c84d8208613eb0d3d548","sha256":"9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc","sha512":"8a647ed6f56b4da93c7a034609060991cc8080350f057f4f2af2c369f18af066db3b4e77701fc017027fd774264a6d0f84927239d7d2f693edc6f7d6a0917be3","ssdeep":"1536:YjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h5cApwEjOPrBeU6QLiTFbc0QlQvakV:YYh8eip3hXuf6IidlrvakdtQ47GKl","tlshash":"f993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89492,"data":"","first_seen":"2023-03-07T01:04:00Z","last_seen":"2026-04-04T21:16:11.401734Z","times_seen":6516,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-L0T5W9VDY8","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8bf8264b16b85da418d86f75b6dc4e77","sha1":"ae15017e81b0fa038c4949a120f0cf991a5f4d4f","sha256":"89cad9fec6de2cc2df4b1b6e5c5b3331797f7136eb305c5af85641ab4d1d0676","sha512":"68d2a2aff8b6664173ece0118405f7d20c2199b5f3b5860dcd3adf49dd1a98cdb0857c6f791e88dce8eab5ecbcedc41f0f77e43821b06f68c7531f6ee94fd1c5","ssdeep":"6144:9mukOixgjXLgL52RZpq4UZeYHDSWvLwD1:IzO8gjMLHDZk","tlshash":"bb9419ce73d670269396f478503f018ba57b29a2b44dc899f189cce42e34a9a4177f7c","size":411941,"data":"","first_seen":"2025-08-28T23:32:27.097812Z","last_seen":"2025-08-28T23:32:27.097812Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gyanigurus.xyz/view/68b02595e0115","fqdn":"gyanigurus.xyz","domain":"gyanigurus.xyz","tld":"xyz"},"ip":{"addr":"172.67.208.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f2ffbab3585943847274f7054c5ce564","sha1":"cc16e983a05969216cb32f804a2893760d1ecdd5","sha256":"a52c0fc52cd0ce2fdbd186c28570e91038d079720eaaab27cf830bc63539aa0b","sha512":"0b69ed13a8d5e69bed68cb2b4e61874e14ae004985134ef6646bb4336ced0ecdf8abbd720a6c1d9704031594f0b9ba8b8e890acbe2011dad8124fccf86f6ffd1","ssdeep":"","tlshash":"23c02bf48004f3480265cc280c7cd1008730cc21247c402726e49826416848640e375c","size":140,"data":"","first_seen":"2025-08-28T23:32:27.11146Z","last_seen":"2025-08-28T23:32:27.11146Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl27302971.profitableratecpm.com/f2/08/de/f208de889065add07342893ddae508c3.js","fqdn":"pl27302971.profitableratecpm.com","domain":"profitableratecpm.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"aabb17699d61aadcf1c5bbb77294a141","sha1":"946a395392ab24b489d91f0aa8025db00e14a57a","sha256":"0f6a529b5944d7e188a52d935e013c8923b2af92f7384e16ad826f825e322700","sha512":"df0e6310d5103b3721236a70760d0c1711b04ef977f54e16bdc93e0133b1ca83de370efccbaf7fa6368fea4d4b4426ade90ba29038ebc4326a803bfed59c2751","ssdeep":"768:Y2bnYsmBoFqw648+QhS8u+Jcj/XcdNjN/mOdY08kUbTehzbcepwPf:Y2bnAx4x5O+jvcHdY0U3fX","tlshash":"5463c7483f51b27802e6b8fa712fa61af0265c0195d8e0d8f503f4deae66719f036f25","size":72606,"data":"","first_seen":"2025-08-28T23:32:27.101101Z","last_seen":"2025-08-28T23:32:27.101101Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c24e56701aefa7901bc38518d944671","sha1":"f932c231aae394464b799e319c0e91772c178f0e","sha256":"9ef619ff0cba18d5281b15709a0d8c1c3814806db7e60e711c90d677c2dfcbeb","sha512":"e66f4439846854b05a5b54157cd0ed04e39e2649ac04e940fa9d5195a37c6004504cf645b0c1a4bb9ba4a6a0ef9d4d932dbd70849765d6864867e30570b15e54","ssdeep":"","tlshash":"8f218b6a203907e8236bf072064565fdb527058b9c0b4217f22c1f892ee132712beab3","size":1271,"data":"","first_seen":"2025-08-28T23:32:27.113031Z","last_seen":"2025-08-28T23:32:27.113031Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c24e56701aefa7901bc38518d944671","sha1":"f932c231aae394464b799e319c0e91772c178f0e","sha256":"9ef619ff0cba18d5281b15709a0d8c1c3814806db7e60e711c90d677c2dfcbeb","sha512":"e66f4439846854b05a5b54157cd0ed04e39e2649ac04e940fa9d5195a37c6004504cf645b0c1a4bb9ba4a6a0ef9d4d932dbd70849765d6864867e30570b15e54","ssdeep":"","tlshash":"8f218b6a203907e8236bf072064565fdb527058b9c0b4217f22c1f892ee132712beab3","size":1271,"data":"","first_seen":"2025-08-28T23:32:27.113031Z","last_seen":"2025-08-28T23:32:27.113031Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gyanigurus.xyz/view/68b02595e0115","fqdn":"gyanigurus.xyz","domain":"gyanigurus.xyz","tld":"xyz"},"ip":{"addr":"172.67.208.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3763e38433159a5a42b779ab3c3311c8","sha1":"76c80253b504b4570fb9715bc02678ab8cdbe523","sha256":"2057768d8a1fe99addf70645864528293da14cde433df750ab32d7585d042148","sha512":"ffc5bd61e7c0b5607f714154f22b127b07c1856041e8aa0315abe2574d7a9a91bc67757bc12596b1623fa3e9db84a8a0ec14ac2638d3e625d84393c2c0b3fa29","ssdeep":"","tlshash":"da01bd977b7d2b6102ff622be44fdece313000190809770a1c7c41e025b9c94b0d66d6","size":763,"data":"","first_seen":"2025-08-28T23:32:27.114914Z","last_seen":"2025-09-04T19:44:13.320468Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/ccb80e59f1ca20bf9eb8dce51f7ad662/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca8d8d2f1af37602c43ab14195bda10a","sha1":"d1b2e43535c01bc04e985a5ae701b1b24586990d","sha256":"fa99c2bf9170b85323bff91e8d68b7d0e5773718b71f22b4909bdc7ec81775fc","sha512":"3ae1246ab0c0f23cbd04cd7814b0429b87990c4e0dbab88d3cfff29bffc0e5700f9bed6c3b517c7d52091db475b70626db564f2063fda7d92eb42c5999450b43","ssdeep":"768:WBdqYtc5vIm+3UJ0UhwlnYRkKgE43kRRwlEK8cQ/2BVHb:W/iIJEJDhwln/Kk3kRylEK8cLF","tlshash":"24e2e78c3f60b05817da303f732f970de9960c0aa894c549c06bb5ecb97c767e5769a8","size":34108,"data":"","first_seen":"2025-08-28T23:32:27.091578Z","last_seen":"2025-08-28T23:32:27.091578Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"561acb3e541133bbdd2c0c19f8ee35a1","sha1":"ffd1353cf3f77d25f801c84d8208613eb0d3d548","sha256":"9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc","sha512":"8a647ed6f56b4da93c7a034609060991cc8080350f057f4f2af2c369f18af066db3b4e77701fc017027fd774264a6d0f84927239d7d2f693edc6f7d6a0917be3","ssdeep":"1536:YjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h5cApwEjOPrBeU6QLiTFbc0QlQvakV:YYh8eip3hXuf6IidlrvakdtQ47GKl","tlshash":"f993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89492,"data":"","first_seen":"2023-03-07T01:04:00Z","last_seen":"2026-04-04T21:16:11.401734Z","times_seen":6516,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KJ7oWF7D%2BRMXBdMm7BkJW6xAzPEz3FdIAxzYPEmkGKjg6Yc5rnHvTqk1RVlFEqPb9xibmpFo0TnK9Xzodyk%2BgJUDb0S1hHhFDX0j6emo\"}]}\r\nage: 1780280\r\ncf-cache-status: HIT\r\netag: W/\"65aa8501-15d94\"\r\ncontent-encoding: br\r\ncf-ray: 97679afd1c5fb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89492,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"561acb3e541133bbdd2c0c19f8ee35a1","sha1":"ffd1353cf3f77d25f801c84d8208613eb0d3d548","sha256":"9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc","sha512":"8a647ed6f56b4da93c7a034609060991cc8080350f057f4f2af2c369f18af066db3b4e77701fc017027fd774264a6d0f84927239d7d2f693edc6f7d6a0917be3","ssdeep":"1536:YjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h5cApwEjOPrBeU6QLiTFbc0QlQvakV:YYh8eip3hXuf6IidlrvakdtQ47GKl","tlshash":"f993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:04:00Z","last_seen":"2026-04-04T21:16:11.401734Z","times_seen":6516,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.948Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/interstitial/bottom_banner/1/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa8501-d9f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HN%2B0tNc%2FSY6gXw76%2B8VbPRxt1bOavI4YuMGEggd2RMkJ%2B2mOnExKxqF7X0bJEskzw4E2spEl%2BTcAGyvBEIq75g0EkZGrFcLZIWeJMBvG\"}]}\r\ncf-ray: 97679afbfba3b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3487,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"f9f1955433320a3b43c5741f2bde9a3d","sha1":"3b70c2a57fad02833bf227d8b6a0391ac8b98432","sha256":"cbb99d697521db3b645225c1b50873e6aa8a39c91afcc7c8dd756746b8bf2645","sha512":"7a1022ad699c484dd3b7e5a870d01b8baa4a357f203d6dd73ddaa237bd1aa8d2cd5a599077c261dd6ea45cdaa685285aba8b844090fdef7fa0f0b9ecf4a70fda","ssdeep":"","tlshash":"7a710f863b7916047427d96a38112b5777198103aa4fdd74afd1381cceca38acaa33cf","first_seen":"2024-09-26T07:50:15Z","last_seen":"2026-01-25T21:57:17.035488Z","times_seen":2145,"resource_available":false,"data":null}},"time_used":587,"timings":{"blocked":46,"dns":20,"connect":1,"send":0,"wait":494,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y1B3UJzvAmnLOv3wp2pudqHyKvff%2B%2FXgg1CxNHOB7uiLExqVDBnska9oGWTzY9SFQ5xb2GF5e2NKKNqUm9Tt6IibBL9fTrVquvCjUcSL\"}]}\r\nage: 1780280\r\ncf-cache-status: HIT\r\netag: W/\"65aa8501-15d94\"\r\ncontent-encoding: br\r\ncf-ray: 97679afc7c0db4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89492,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"561acb3e541133bbdd2c0c19f8ee35a1","sha1":"ffd1353cf3f77d25f801c84d8208613eb0d3d548","sha256":"9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc","sha512":"8a647ed6f56b4da93c7a034609060991cc8080350f057f4f2af2c369f18af066db3b4e77701fc017027fd774264a6d0f84927239d7d2f693edc6f7d6a0917be3","ssdeep":"1536:YjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h5cApwEjOPrBeU6QLiTFbc0QlQvakV:YYh8eip3hXuf6IidlrvakdtQ47GKl","tlshash":"f993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:04:00Z","last_seen":"2026-04-04T21:16:11.401734Z","times_seen":6516,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/ren.gif?sid=H4sIAAAAAAAC_1RSTWgkRRitTnLSgxjFg6wwBw8KZtLT3TPp3j0sxjUSNiZhdyWIp-qu7kmZmq62qnt6MiAEA7LH8aZerLxJNrouy3r0IMjEW0BwPOWwuQhePQh7lp4MjPtBfz_9quC999WXR8UlcVHQi-0PZZ8LQZebdbv21g5PmSx1bfNerWHX7Ru1HZ62vBu1XpVU93rD9er227UP4mhPLjt2w7YbdqO2xlWcyN7yBAXPHgWNemDXPafeaHroqednXVjQ1ALrXpJFcDZ-6a_kE_BohLTz5Fas93KZvfN-pxA0lwpddvpRupfKMkVn1ibKQpKeTk9D6jEhX89BpqdTBZDd40oBQj4mc689RZieTmki7J5cMQ0F4hQhexFld4RYjMDpCJE8BGd_ECBi2NxC2nmwKVVJ969QWqFjsvDsX_ByTBaevoq083hV8F7trhRFzmWq0UsMeG8E3h4hK86Q9-fAyzNE-Rfg7Hey_GwDaed4SwsJzi7epEngrPguXUriqLHkuYwuBQn1liLP9x3X8RpeYE8s4skIVFsoqo9bKBILRWahwy5qnu17UYO6rSRg0YrtUc9jcWgHvmPbNIhWUEQV9wHybIBIDBCpA2TqAHt8AFX8Cr1roJkFnRN0mUEZE5SaoKQEJScoc4Kya06Y0I42D5jQRdiYVmdaXTOUefuInsi8HacEVA2gmDnm2Wf6EFE-P-wnmg1llWiYmyENmTnKLsnLla3Wd698j734opY4ts9i3w_sVpMyZq-4nuMHLmM0btp-5EJzA67nJmb0-ZhsLUpkfEwWH15HSM-gxRkifg20eAO0NKC7Bv30cXufprxdqELXe_t9MGmQ5QvI960jcUlen6z24_BzxNH5zZ-_qeJbRMogUwaf8t8I2uL-8I4syfEdWWry01aW8w7v02rtd3Oax_MPb8f7pVRs_ZYe_PBuVAFV--herPMNmjKetjX5cZUzFqs1qaKY_LKud-Jwu9C7q4VKi2xj-7219U6mYq25TEegfExeMNcQVfJ6y5Mn7RzcBlcjqMKgU5yTaSDKDqCzGXctCZSY4WFmoSzMUDnh7KfgBCKezTQ00P-bw1k_VLS6Tbk50vfRVhZofoi0Y9BVBl1hQMUAupgf5pk6v_mnOwmEwhqGQlnHoVDiqyuLNb-oNZ3Qbfl-K05aLHGZ67gsaNpx4NGg5QVeE7ke7z75-5__AgAA__9kdlzzsAQAAA==","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 21:51:30 GMT","end":"Tue, 25 Nov 2025 21:51:29 GMT"},"fingerprint":{"sha1":"1E:45:CB:7E:7C:E7:1E:08:73:0A:D3:08:B4:74:21:2F:CA:B6:15:9B","sha256":"54:F3:5A:C9:08:4C:76:26:F7:0E:BF:E0:3F:5B:38:DD:53:CF:95:81:0B:FC:C7:F9:6A:3E:9C:1A:6E:33:92:E0"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSTWgkRRitTnLSgxjFg6wwBw8KZtLT3TPp3j0sxjUSNiZhdyWIp-qu7kmZmq62qnt6MiAEA7LH8aZerLxJNrouy3r0IMjEW0BwPOWwuQhePQh7lp4MjPtBfz_9quC999WXR8UlcVHQi-0PZZ8LQZebdbv21g5PmSx1bfNerWHX7Ru1HZ62vBu1XpVU93rD9er227UP4mhPLjt2w7YbdqO2xlWcyN7yBAXPHgWNemDXPafeaHroqednXVjQ1ALrXpJFcDZ-6a_kE_BohLTz5Fas93KZvfN-pxA0lwpddvpRupfKMkVn1ibKQpKeTk9D6jEhX89BpqdTBZDd40oBQj4mc689RZieTmki7J5cMQ0F4hQhexFld4RYjMDpCJE8BGd_ECBi2NxC2nmwKVVJ969QWqFjsvDsX_ByTBaevoq083hV8F7trhRFzmWq0UsMeG8E3h4hK86Q9-fAyzNE-Rfg7Hey_GwDaed4SwsJzi7epEngrPguXUriqLHkuYwuBQn1liLP9x3X8RpeYE8s4skIVFsoqo9bKBILRWahwy5qnu17UYO6rSRg0YrtUc9jcWgHvmPbNIhWUEQV9wHybIBIDBCpA2TqAHt8AFX8Cr1roJkFnRN0mUEZE5SaoKQEJScoc4Kya06Y0I42D5jQRdiYVmdaXTOUefuInsi8HacEVA2gmDnm2Wf6EFE-P-wnmg1llWiYmyENmTnKLsnLla3Wd698j734opY4ts9i3w_sVpMyZq-4nuMHLmM0btp-5EJzA67nJmb0-ZhsLUpkfEwWH15HSM-gxRkifg20eAO0NKC7Bv30cXufprxdqELXe_t9MGmQ5QvI960jcUlen6z24_BzxNH5zZ-_qeJbRMogUwaf8t8I2uL-8I4syfEdWWry01aW8w7v02rtd3Oax_MPb8f7pVRs_ZYe_PBuVAFV--herPMNmjKetjX5cZUzFqs1qaKY_LKud-Jwu9C7q4VKi2xj-7219U6mYq25TEegfExeMNcQVfJ6y5Mn7RzcBlcjqMKgU5yTaSDKDqCzGXctCZSY4WFmoSzMUDnh7KfgBCKezTQ00P-bw1k_VLS6Tbk50vfRVhZofoi0Y9BVBl1hQMUAupgf5pk6v_mnOwmEwhqGQlnHoVDiqyuLNb-oNZ3Qbfl-K05aLHGZ67gsaNpx4NGg5QVeE7ke7z75-5__AgAA__9kdlzzsAQAAA== HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 28 Aug 2025 23:31:59 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 78865f49abc3db587287bf5cbf5b611b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/f7/2a/2f/f72a2f9cd8da6b8b2cba71728ff0cd46c2042d92a1146f4bde6c8c80b47afa4e.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/f7/2a/2f/f72a2f9cd8da6b8b2cba71728ff0cd46c2042d92a1146f4bde6c8c80b47afa4e.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 42244\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 16 Mar 2025 06:08:59 GMT\r\netag: \"67d66afb-a504\"\r\nexpires: Sat, 30 Aug 2025 23:32:00 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42244,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x400, components 3","md5":"b08838e9921f5e46e876edde7f4b8b2f","sha1":"1e2931abf7f953408765ed241362ccd575bf624b","sha256":"aa2ef5f350a7459d778c789ce9a254b67aa4b95f0e22fbc4613bab1c1a81ba9b","sha512":"fdebc4301da2a9182f40dfb0ae90714872d3364bded17ca81e6db27b4b7f5436f869cfe464cb1fabe7465b9759a1a5692bc606979dc2194251f42d2b1855afb6","ssdeep":"768:C5lq6Fwu+1Mnh7n/slfXc1QZAckOewFiORP0fcqTNM59qR8kw:iFwu+A7McWZNtewFhRP0fcaHw","tlshash":"e813f13cce290189db381bb021344dddf952e29fa06dced5e29ed16b38675d9d309319","first_seen":"2025-04-21T12:23:26.426639Z","last_seen":"2026-01-05T22:39:01.11752Z","times_seen":367,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fstyle.css\u0026l=3487\u0026fd=551","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fstyle.css\u0026l=3487\u0026fd=551 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:32:00 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":81,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:57.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 20 Jul 2025 17:08:10 GMT","end":"Sat, 18 Oct 2025 18:08:03 GMT"},"fingerprint":{"sha1":"66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC","sha256":"52:CD:3D:83:E5:5A:57:37:9F:D9:0B:EB:C3:EA:67:B7:4C:F1:74:93:B7:C9:E8:0B:E3:E8:CB:2E:7A:94:A2:78"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.2/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:31:58 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 18778\r\ncf-ray: 97679aef5c3a56ab-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"64cac444-495a\"\r\nlast-modified: Wed, 02 Aug 2023 21:01:56 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 67483\r\nexpires: Tue, 18 Aug 2026 23:31:57 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=8unYZ8SHFLt%2FpvDfiUELqDVgPMIdkn%2Fqn4S6yXw%2FPrdITdOYBwwYmkPJpiOu4gofhUzWQsZbhIxHISHqJUREFwUDvOySSRzMqeoqC9SvW9Z9rk0wdxc6aej802CC45kvOgA%2Fz59M\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":102217,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (52276)","md5":"5222e06b77a1692fa2520a219840e6be","sha1":"8b4236206a8b86af3761a244277663046d7ff7ee","sha256":"0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5","sha512":"cf780ba5def29277f562835b0b3a9129ce2aca8afc81a294d6a9a7f824a1c5bb81bac00d23d42946884606b7821642b12e17a2e92f424171446db2aea8b8340c","ssdeep":"1536:0wMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPGuuprrlCq:M709gMGFiyPGuuprlCq","tlshash":"09a3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-08-04T22:28:10Z","last_seen":"2026-04-04T23:49:19.484215Z","times_seen":36133,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":16,"dns":1,"connect":1,"send":0,"wait":22,"receive":1,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:58.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:31:58 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://gyanigurus.xyz\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=4de8dcb0-4f9f-4c4d-959e-b0b6904b1e67:2:1; expires=Sun, 26 Aug 2035 23:31:58 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"e60de0d12d096bd455e58a4e7355e62d","sha1":"8d050ba62aa293214704690eaf57db8cc43addd6","sha256":"c1980d5e254b026ee61bf25e710bd10c3b0d04253cbbe1c52a5361a5c8e41949","sha512":"3aed2a5f5dc0bcb839e5003c12224cae95efc59fe61577d0bc9f5dc53f466c060ed4e67e991bee81412616008061333427e0c879fc1bf1312519af0f2235c292","ssdeep":"","tlshash":"a390021596846d9165020009c2447c74a0e0c178419541080912907160608018510f61","first_seen":"2025-08-28T23:32:27.073032Z","last_seen":"2025-08-28T23:32:27.073032Z","times_seen":1,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":101,"dns":20,"connect":21,"send":0,"wait":21,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl27302971.profitableratecpm.com/f2/08/de/f208de889065add07342893ddae508c3.js","fqdn":"pl27302971.profitableratecpm.com","domain":"profitableratecpm.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:57.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"profitableratecpm.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 05 Aug 2025 22:12:52 GMT","end":"Mon, 03 Nov 2025 22:12:51 GMT"},"fingerprint":{"sha1":"54:C4:2C:62:9A:57:36:D6:32:A0:4D:90:BD:83:A7:77:B7:01:F1:29","sha256":"C0:C3:D1:A5:40:5D:2B:81:5B:71:DA:AD:EA:56:AF:E8:53:23:5F:E0:6D:AD:66:32:A6:69:17:4D:A2:EA:26:9D"}}},"request":{"raw":"GET /f2/08/de/f208de889065add07342893ddae508c3.js HTTP/1.1\r\nHost: pl27302971.profitableratecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:31:58 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 29345\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: pl27302971.profitableratecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a2ebe23ee105e4c15f8cd77c8a780435\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72612,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d5949547d7ab15a9b74a76f76ae8e5f7","sha1":"68e8c79de0d0cc5d9136eda1218f5629710e8508","sha256":"eb2b42714f3aac3f1b08322c1f37b097236838eb2af84edb2bc0f96c25cab5eb","sha512":"bbb18d27d1c851a5e174a8c27ee0ce7f24bcca5cb2f58e083cc0c4b1a54369f4da39638cd46483dae05e537c00a2c7bd7805eec3e3732dda95ce060e5f9fa232","ssdeep":"768:Y2bnYsmRoFqw648+QhS8u+Jcj/XcdNjN/mOdY08kUbTehzbcepwPf:Y2bnwx4x5O+jvcHdY0U3fX","tlshash":"8b63c7483f51b27802e6b8fa712fa61af0265c0195d8e4d8f503f4deae66719f036f25","first_seen":"2025-08-28T23:32:27.076171Z","last_seen":"2025-08-28T23:32:27.076171Z","times_seen":1,"resource_available":true,"data":null}},"time_used":924,"timings":{"blocked":347,"dns":26,"connect":108,"send":0,"wait":112,"receive":108,"ssl":219},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"pl27302971.profitableratecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/ren.gif?sid=H4sIAAAAAAAC_1RSTWgkRRitTnLSgxjFg6wwBw8KZtLT3TPp3j0sxjUSNiZhdyWIp-qu7kmZmq62qnt6MiAEA7LH8aZerLxJNrouy3r0IMjEW0BwPOWwuQhePQh7lp4MjPtBfz_9quC999WXR8UlcVHQi-0PZZ8LQZebdbv21g5PmSx1bfNerWHX7Ru1HZ62vBu1XpVU93rD9er227UP4mhPLjt2w7YbdqO2xlWcyN7yBAXPHgWNemDXPafeaHroqednXVjQ1ALrXpJFcDZ-6a_kE_BohLTz5Fas93KZvfN-pxA0lwpddvpRupfKMkVn1ibKQpKeTk9D6jEhX89BpqdTBZDd40oBQj4mc689RZieTmki7J5cMQ0F4hQhexFld4RYjMDpCJE8BGd_ECBi2NxC2nmwKVVJ969QWqFjsvDsX_ByTBaevoq083hV8F7trhRFzmWq0UsMeG8E3h4hK86Q9-fAyzNE-Rfg7Hey_GwDaed4SwsJzi7epEngrPguXUriqLHkuYwuBQn1liLP9x3X8RpeYE8s4skIVFsoqo9bKBILRWahwy5qnu17UYO6rSRg0YrtUc9jcWgHvmPbNIhWUEQV9wHybIBIDBCpA2TqAHt8AFX8Cr1roJkFnRN0mUEZE5SaoKQEJScoc4Kya06Y0I42D5jQRdiYVmdaXTOUefuInsi8HacEVA2gmDnm2Wf6EFE-P-wnmg1llWiYmyENmTnKLsnLla3Wd698j734opY4ts9i3w_sVpMyZq-4nuMHLmM0btp-5EJzA67nJmb0-ZhsLUpkfEwWH15HSM-gxRkifg20eAO0NKC7Bv30cXufprxdqELXe_t9MGmQ5QvI960jcUlen6z24_BzxNH5zZ-_qeJbRMogUwaf8t8I2uL-8I4syfEdWWry01aW8w7v02rtd3Oax_MPb8f7pVRs_ZYe_PBuVAFV--herPMNmjKetjX5cZUzFqs1qaKY_LKud-Jwu9C7q4VKi2xj-7219U6mYq25TEegfExeMNcQVfJ6y5Mn7RzcBlcjqMKgU5yTaSDKDqCzGXctCZSY4WFmoSzMUDnh7KfgBCKezTQ00P-bw1k_VLS6Tbk50vfRVhZofoi0Y9BVBl1hQMUAupgf5pk6v_mnOwmEwhqGQlnHoVDiqyuLNb-oNZ3Qbfl-K05aLHGZ67gsaNpx4NGg5QVeE7ke7z75-5__AgAA__9kdlzzsAQAAA==","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSTWgkRRitTnLSgxjFg6wwBw8KZtLT3TPp3j0sxjUSNiZhdyWIp-qu7kmZmq62qnt6MiAEA7LH8aZerLxJNrouy3r0IMjEW0BwPOWwuQhePQh7lp4MjPtBfz_9quC999WXR8UlcVHQi-0PZZ8LQZebdbv21g5PmSx1bfNerWHX7Ru1HZ62vBu1XpVU93rD9er227UP4mhPLjt2w7YbdqO2xlWcyN7yBAXPHgWNemDXPafeaHroqednXVjQ1ALrXpJFcDZ-6a_kE_BohLTz5Fas93KZvfN-pxA0lwpddvpRupfKMkVn1ibKQpKeTk9D6jEhX89BpqdTBZDd40oBQj4mc689RZieTmki7J5cMQ0F4hQhexFld4RYjMDpCJE8BGd_ECBi2NxC2nmwKVVJ969QWqFjsvDsX_ByTBaevoq083hV8F7trhRFzmWq0UsMeG8E3h4hK86Q9-fAyzNE-Rfg7Hey_GwDaed4SwsJzi7epEngrPguXUriqLHkuYwuBQn1liLP9x3X8RpeYE8s4skIVFsoqo9bKBILRWahwy5qnu17UYO6rSRg0YrtUc9jcWgHvmPbNIhWUEQV9wHybIBIDBCpA2TqAHt8AFX8Cr1roJkFnRN0mUEZE5SaoKQEJScoc4Kya06Y0I42D5jQRdiYVmdaXTOUefuInsi8HacEVA2gmDnm2Wf6EFE-P-wnmg1llWiYmyENmTnKLsnLla3Wd698j734opY4ts9i3w_sVpMyZq-4nuMHLmM0btp-5EJzA67nJmb0-ZhsLUpkfEwWH15HSM-gxRkifg20eAO0NKC7Bv30cXufprxdqELXe_t9MGmQ5QvI960jcUlen6z24_BzxNH5zZ-_qeJbRMogUwaf8t8I2uL-8I4syfEdWWry01aW8w7v02rtd3Oax_MPb8f7pVRs_ZYe_PBuVAFV--herPMNmjKetjX5cZUzFqs1qaKY_LKud-Jwu9C7q4VKi2xj-7219U6mYq25TEegfExeMNcQVfJ6y5Mn7RzcBlcjqMKgU5yTaSDKDqCzGXctCZSY4WFmoSzMUDnh7KfgBCKezTQ00P-bw1k_VLS6Tbk50vfRVhZofoi0Y9BVBl1hQMUAupgf5pk6v_mnOwmEwhqGQlnHoVDiqyuLNb-oNZ3Qbfl-K05aLHGZ67gsaNpx4NGg5QVeE7ke7z75-5__AgAA__9kdlzzsAQAAA== HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:31:59 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a8f99466d0cf324761e9331798fc49b8\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/impr.gif?sid=H4sIAAAAAAAC_1RST2gkxRutzu7p9zuIq3iQFebgQcFM-l-Snt3DYlwjYWMSdleCeKquqp6U6elqq7qnJwNCMCB7HG_qxcqbZKPrsqxHD4JMvAUEx1MOm4vg1YOwZ-nJwOgH_f3pVwXvva8-PywvSICSnm-9r_oyTenCYtNtvLEtM64q09i43_DcpnuzsS2zpfBmo1cn3b3hBWHTfbPxnmC7asF3Pdf1XK-xKrVIVG9hgkLmj1tes-U2Q7_pLYbo6f_OpnRgqAPevSDXIPn4hT-SjyDZCFnn6W1hdguVv_Vup0xpoTS6_OSDbDdTVYbOrE20gyQ7mZ6GMmNCvpyDyk6mCqC6R7UCxHJM5l55hjg7mdJE3D2-ZBqnEBli_n9U3RFEOoKkIzB1AMl_IwDj2NhE1nm4oXRF9y5RWqNjcvX535DVmFx99jKyzpOVVPYa91RaFlJlBr3EQvZGkO0R8vIURX8OsjoFKz6D5L-ShefryDpHmyZVkPz8dZq0_OUooPOJYN58GHA630poOM_CKPIDP_TCljuxSCYjUOOgrD_poEwclLmDDj9vhG4UMo8GS0mLs2U3pGHIRey2It91aYsto2Q19wGKfACWDsD0PnK9j105gC5_htmxMNyBKQi63KISBJUhqChBJQmqgqDq2mOeGt_Yhzw1ZexNqz-tgR2qon1Ij1XRFhkB1QNobo9k_ok5ACuuDPuJ4UNVJxoXdkhjbg_zC_JibavzzUvfYlecNxLfjbiIopa7tEg5d5eD0I9aAedULLoRC2CkhTRzEzP6ckw2rynkckyuPbqBmJ7CpKdg8jpo-RpoZUF3LPrZk_YezWS71KVp9vb64MoiL66i2HMO0wvy6mS1H8afQrCzWz9-VcfXYNoi1xYfy18I2umD4V1VkaO7qjLkh828kB3Zp_Xa7xW0EFce3RF7ldJ87bYZfPc2q4G6fXxfmGKdZlxmbUO-X5GcC72qNBPkpzWzLeKt0uyslDor8_Wtd1bXOrkWxkiVjUDlmPzPXger5fUWJk_a378DqUfQpUWnPCPTAMv3YfIZd6MIdDrD49xBVdqh9uPZz1QSpGI209jC_GuOZ_1Q0_o2lfbQPEBbO6DFAbKORVdbdFMLmg5gyivDItdnt34PJoE4dYZxqp2jONXpF5cWG3neSALhM9eNlpe8IEqEF4ScJYtR2OJL1A0CgcKMd57--dc_AQAA__-YHswtsAQAAA==","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:01.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RST2gkxRutzu7p9zuIq3iQFebgQcFM-l-Snt3DYlwjYWMSdleCeKquqp6U6elqq7qnJwNCMCB7HG_qxcqbZKPrsqxHD4JMvAUEx1MOm4vg1YOwZ-nJwOgH_f3pVwXvva8-PywvSICSnm-9r_oyTenCYtNtvLEtM64q09i43_DcpnuzsS2zpfBmo1cn3b3hBWHTfbPxnmC7asF3Pdf1XK-xKrVIVG9hgkLmj1tes-U2Q7_pLYbo6f_OpnRgqAPevSDXIPn4hT-SjyDZCFnn6W1hdguVv_Vup0xpoTS6_OSDbDdTVYbOrE20gyQ7mZ6GMmNCvpyDyk6mCqC6R7UCxHJM5l55hjg7mdJE3D2-ZBqnEBli_n9U3RFEOoKkIzB1AMl_IwDj2NhE1nm4oXRF9y5RWqNjcvX535DVmFx99jKyzpOVVPYa91RaFlJlBr3EQvZGkO0R8vIURX8OsjoFKz6D5L-ShefryDpHmyZVkPz8dZq0_OUooPOJYN58GHA630poOM_CKPIDP_TCljuxSCYjUOOgrD_poEwclLmDDj9vhG4UMo8GS0mLs2U3pGHIRey2It91aYsto2Q19wGKfACWDsD0PnK9j105gC5_htmxMNyBKQi63KISBJUhqChBJQmqgqDq2mOeGt_Yhzw1ZexNqz-tgR2qon1Ij1XRFhkB1QNobo9k_ok5ACuuDPuJ4UNVJxoXdkhjbg_zC_JibavzzUvfYlecNxLfjbiIopa7tEg5d5eD0I9aAedULLoRC2CkhTRzEzP6ckw2rynkckyuPbqBmJ7CpKdg8jpo-RpoZUF3LPrZk_YezWS71KVp9vb64MoiL66i2HMO0wvy6mS1H8afQrCzWz9-VcfXYNoi1xYfy18I2umD4V1VkaO7qjLkh828kB3Zp_Xa7xW0EFce3RF7ldJ87bYZfPc2q4G6fXxfmGKdZlxmbUO-X5GcC72qNBPkpzWzLeKt0uyslDor8_Wtd1bXOrkWxkiVjUDlmPzPXger5fUWJk_a378DqUfQpUWnPCPTAMv3YfIZd6MIdDrD49xBVdqh9uPZz1QSpGI209jC_GuOZ_1Q0_o2lfbQPEBbO6DFAbKORVdbdFMLmg5gyivDItdnt34PJoE4dYZxqp2jONXpF5cWG3neSALhM9eNlpe8IEqEF4ScJYtR2OJL1A0CgcKMd57--dc_AQAA__-YHswtsAQAAA== HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:32:01 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 62f417f5416f4c7a14608b3620737cff\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbs?c=1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:01.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:32:01 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/sbar.json?key=f208de889065add07342893ddae508c3\u0026uuid=af92783a-fec1-43da-9fa4-c48823241490%3A1%3A1","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 21:51:30 GMT","end":"Tue, 25 Nov 2025 21:51:29 GMT"},"fingerprint":{"sha1":"1E:45:CB:7E:7C:E7:1E:08:73:0A:D3:08:B4:74:21:2F:CA:B6:15:9B","sha256":"54:F3:5A:C9:08:4C:76:26:F7:0E:BF:E0:3F:5B:38:DD:53:CF:95:81:0B:FC:C7:F9:6A:3E:9C:1A:6E:33:92:E0"}}},"request":{"raw":"GET /sbar.json?key=f208de889065add07342893ddae508c3\u0026uuid=af92783a-fec1-43da-9fa4-c48823241490%3A1%3A1 HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 28 Aug 2025 23:31:59 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4815\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://gyanigurus.xyz\r\nAccess-Control-Allow-Credentials: true\r\nVary: Accept-Encoding\r\nSet-Cookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; expires=Thu, 04 Sep 2025 23:31:59 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nu_pl27202472=1; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nslecf208de889065add07342893ddae508c3=[5857917]; expires=Thu, 28 Aug 2025 23:32:04 GMT; path=/; secure; SameSite=None\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6b9aeb2b5c47b91866543442b5f15467\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6185,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"79ff234b90e10d55eb7471b8a0efc5e0","sha1":"f85c6b8a1f05b2db0e0a7d008e74bc7356431916","sha256":"61a7a64a50b6f7ce167dd1a77c5cc16fbf03b35476ad77e5dffa72a447e18da2","sha512":"b23d366b9fd258d74da8f5fbc115b334c9af82b2c1dc07b3d62acf8e24e4b929a84b8c1d51ccc359f3867bba0e316af778384cc2bd1e93b86810d7fc52c2aeff","ssdeep":"192:9zEtWQISJo+w9r6G+JsbD8Hi/IoZYDyNIuOnL:9zEtKbr6AbAHCzZYDYIdL","tlshash":"9fd18c7a104215c60bceccbcb3437d86ec4a5c5aa220fdeb831395bdb029b511b0923e","first_seen":"2025-08-28T23:32:27.078916Z","last_seen":"2025-08-28T23:32:27.078916Z","times_seen":1,"resource_available":false,"data":null}},"time_used":887,"timings":{"blocked":293,"dns":14,"connect":91,"send":0,"wait":300,"receive":1,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/sbar.json?key=f208de889065add07342893ddae508c3\u0026uuid=af92783a-fec1-43da-9fa4-c48823241490%3A1%3A1","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /sbar.json?key=f208de889065add07342893ddae508c3\u0026uuid=af92783a-fec1-43da-9fa4-c48823241490%3A1%3A1 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:31:59 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4815\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://gyanigurus.xyz\r\nAccess-Control-Allow-Credentials: true\r\nVary: Accept-Encoding\r\nSet-Cookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; expires=Thu, 04 Sep 2025 23:31:59 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nu_pl27202472=1; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nslecf208de889065add07342893ddae508c3=[5857917]; expires=Thu, 28 Aug 2025 23:32:04 GMT; path=/; secure; SameSite=None\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f4dd4083bcef3d5ab32b5e0bbbc06398\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6185,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"79ff234b90e10d55eb7471b8a0efc5e0","sha1":"f85c6b8a1f05b2db0e0a7d008e74bc7356431916","sha256":"61a7a64a50b6f7ce167dd1a77c5cc16fbf03b35476ad77e5dffa72a447e18da2","sha512":"b23d366b9fd258d74da8f5fbc115b334c9af82b2c1dc07b3d62acf8e24e4b929a84b8c1d51ccc359f3867bba0e316af778384cc2bd1e93b86810d7fc52c2aeff","ssdeep":"192:9zEtWQISJo+w9r6G+JsbD8Hi/IoZYDyNIuOnL:9zEtKbr6AbAHCzZYDYIdL","tlshash":"9fd18c7a104215c60bceccbcb3437d86ec4a5c5aa220fdeb831395bdb029b511b0923e","first_seen":"2025-08-28T23:32:27.078916Z","last_seen":"2025-08-28T23:32:27.078916Z","times_seen":1,"resource_available":false,"data":null}},"time_used":896,"timings":{"blocked":288,"dns":2,"connect":92,"send":0,"wait":320,"receive":0,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:58.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:11:38 GMT","end":"Mon, 29 Sep 2025 15:11:37 GMT"},"fingerprint":{"sha1":"F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3","sha256":"D8:C9:87:B5:89:5E:D4:F4:8D:FD:98:3C:31:39:42:67:D3:20:27:14:A9:AD:F2:AB:97:A4:48:0F:94:F0:FF:A2"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 28 Aug 2025 23:31:58 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 99d0af7e1a8e0e5bcc41db65b1f57d8b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":53,"dns":1,"connect":17,"send":0,"wait":25,"receive":19,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:01.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 22 Aug 2025 08:13:09 GMT\r\nexpires: Sat, 22 Aug 2026 08:13:09 GMT\r\ncache-control: public, max-age=31536000\r\nage: 573532\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T00:47:01.514929Z","times_seen":715573,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gyanigurus.xyz/favicon.ico","fqdn":"gyanigurus.xyz","domain":"gyanigurus.xyz","tld":"xyz"},"ip":{"addr":"172.67.208.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:58.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gyanigurus.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 30 Jul 2025 06:23:17 GMT","end":"Tue, 28 Oct 2025 07:21:04 GMT"},"fingerprint":{"sha1":"6F:7D:01:8E:71:02:DE:AB:78:B2:56:6C:B9:71:0D:BA:FA:1E:E0:F3","sha256":"86:4E:9E:51:59:DD:3C:41:24:A3:DF:EA:E8:D6:51:DD:D3:71:64:E8:87:03:B9:D0:A7:66:9D:C5:D7:45:91:08"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gyanigurus.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/view/68b02595e0115\r\nCookie: XSRF-TOKEN=eyJpdiI6Ijh5WWFuRWpBam81ZmVaV3BtL1BjaHc9PSIsInZhbHVlIjoiR2xTRG1IZHc2b1kxVW5tQlZtVzRmVHNXYVZybzFpY052Q0RGVExHbit1a2gvS1JrOG16OVdxUk9OVGloYWhHWGdYZ2NhZjFvb0FFaGtmMGVmOXJzZEZpcHRYcEdjazlleG1Qd1Rub0RWd0hOeXdkVEorRGJGZGtmbkpwbXVkVEkiLCJtYWMiOiI2MTJhOWYxZmY2ZDQ1MjNkNzY1YjFhZWE0NzYxZjlkMjc2YTJlYzkzY2I1MjRlMzBhMzE1MDZhODk4YjVjZTg3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitDbHM5RHgzT2djNk56ZkxNMGM3d1E9PSIsInZhbHVlIjoiYkoybElQbnpta1ZsYUIyZi9hTjBUVmZoZldZeHd1K3p1Uk5ob1dFNUplS1FGdkpZaWJtMHFxVWMwVUMwNDJSUzQ2SnVFU3dmWXRHRVQyNFZEMmJWSkNSZTVkMWhsUzlpNmlkZnNYR3VUN1BITlRsR2k1VzFxejFqNlZmcVVvU2ciLCJtYWMiOiIzZThjNGQ0MDQ5Y2IzZGU2NTE4ZDg3ZDExNWJiZDhkMTZkZjNlNzQ5NTliZjRlNmFiYTUwYzhkZGU5NjMzOTNkIiwidGFnIjoiIn0%3D; _ga_L0T5W9VDY8=GS2.1.s1756423918$o1$g0$t1756423918$j60$l0$h0; _ga=GA1.1.1478818417.1756423918; dom3ic8zudi28v8lr6fgphwffqoz0j6c=af92783a-fec1-43da-9fa4-c48823241490%3A1%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 28 Aug 2025 23:31:58 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=JHBS%2BA8JdgvoACtO2TGPPkUAWYivyrNICf6uanBb4FPnWA1QPJw%2FWy0uEAYwQVMfQfqwgGi%2FblwoBnTK95601kBkTsnpuZ%2B9V%2Fk%2F6uYnVCHsP6A7DDDJDCN0ogP7vVPgug%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\ncf-ray: 97679af54bad56b5-OSL\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 30 Aug 2025 00:40:12 GMT\r\nlast-modified: Mon, 17 Mar 2025 07:44:58 GMT\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 514306\r\ncf-cache-status: HIT\r\ncontent-length: 0\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=2705\u0026min_rtt=590\u0026rtt_var=2117\u0026sent=137\u0026recv=205\u0026lost=0\u0026retrans=0\u0026sent_bytes=11930\u0026recv_bytes=12164\u0026delivery_rate=540842\u0026ipace=0\u0026icwnd=12000\u0026ss_exit_cwnd=14912\u0026ss_exit_reason=2\u0026cwnd=14000\u0026unsent_bytes=0\u0026cid=cc84dd4a54ba960b\u0026ts=1174\u0026inflight_dur=56\u0026x=40\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:58.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:31:58 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://gyanigurus.xyz\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; expires=Sun, 26 Aug 2035 23:31:58 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"6bc8fbe68cba3922b8f10f49e9774342","sha1":"7a56632036857283b6d67aa6bd9b881b750021fc","sha256":"cb68943173c14e84e5b9a99e5e7a74865b50d7305023948f78d5182376f0162f","sha512":"edb8b757186160d27cfcbfdad0141eab2c96bb98c06190f2b79263d9ebae265107a5b0e37ecf2439b87bb69b6344b5c51224c650b280688d588302ddf8cfada1","ssdeep":"","tlshash":"d09000bc23003230aec3b0aeb0a8800200ce082b03c3032033a2cf203a338020338a33","first_seen":"2025-08-28T23:32:27.083241Z","last_seen":"2025-08-28T23:32:27.083241Z","times_seen":1,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.174Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/interstitial/bottom_banner/1/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6fPOHWjusxRC8Z8O1Aog3qArqDRMiT2UHfe9MyocmbapBrSyXpsfuvtEMGDTQe2YUuCzuQLghiB2fgKPLRTJ2QM6yjle8XK1OSnCED%2Bo\"}]}\r\nage: 1780280\r\ncf-cache-status: HIT\r\netag: W/\"65aa8501-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 97679afd0c59b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-04-04T23:05:44.782676Z","times_seen":8755,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/f7/2a/2f/f72a2f9cd8da6b8b2cba71728ff0cd46c2042d92a1146f4bde6c8c80b47afa4e.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/f7/2a/2f/f72a2f9cd8da6b8b2cba71728ff0cd46c2042d92a1146f4bde6c8c80b47afa4e.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 42244\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 16 Mar 2025 06:08:59 GMT\r\netag: \"67d66afb-a504\"\r\nexpires: Sat, 30 Aug 2025 23:32:00 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42244,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x400, components 3","md5":"b08838e9921f5e46e876edde7f4b8b2f","sha1":"1e2931abf7f953408765ed241362ccd575bf624b","sha256":"aa2ef5f350a7459d778c789ce9a254b67aa4b95f0e22fbc4613bab1c1a81ba9b","sha512":"fdebc4301da2a9182f40dfb0ae90714872d3364bded17ca81e6db27b4b7f5436f869cfe464cb1fabe7465b9759a1a5692bc606979dc2194251f42d2b1855afb6","ssdeep":"768:C5lq6Fwu+1Mnh7n/slfXc1QZAckOewFiORP0fcqTNM59qR8kw:iFwu+A7McWZNtewFhRP0fcaHw","tlshash":"e813f13cce290189db381bb021344dddf952e29fa06dced5e29ed16b38675d9d309319","first_seen":"2025-04-21T12:23:26.426639Z","last_seen":"2026-01-05T22:39:01.11752Z","times_seen":367,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/78/74/fd/7874fd62186fc577273fa59756d17076/1744381737.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/au/78/74/fd/7874fd62186fc577273fa59756d17076/1744381737.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 11 Apr 2025 14:28:57 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TA4uAL7KzxJXkOQQ3TGN04ASqAPP2wu%2FVGo5MwwG%2BjmfHw9iYtCR38fLH6rj9VYLq%2BmYs3mxVnTrcWc%2F5eBufE2JDdcWW0OQwisXIUY%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 97679afb693e56ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1544,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"972f68410d9349904f897739b33e12cc","sha1":"e41130dbad60e81ad2665bb7407a50888aae8150","sha256":"90c062931018d386488b555fd261405457f9744db31512ff5780d49769d7b0d0","sha512":"905ef97b48b163e2ff2d28316f462ab1db0bdc05df312811c5e24ecb8614424d74f64a88fe31849fc9dd3515bf1d681b136df27aac8b27fc61c07cbda05dd12e","ssdeep":"","tlshash":"eb31f4251df9c9720182a0957b312f2baa91ea47cc8b560133fc4e948feaed9cd5310b","first_seen":"2023-12-18T02:06:40Z","last_seen":"2026-01-25T21:57:17.058603Z","times_seen":2175,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/interstitial/bottom_banner/1/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa8501-d9f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uFQPBE6Iy2EXENIV5QCzhuKuJXZgY25Ojr02f8vpEfjL3SJc82hM0BXilXOtbis1O28oTrz8Z1tJqEFWYT%2BjTV%2FlSVCZMyvT6GaKrdbW\"}]}\r\ncf-ray: 97679afc4bf2b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3487,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"f9f1955433320a3b43c5741f2bde9a3d","sha1":"3b70c2a57fad02833bf227d8b6a0391ac8b98432","sha256":"cbb99d697521db3b645225c1b50873e6aa8a39c91afcc7c8dd756746b8bf2645","sha512":"7a1022ad699c484dd3b7e5a870d01b8baa4a357f203d6dd73ddaa237bd1aa8d2cd5a599077c261dd6ea45cdaa685285aba8b844090fdef7fa0f0b9ecf4a70fda","ssdeep":"","tlshash":"7a710f863b7916047427d96a38112b5777198103aa4fdd74afd1381cceca38acaa33cf","first_seen":"2024-09-26T07:50:15Z","last_seen":"2026-01-25T21:57:17.035488Z","times_seen":2145,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":436,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/pixel/sbs?c=1","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 21:51:30 GMT","end":"Tue, 25 Nov 2025 21:51:29 GMT"},"fingerprint":{"sha1":"1E:45:CB:7E:7C:E7:1E:08:73:0A:D3:08:B4:74:21:2F:CA:B6:15:9B","sha256":"54:F3:5A:C9:08:4C:76:26:F7:0E:BF:E0:3F:5B:38:DD:53:CF:95:81:0B:FC:C7:F9:6A:3E:9C:1A:6E:33:92:E0"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 28 Aug 2025 23:32:01 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":655,"timings":{"blocked":280,"dns":1,"connect":93,"send":0,"wait":93,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:58.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:11:38 GMT","end":"Mon, 29 Sep 2025 15:11:37 GMT"},"fingerprint":{"sha1":"F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3","sha256":"D8:C9:87:B5:89:5E:D4:F4:8D:FD:98:3C:31:39:42:67:D3:20:27:14:A9:AD:F2:AB:97:A4:48:0F:94:F0:FF:A2"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 28 Aug 2025 23:31:58 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6f297cacb56236c7fa9129e1c6b56aab\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.1219725909369.js?dev=e\u0026key=ccb80e59f1ca20bf9eb8dce51f7ad662\u0026kw=%5B%22the%22%2C%22importance%22%2C%22of%22%2C%22daily%22%2C%22exercise%22%5D\u0026pst=1756423979\u0026rb=\u0026refer=https%3A%2F%2Fgyanigurus.xyz%2Fview%2F68b02595e0115\u0026res=14.3095\u0026rmtc=t\u0026shu=5cfd6305f43a562af4d7e06ff04e4a519d24ed1463c0d7bc37d83bf18600eeafe33835b2e4541801be1ce7284098a6b86e6d34ff232cb38985d0ebc86738efc589dd49d64a80c78660bc030f8f72e28f8bb8b3adfaa787cf6a9b\u0026tz=0\u0026uuid=4de8dcb0-4f9f-4c4d-959e-b0b6904b1e67%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 21:34:59 GMT","end":"Tue, 25 Nov 2025 21:34:58 GMT"},"fingerprint":{"sha1":"E4:24:47:01:B7:F3:A1:0B:CF:EA:36:36:30:C1:21:5D:9E:A1:7B:BE","sha256":"EE:DD:A9:31:87:F8:15:E5:A4:69:BA:E8:17:29:F1:0D:59:DC:1E:48:E2:EB:2F:1D:FE:D6:5C:C0:5F:03:5B:01"}}},"request":{"raw":"GET /watch.1219725909369.js?dev=e\u0026key=ccb80e59f1ca20bf9eb8dce51f7ad662\u0026kw=%5B%22the%22%2C%22importance%22%2C%22of%22%2C%22daily%22%2C%22exercise%22%5D\u0026pst=1756423979\u0026rb=\u0026refer=https%3A%2F%2Fgyanigurus.xyz%2Fview%2F68b02595e0115\u0026res=14.3095\u0026rmtc=t\u0026shu=5cfd6305f43a562af4d7e06ff04e4a519d24ed1463c0d7bc37d83bf18600eeafe33835b2e4541801be1ce7284098a6b86e6d34ff232cb38985d0ebc86738efc589dd49d64a80c78660bc030f8f72e28f8bb8b3adfaa787cf6a9b\u0026tz=0\u0026uuid=4de8dcb0-4f9f-4c4d-959e-b0b6904b1e67%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nReferer: https://gyanigurus.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzQyMzI5MSwiayI6ImNjYjgwZTU5ZjFjYTIwYmY5ZWI4ZGNlNTFmN2FkNjYyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MTgyMDYzLCJwaWQiOjEyMjMyMjYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6NSwicHQiOjQsInBrIjoicTZoYzMxYnRoIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2d5YW5pZ3VydXMueHl6L3ZpZXcvNjhiMDI1OTVlMDExNSIsImFyIjpbXX19.CTsUpK7VuXmxjWZPIGcPsJmAwrcQWKchP0Ii2zwPsrA\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:31:59 GMT\r\nContent-Type: text/html\r\nContent-Length: 2269\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://gyanigurus.xyz\r\nAccess-Control-Allow-Credentials: true\r\nVary: Accept-Encoding\r\nSet-Cookie: uid_id2=4de8dcb0-4f9f-4c4d-959e-b0b6904b1e67:2:1; expires=Thu, 04 Sep 2025 23:31:59 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\npdhtkv5=true; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nuncs5=1; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\nu_pl27423291=1; expires=Fri, 29 Aug 2025 23:31:59 GMT; path=/; secure; SameSite=None\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 19d33013b8d4e08653bc282a52530c0c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4808,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3932)","md5":"529849132bb966a2da41bd83b77aed00","sha1":"fbdc9abcb9c8e1433456b4c8751dac219d28802d","sha256":"89bbcf81af3b8acd09735f83f8d7a007edf8318b2be07e9d921f1f1162ff96b3","sha512":"70a57b94a83b495ebd9e5f9989c45359bda0ce4fad39376822d7f513be031dc6c5e35e81bfe0c3d648099593c7e293c6df23ef88cd7a6fe33e03a58e2d9efd78","ssdeep":"96:LozXGizROlD5rVb0nJCAS69nROlD5rVb0nJCAy1/DeCfMEDaH:8zLY5rVrArrY5rVrAWbeCkCaH","tlshash":"26a10af25dead12d581af0bf38a556486c70c14f2602ff0a3dacfb16ab3815c4699e5c","first_seen":"2025-08-28T23:32:27.087298Z","last_seen":"2025-08-28T23:32:27.087298Z","times_seen":1,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":108,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rashcolonizeexpand.com/impr.gif?sid=H4sIAAAAAAAC_1RST2gkxRutzu7p9zuIq3iQFebgQcFM-l-Snt3DYlwjYWMSdleCeKquqp6U6elqq7qnJwNCMCB7HG_qxcqbZKPrsqxHD4JMvAUEx1MOm4vg1YOwZ-nJwOgH_f3pVwXvva8-PywvSICSnm-9r_oyTenCYtNtvLEtM64q09i43_DcpnuzsS2zpfBmo1cn3b3hBWHTfbPxnmC7asF3Pdf1XK-xKrVIVG9hgkLmj1tes-U2Q7_pLYbo6f_OpnRgqAPevSDXIPn4hT-SjyDZCFnn6W1hdguVv_Vup0xpoTS6_OSDbDdTVYbOrE20gyQ7mZ6GMmNCvpyDyk6mCqC6R7UCxHJM5l55hjg7mdJE3D2-ZBqnEBli_n9U3RFEOoKkIzB1AMl_IwDj2NhE1nm4oXRF9y5RWqNjcvX535DVmFx99jKyzpOVVPYa91RaFlJlBr3EQvZGkO0R8vIURX8OsjoFKz6D5L-ShefryDpHmyZVkPz8dZq0_OUooPOJYN58GHA630poOM_CKPIDP_TCljuxSCYjUOOgrD_poEwclLmDDj9vhG4UMo8GS0mLs2U3pGHIRey2It91aYsto2Q19wGKfACWDsD0PnK9j105gC5_htmxMNyBKQi63KISBJUhqChBJQmqgqDq2mOeGt_Yhzw1ZexNqz-tgR2qon1Ij1XRFhkB1QNobo9k_ok5ACuuDPuJ4UNVJxoXdkhjbg_zC_JibavzzUvfYlecNxLfjbiIopa7tEg5d5eD0I9aAedULLoRC2CkhTRzEzP6ckw2rynkckyuPbqBmJ7CpKdg8jpo-RpoZUF3LPrZk_YezWS71KVp9vb64MoiL66i2HMO0wvy6mS1H8afQrCzWz9-VcfXYNoi1xYfy18I2umD4V1VkaO7qjLkh828kB3Zp_Xa7xW0EFce3RF7ldJ87bYZfPc2q4G6fXxfmGKdZlxmbUO-X5GcC72qNBPkpzWzLeKt0uyslDor8_Wtd1bXOrkWxkiVjUDlmPzPXger5fUWJk_a378DqUfQpUWnPCPTAMv3YfIZd6MIdDrD49xBVdqh9uPZz1QSpGI209jC_GuOZ_1Q0_o2lfbQPEBbO6DFAbKORVdbdFMLmg5gyivDItdnt34PJoE4dYZxqp2jONXpF5cWG3neSALhM9eNlpe8IEqEF4ScJYtR2OJL1A0CgcKMd57--dc_AQAA__-YHswtsAQAAA==","fqdn":"rashcolonizeexpand.com","domain":"rashcolonizeexpand.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rashcolonizeexpand.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 21:51:30 GMT","end":"Tue, 25 Nov 2025 21:51:29 GMT"},"fingerprint":{"sha1":"1E:45:CB:7E:7C:E7:1E:08:73:0A:D3:08:B4:74:21:2F:CA:B6:15:9B","sha256":"54:F3:5A:C9:08:4C:76:26:F7:0E:BF:E0:3F:5B:38:DD:53:CF:95:81:0B:FC:C7:F9:6A:3E:9C:1A:6E:33:92:E0"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RST2gkxRutzu7p9zuIq3iQFebgQcFM-l-Snt3DYlwjYWMSdleCeKquqp6U6elqq7qnJwNCMCB7HG_qxcqbZKPrsqxHD4JMvAUEx1MOm4vg1YOwZ-nJwOgH_f3pVwXvva8-PywvSICSnm-9r_oyTenCYtNtvLEtM64q09i43_DcpnuzsS2zpfBmo1cn3b3hBWHTfbPxnmC7asF3Pdf1XK-xKrVIVG9hgkLmj1tes-U2Q7_pLYbo6f_OpnRgqAPevSDXIPn4hT-SjyDZCFnn6W1hdguVv_Vup0xpoTS6_OSDbDdTVYbOrE20gyQ7mZ6GMmNCvpyDyk6mCqC6R7UCxHJM5l55hjg7mdJE3D2-ZBqnEBli_n9U3RFEOoKkIzB1AMl_IwDj2NhE1nm4oXRF9y5RWqNjcvX535DVmFx99jKyzpOVVPYa91RaFlJlBr3EQvZGkO0R8vIURX8OsjoFKz6D5L-ShefryDpHmyZVkPz8dZq0_OUooPOJYN58GHA630poOM_CKPIDP_TCljuxSCYjUOOgrD_poEwclLmDDj9vhG4UMo8GS0mLs2U3pGHIRey2It91aYsto2Q19wGKfACWDsD0PnK9j105gC5_htmxMNyBKQi63KISBJUhqChBJQmqgqDq2mOeGt_Yhzw1ZexNqz-tgR2qon1Ij1XRFhkB1QNobo9k_ok5ACuuDPuJ4UNVJxoXdkhjbg_zC_JibavzzUvfYlecNxLfjbiIopa7tEg5d5eD0I9aAedULLoRC2CkhTRzEzP6ckw2rynkckyuPbqBmJ7CpKdg8jpo-RpoZUF3LPrZk_YezWS71KVp9vb64MoiL66i2HMO0wvy6mS1H8afQrCzWz9-VcfXYNoi1xYfy18I2umD4V1VkaO7qjLkh828kB3Zp_Xa7xW0EFce3RF7ldJ87bYZfPc2q4G6fXxfmGKdZlxmbUO-X5GcC72qNBPkpzWzLeKt0uyslDor8_Wtd1bXOrkWxkiVjUDlmPzPXger5fUWJk_a378DqUfQpUWnPCPTAMv3YfIZd6MIdDrD49xBVdqh9uPZz1QSpGI209jC_GuOZ_1Q0_o2lfbQPEBbO6DFAbKORVdbdFMLmg5gyivDItdnt34PJoE4dYZxqp2jONXpF5cWG3neSALhM9eNlpe8IEqEF4ScJYtR2OJL1A0CgcKMd57--dc_AQAA__-YHswtsAQAAA== HTTP/1.1\r\nHost: rashcolonizeexpand.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 28 Aug 2025 23:32:00 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nVary: Origin\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nSet-Cookie: iprc_l+ddff277a2d5f602634c90f92a1614864=5857917; expires=Fri, 29 Aug 2025 23:32:00 GMT; path=/; secure; SameSite=None\niprc_l:5857917=1; expires=Fri, 29 Aug 2025 23:32:00 GMT; path=/; secure; SameSite=None\r\nHost: rashcolonizeexpand.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9957ca00c80a580da46b7bddfcb947a5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"rashcolonizeexpand.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 22 Aug 2025 08:13:09 GMT\r\nexpires: Sat, 22 Aug 2026 08:13:09 GMT\r\ncache-control: public, max-age=31536000\r\nage: 573532\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T00:47:01.514929Z","times_seen":715573,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":83,"dns":3,"connect":28,"send":0,"wait":44,"receive":7,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/interstitial/bottom_banner/1/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa8501-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lzWrgZLD7Kxtgfr8RE4VjDcWhhZlShWp0oPRK1mP56ayaiy9%2BYqElKNSfmsQZ1uXQzxkVJ0M3P3dlPpYEnQKVWu4k8l6Tn7oocObDuto\"}]}\r\ncf-ray: 97679afc4bf1b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-04T18:45:43.33658Z","times_seen":10535,"resource_available":false,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":427,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/4d/d6/07/4dd6075945f1404e3b375bef9e69f45f54051f4326d9ca004096bdbd51449eae.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/4d/d6/07/4dd6075945f1404e3b375bef9e69f45f54051f4326d9ca004096bdbd51449eae.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 15151\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 16 Mar 2025 06:06:46 GMT\r\netag: \"67d66a76-3b2f\"\r\nexpires: Sat, 30 Aug 2025 23:32:00 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15151,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"a35cb578e3c8889f9d2d8e3a9e520bbc","sha1":"f390ccf18911be8210267a1fb27529da10081347","sha256":"554a79788b15330de1e48f1c482acaed20d1e3998e4daed2175530e89ac5e48a","sha512":"6c003106f7f02ae78774b98f5e5e8736189265dda55429c72a1ab2b387f1d8c6406c7f323a1608af14c0b07ad370c797409977a5c751a2e04a8c98236b0e6e2f","ssdeep":"384:z0sxi+mWivrxHMC8F5ONWxBGTgnbTYwxQKQVd:zfk+mW8NWxB5YwxQtL","tlshash":"e162d0c5e4c578d3e98bc3aacdd3286d66295f235e7df01e55f88dca012011b1c78a23","first_seen":"2025-04-17T18:37:55.427701Z","last_seen":"2026-01-06T02:07:44.501457Z","times_seen":1596,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:01.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 22 Aug 2025 08:13:09 GMT\r\nexpires: Sat, 22 Aug 2026 08:13:09 GMT\r\ncache-control: public, max-age=31536000\r\nage: 573532\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T00:47:01.514929Z","times_seen":715573,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/interstitial/bottom_banner/1/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa8501-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PbBk40HcDXCMTA2E%2BZD3mZTppLgFZVbpOxElzoNwVdWcf4iLbwB52uFmf7dLNgP8GtkrHhpamIbtB8c3RxPLc9e0Ccrt1SBKLR90xgGQ\"}]}\r\ncf-ray: 97679afbeb9fb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-04T18:45:43.33658Z","times_seen":10535,"resource_available":false,"data":null}},"time_used":578,"timings":{"blocked":45,"dns":20,"connect":1,"send":0,"wait":487,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fjs%2Fscript.js\u0026l=957\u0026fd=494","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fjs%2Fscript.js\u0026l=957\u0026fd=494 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:32:00 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":10,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 22 Aug 2025 08:13:09 GMT\r\nexpires: Sat, 22 Aug 2026 08:13:09 GMT\r\ncache-control: public, max-age=31536000\r\nage: 573532\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T00:47:01.514929Z","times_seen":715573,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":80,"dns":1,"connect":17,"send":0,"wait":16,"receive":21,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC","sha256":"A2:57:20:B6:AE:46:89:B9:39:C7:57:9B:1E:43:96:E3:5A:BC:7E:3F:1D:18:10:34:CC:53:3D:DB:78:4E:5C:21"}}},"request":{"raw":"GET /css2?family=Roboto:wght@100;300;400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 28 Aug 2025 23:32:00 GMT\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27925,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"8ce20b90f602eca81760f51e82ec3323","sha1":"4e3bcb53083c31091d592bad676a2f9745c9db25","sha256":"14f74125fcc00d0afabf2d2db11f273fccb72581fbbb0986895e12e06c3a831f","sha512":"dd38621917dbbb1f606c10a0ee9bf41886506dd5aed3cc0fe7e88d67427b37ca301047ba2cdbec501ac82d3569048e76788459559af0eec8391740f2cd6169a1","ssdeep":"768:DDHDYDZDNDO4D/LDYDgDY90DXOU/R08toBy+Oh/EBpmv65lOa/76icZwPLOQ/Vw3:NT4H3r","tlshash":"93c211a1041740009b839ce223cebf35fe1f92517142d0b5abfd9b6badcbc66526936d","first_seen":"2025-06-02T18:15:57.350173Z","last_seen":"2025-09-08T17:34:29.904848Z","times_seen":629,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":80,"dns":1,"connect":7,"send":0,"wait":21,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=433","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=433 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:32:00 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/ccb80e59f1ca20bf9eb8dce51f7ad662/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:57.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 22:12:45 GMT","end":"Sun, 09 Nov 2025 22:12:44 GMT"},"fingerprint":{"sha1":"B9:F8:C8:45:C0:0A:8C:9E:D0:93:4C:61:6A:2B:96:49:20:7B:36:AD","sha256":"CB:4C:A5:11:03:46:B4:B3:1A:2C:67:7A:70:5E:BA:61:07:FB:22:C6:9B:14:E6:FC:FF:46:02:F6:30:DA:F0:A0"}}},"request":{"raw":"GET /ccb80e59f1ca20bf9eb8dce51f7ad662/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 28 Aug 2025 23:31:58 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 14987\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: fc080e2b39a83e879ad8c9fe1d20b0ba\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34108,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (34108), with no line terminators","md5":"ca8d8d2f1af37602c43ab14195bda10a","sha1":"d1b2e43535c01bc04e985a5ae701b1b24586990d","sha256":"fa99c2bf9170b85323bff91e8d68b7d0e5773718b71f22b4909bdc7ec81775fc","sha512":"3ae1246ab0c0f23cbd04cd7814b0429b87990c4e0dbab88d3cfff29bffc0e5700f9bed6c3b517c7d52091db475b70626db564f2063fda7d92eb42c5999450b43","ssdeep":"768:WBdqYtc5vIm+3UJ0UhwlnYRkKgE43kRRwlEK8cQ/2BVHb:W/iIJEJDhwln/Kk3kRylEK8cLF","tlshash":"24e2e78c3f60b05817da303f732f970de9960c0aa894c549c06bb5ecb97c767e5769a8","first_seen":"2025-08-28T23:32:27.091578Z","last_seen":"2025-08-28T23:32:27.091578Z","times_seen":1,"resource_available":true,"data":null}},"time_used":763,"timings":{"blocked":285,"dns":11,"connect":92,"send":0,"wait":95,"receive":92,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/fa/e9/b4/fae9b462a3d36bfb66e0abad0ceda5d0/1753377634.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /cti/fa/e9/b4/fae9b462a3d36bfb66e0abad0ceda5d0/1753377634.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:31:59 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 64738\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 24 Jul 2025 17:20:35 GMT\r\netag: \"68826b63-fce2\"\r\nexpires: Sat, 30 Aug 2025 23:31:59 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64738,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:07:23 17:09:34], progressive, precision 8, 300x250, components 3","md5":"0cb2faf09d76c63ca30f57df6d68a9fe","sha1":"43815c9a83971b195e9b14f417cd5737d74a2b7a","sha256":"f022c4add01da9fc5d6f84782c7ce8b9746a3a0aa1876daf51f167c1f47d2f5f","sha512":"04bb5d0e338112fe8c5082daed837f9a30f8ad6b43f923b729efcbcc47e0f4b50d65f9a1311249129b938871963aa49f68d60b32f75d03de882cb975a77fbadb","ssdeep":"1536:XAhw+AhwaH0BIPr5Bmb0FhWGn5IAioZbiC:Swdwq0BIPreJqI7OGC","tlshash":"0f53e1345ea7ee22fae4413128a1dad6a3179f1963b31ed1bc0c391637653b2dc58229","first_seen":"2025-07-24T18:08:00.971321Z","last_seen":"2025-08-31T15:55:21.208285Z","times_seen":289,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":67,"dns":22,"connect":19,"send":0,"wait":19,"receive":42,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:01.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 22 Aug 2025 08:13:09 GMT\r\nexpires: Sat, 22 Aug 2026 08:13:09 GMT\r\ncache-control: public, max-age=31536000\r\nage: 573532\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T00:47:01.514929Z","times_seen":715573,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gyanigurus.xyz/view/68b02595e0115","fqdn":"gyanigurus.xyz","domain":"gyanigurus.xyz","tld":"xyz"},"ip":{"addr":"172.67.208.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-28T23:31:57.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gyanigurus.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 30 Jul 2025 06:23:17 GMT","end":"Tue, 28 Oct 2025 07:21:04 GMT"},"fingerprint":{"sha1":"6F:7D:01:8E:71:02:DE:AB:78:B2:56:6C:B9:71:0D:BA:FA:1E:E0:F3","sha256":"86:4E:9E:51:59:DD:3C:41:24:A3:DF:EA:E8:D6:51:DD:D3:71:64:E8:87:03:B9:D0:A7:66:9D:C5:D7:45:91:08"}}},"request":{"raw":"GET /view/68b02595e0115 HTTP/1.1\r\nHost: gyanigurus.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:31:57 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kawFPCLDaWnuHaOaIRVpfKuXdXFORlj0ta7vFT5L0q21vMpfTBLW7f9Xksf8FF49IUq%2FYt2XEO5NlAWpxSVCirlCY2NtBmSNFVzJBg%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ijh5WWFuRWpBam81ZmVaV3BtL1BjaHc9PSIsInZhbHVlIjoiR2xTRG1IZHc2b1kxVW5tQlZtVzRmVHNXYVZybzFpY052Q0RGVExHbit1a2gvS1JrOG16OVdxUk9OVGloYWhHWGdYZ2NhZjFvb0FFaGtmMGVmOXJzZEZpcHRYcEdjazlleG1Qd1Rub0RWd0hOeXdkVEorRGJGZGtmbkpwbXVkVEkiLCJtYWMiOiI2MTJhOWYxZmY2ZDQ1MjNkNzY1YjFhZWE0NzYxZjlkMjc2YTJlYzkzY2I1MjRlMzBhMzE1MDZhODk4YjVjZTg3IiwidGFnIjoiIn0%3D; SameSite=Lax; Secure; Path=/; Max-Age=7200; Expires=Fri, 29 Aug 2025 01:31:53 GMT\nlaravel_session=eyJpdiI6IitDbHM5RHgzT2djNk56ZkxNMGM3d1E9PSIsInZhbHVlIjoiYkoybElQbnpta1ZsYUIyZi9hTjBUVmZoZldZeHd1K3p1Uk5ob1dFNUplS1FGdkpZaWJtMHFxVWMwVUMwNDJSUzQ2SnVFU3dmWXRHRVQyNFZEMmJWSkNSZTVkMWhsUzlpNmlkZnNYR3VUN1BITlRsR2k1VzFxejFqNlZmcVVvU2ciLCJtYWMiOiIzZThjNGQ0MDQ5Y2IzZGU2NTE4ZDg3ZDExNWJiZDhkMTZkZjNlNzQ5NTliZjRlNmFiYTUwYzhkZGU5NjMzOTNkIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=Lax; Secure; Path=/; Max-Age=7200; Expires=Fri, 29 Aug 2025 01:31:53 GMT\r\ncf-ray: 97679aec5a7f56b7-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:5.0.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"C3.js","description":"D3 based reusable chart library","website":"https://c3js.org/","common_platform_enumeration":"","icon":"C3.js.png","categories":["JavaScript libraries"]}],"data":{"size":8224,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (331), with CRLF, LF line terminators","md5":"bf62cd4a3afdf570a64947111afbe57b","sha1":"5e2c2a52aa7d5e7113333fbfcfdb1812e473a738","sha256":"83a061e84beb26917f0b76697823aabe8da2dd1644d69ffa5a920b131846160c","sha512":"55c254841727ff0a4f00d9564e8e81b5efb152d90a0650439683b3b847047562b6d2aeb6cdd7b31d3b7a70fabeb088c9c6f1f84f930f156c235564c0981ae5d1","ssdeep":"192:qoSiTl03DGT/JL3Uinp7FQQzPeeHicibitn0:qoa8a079Hicibitn0","tlshash":"cb0274626d80243b12b381e69a26fb9dfbb18007cb5b5902b5fd13d72ff2f558843958","first_seen":"2025-08-28T23:32:27.094799Z","last_seen":"2025-08-28T23:32:27.094799Z","times_seen":1,"resource_available":false,"data":null}},"time_used":328,"timings":{"blocked":23,"dns":1,"connect":1,"send":0,"wait":282,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:57.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 5.0.2\r\nx-jsd-version-type: version\r\netag: W/\"260c5-fByeBXPlzqi603M74vxjqoxo6o0\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 28 Aug 2025 23:31:58 GMT\r\nage: 2029997\r\nx-served-by: cache-fra-eddf8230173-FRA, cache-hel1410022-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 20016\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":155845,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65306)","md5":"abe91756d18b7cd60871a2f47c1e8192","sha1":"7c1c9e0573e5cea8bad3733be2fc63aa8c68ea8d","sha256":"7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b","sha512":"bac54101debafcda5535f0607b5f60c2cda3e896629e771ad76ac07b697e77e4242d4f5f886d363b55fc43a85ea48a6bfc460a66f2b1fc8f56b27ba326e3a604","ssdeep":"1536:d0bwW83RipVVsEBpy0cuJcf22RWb5CyVUpz600I4fM:d0bwlyVUpz600I4fM","tlshash":"09e3a3d7f581241dd4a7c259a0d1bffd052f4586e3025babb0277bb88b8a6c70963e4c","first_seen":"2023-04-05T03:16:49Z","last_seen":"2026-04-04T23:55:00.712834Z","times_seen":94503,"resource_available":true,"data":null}},"time_used":166,"timings":{"blocked":63,"dns":5,"connect":26,"send":0,"wait":26,"receive":6,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/4d/d6/07/4dd6075945f1404e3b375bef9e69f45f54051f4326d9ca004096bdbd51449eae.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/4d/d6/07/4dd6075945f1404e3b375bef9e69f45f54051f4326d9ca004096bdbd51449eae.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 15151\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 16 Mar 2025 06:06:46 GMT\r\netag: \"67d66a76-3b2f\"\r\nexpires: Sat, 30 Aug 2025 23:32:00 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15151,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"a35cb578e3c8889f9d2d8e3a9e520bbc","sha1":"f390ccf18911be8210267a1fb27529da10081347","sha256":"554a79788b15330de1e48f1c482acaed20d1e3998e4daed2175530e89ac5e48a","sha512":"6c003106f7f02ae78774b98f5e5e8736189265dda55429c72a1ab2b387f1d8c6406c7f323a1608af14c0b07ad370c797409977a5c751a2e04a8c98236b0e6e2f","ssdeep":"384:z0sxi+mWivrxHMC8F5ONWxBGTgnbTYwxQKQVd:zfk+mW8NWxB5YwxQtL","tlshash":"e162d0c5e4c578d3e98bc3aacdd3286d66295f235e7df01e55f88dca012011b1c78a23","first_seen":"2025-04-17T18:37:55.427701Z","last_seen":"2026-01-06T02:07:44.501457Z","times_seen":1596,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 22 Aug 2025 08:13:09 GMT\r\nexpires: Sat, 22 Aug 2026 08:13:09 GMT\r\ncache-control: public, max-age=31536000\r\nage: 573532\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T00:47:01.514929Z","times_seen":715573,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":80,"dns":1,"connect":28,"send":0,"wait":32,"receive":12,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-L0T5W9VDY8","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:57.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:34:03 GMT","end":"Mon, 29 Sep 2025 08:34:02 GMT"},"fingerprint":{"sha1":"A2:8A:24:AD:51:7D:A4:62:BB:34:6F:C9:21:A1:B9:E1:2D:A6:0E:C1","sha256":"9F:B9:94:8F:84:D3:44:71:A7:81:72:C8:80:4D:14:02:E3:E0:30:0C:F1:17:27:83:00:82:D9:C3:68:D3:B3:AF"}}},"request":{"raw":"GET /gtag/js?id=G-L0T5W9VDY8 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 28 Aug 2025 23:31:58 GMT\r\nexpires: Thu, 28 Aug 2025 23:31:58 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1106:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1106:0\r\nreport-to: {\"group\":\"ascgcycc:1106:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1106:0\"}],}\r\nserver: Google Tag Manager\r\ncontent-length: 136868\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":411941,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6006)","md5":"8bf8264b16b85da418d86f75b6dc4e77","sha1":"ae15017e81b0fa038c4949a120f0cf991a5f4d4f","sha256":"89cad9fec6de2cc2df4b1b6e5c5b3331797f7136eb305c5af85641ab4d1d0676","sha512":"68d2a2aff8b6664173ece0118405f7d20c2199b5f3b5860dcd3adf49dd1a98cdb0857c6f791e88dce8eab5ecbcedc41f0f77e43821b06f68c7531f6ee94fd1c5","ssdeep":"6144:9mukOixgjXLgL52RZpq4UZeYHDSWvLwD1:IzO8gjMLHDZk","tlshash":"bb9419ce73d670269396f478503f018ba57b29a2b44dc899f189cce42e34a9a4177f7c","first_seen":"2025-08-28T23:32:27.097812Z","last_seen":"2025-08-28T23:32:27.097812Z","times_seen":1,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":128,"dns":1,"connect":21,"send":0,"wait":38,"receive":58,"ssl":112},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F78%2F74%2Ffd%2F7874fd62186fc577273fa59756d17076%2F1744381737.html\u0026l=1544\u0026fd=174","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F78%2F74%2Ffd%2F7874fd62186fc577273fa59756d17076%2F1744381737.html\u0026l=1544\u0026fd=174 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:32:00 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":61,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/interstitial/bottom_banner/1/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aM6AlC9LMYN2EGDWkkzxoLnRvWxqE1JdO223aH2r2CWzvXzhdAAKoSEV4sCOF8VfowAXWE%2BUdVnr7%2BTMNJj6qE3yDS4bgi%2FgdWstUpcS\"}]}\r\nage: 1780280\r\ncf-cache-status: HIT\r\netag: W/\"65aa8501-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 97679afc6c08b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-04-04T23:05:44.782676Z","times_seen":8755,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/interstitial/bottom_banner/1/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dO9XI5fMC%2BasJABI3XeF2ewH91GRvB9RwZNicn9a3Xx%2Bx2Z92sKdMVSHiFoNwAtYsFB4ndaW20DOOwmEQJQJnMg5e2TxEpDA5w4gjRdx\"}]}\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"65aa8501-3bd\"\r\ncontent-encoding: br\r\ncf-ray: 97679afd8cafb4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":957,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"41051a33fb99370ee2aeae5227abec51","sha1":"f1b81c1d24d27bea43a09f308ae28668453704fb","sha256":"67f07ddfdc4a81dc7ae4f83c332eb76107442caf0230e307d6398bae7663aa0d","sha512":"2ac42bfbc6eceb4cde624f8ff6d7a8ca06a88acb16cedb655d3dbc27df1745189e93f75edac38128ea6aaf839ab937fa518f4bf50fb10e1c968289a415c44aee","ssdeep":"","tlshash":"2e115b27356842b45353f06791176adaba31025bac2a971b712c06cd0fd476903f99f7","first_seen":"2023-12-07T10:00:32Z","last_seen":"2026-01-25T21:57:17.022984Z","times_seen":2153,"resource_available":false,"data":null}},"time_used":411,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":410,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gyanigurus.xyz/assets/frontend/js/jquery.min.js","fqdn":"gyanigurus.xyz","domain":"gyanigurus.xyz","tld":"xyz"},"ip":{"addr":"172.67.208.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:57.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gyanigurus.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 30 Jul 2025 06:23:17 GMT","end":"Tue, 28 Oct 2025 07:21:04 GMT"},"fingerprint":{"sha1":"6F:7D:01:8E:71:02:DE:AB:78:B2:56:6C:B9:71:0D:BA:FA:1E:E0:F3","sha256":"86:4E:9E:51:59:DD:3C:41:24:A3:DF:EA:E8:D6:51:DD:D3:71:64:E8:87:03:B9:D0:A7:66:9D:C5:D7:45:91:08"}}},"request":{"raw":"GET /assets/frontend/js/jquery.min.js HTTP/1.1\r\nHost: gyanigurus.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/view/68b02595e0115\r\nCookie: XSRF-TOKEN=eyJpdiI6Ijh5WWFuRWpBam81ZmVaV3BtL1BjaHc9PSIsInZhbHVlIjoiR2xTRG1IZHc2b1kxVW5tQlZtVzRmVHNXYVZybzFpY052Q0RGVExHbit1a2gvS1JrOG16OVdxUk9OVGloYWhHWGdYZ2NhZjFvb0FFaGtmMGVmOXJzZEZpcHRYcEdjazlleG1Qd1Rub0RWd0hOeXdkVEorRGJGZGtmbkpwbXVkVEkiLCJtYWMiOiI2MTJhOWYxZmY2ZDQ1MjNkNzY1YjFhZWE0NzYxZjlkMjc2YTJlYzkzY2I1MjRlMzBhMzE1MDZhODk4YjVjZTg3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitDbHM5RHgzT2djNk56ZkxNMGM3d1E9PSIsInZhbHVlIjoiYkoybElQbnpta1ZsYUIyZi9hTjBUVmZoZldZeHd1K3p1Uk5ob1dFNUplS1FGdkpZaWJtMHFxVWMwVUMwNDJSUzQ2SnVFU3dmWXRHRVQyNFZEMmJWSkNSZTVkMWhsUzlpNmlkZnNYR3VUN1BITlRsR2k1VzFxejFqNlZmcVVvU2ciLCJtYWMiOiIzZThjNGQ0MDQ5Y2IzZGU2NTE4ZDg3ZDExNWJiZDhkMTZkZjNlNzQ5NTliZjRlNmFiYTUwYzhkZGU5NjMzOTNkIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:31:58 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 32851\r\nlast-modified: Mon, 21 Oct 2024 14:19:26 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GyY8Hyoy%2BYp%2B1rk0XaAbSOiuY8SbfjvGFXb2bgA91lRDAcJ%2BgkZ1X4suELIaZe7r4qy2JKhjXLNrwillQ9mjgMvq2g3xq1hOXyNwsg%3D%3D\"}]}\r\ncf-ray: 97679aef4c8956b7-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":97163,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (32077)","md5":"4f252523d4af0b478c810c2547a63e19","sha1":"5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb","sha256":"668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404","sha512":"8c6b0c1fcde829ef5ab02a643959019d4ac30d3a7cc25f9a7640760fefff26d9713b84ab2e825d85b3b2b08150265a10143f82e05975accb10645efa26357479","ssdeep":"1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp9i:t4J+R3jL5TCOauTwD6FdnCVQNea98HrV","tlshash":"8893d7d9b6d6706287b734a851bf410bb17aa8eab40c4c60f058c8e47e74e9d507bf2d","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-05T00:42:07.654531Z","times_seen":67315,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/78/74/fd/7874fd62186fc577273fa59756d17076/1744381737.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/au/78/74/fd/7874fd62186fc577273fa59756d17076/1744381737.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:31:59 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 11 Apr 2025 14:28:57 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wNOAgo96uqht4Lp6tLXcFdSqXZXrYhmtOCx6hY%2FWS5LwHiW3vbwmdAjmxQzBXLmOwxsQgbYew0wR%2FkOwLw9YaDxEhA8QxFtjoKF%2BzKU%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 97679afa98de56ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1544,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"972f68410d9349904f897739b33e12cc","sha1":"e41130dbad60e81ad2665bb7407a50888aae8150","sha256":"90c062931018d386488b555fd261405457f9744db31512ff5780d49769d7b0d0","sha512":"905ef97b48b163e2ff2d28316f462ab1db0bdc05df312811c5e24ecb8614424d74f64a88fe31849fc9dd3515bf1d681b136df27aac8b27fc61c07cbda05dd12e","ssdeep":"","tlshash":"eb31f4251df9c9720182a0957b312f2baa91ea47cc8b560133fc4e948feaed9cd5310b","first_seen":"2023-12-18T02:06:40Z","last_seen":"2026-01-25T21:57:17.058603Z","times_seen":2175,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":37,"dns":20,"connect":1,"send":0,"wait":127,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=af92783a-fec1-43da-9fa4-c48823241490\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=f208de889065add07342893ddae508c3\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 01 Jul 2025 15:12:33 GMT","end":"Mon, 29 Sep 2025 15:12:32 GMT"},"fingerprint":{"sha1":"9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A","sha256":"FB:D4:A2:1D:0F:F1:FB:A8:D9:5E:88:03:1F:BB:94:D2:32:5C:CC:49:11:11:FC:04:7B:C6:43:40:CF:1E:A2:BA"}}},"request":{"raw":"GET /pxf.gif?uuid=af92783a-fec1-43da-9fa4-c48823241490\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=f208de889065add07342893ddae508c3\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 28 Aug 2025 23:31:59 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a5b5bb6ce20826f16f64eb6a42470537\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":687,"timings":{"blocked":295,"dns":14,"connect":92,"send":0,"wait":97,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RTP2wcxReedfL7FVAgAqJAFFdQgBSfZ3dnd2eTAhFCUESIoyQoBTTz9zx4b2czs3t7vgJFiYRSXkm5fmfHIkRRkGiR0JkuCImjchE3SLQUSKnROZYcXvHe9-23I31v9M03280hiqFhB9c-sxNTFGwt6ePee7dMKW3re1dv9kLcx-d7t0yZkvO98bK50bkwJn38fu8TJTbtWoRDjEMc9i4Zp7Qdrx2pYKpHedjPcZ9E_TAhMHb_5b4JwLMA5OgQnQEjF6_9qb8AI-ZQDp9cVH6zttXZj4dNwWrrYCT3Pi83S9uWMDyB2gWgy73jv8H6BULfroAt9443ADvaWW4A3CzQylvPgJd7xzaBj3ZfOOUFqBK4fBXa0RxUsQ-GzUHYe2Dk7whASLi6DuXwwVXrWrb1QmVLdYFOP_8HTLtAp5-9CeXw8YXCjHs3bNHUxpYexroDM56DGcyhavahnqyAafdB1HfByN_Q2vMrUA531n1hwciDd4lUVAqOV4nO9SoRRK7mSa5WOeZpjgkPVZodXZHRc2B-BRofQGMCaHQATRXAUB70CKZEhCxOdS5FhgkjRCqOcxphzHKRQSOW3qdQV1MQxRSEuwOVuwObZgqu-Rn8xsGPidAyjXGiScySNGKayEzhVGtMFGFJmMuIKBmSNBZYZlzEmaQx1yFNMVaKaRXHNE54pEhCQopDrkKhsogSnFOWcpqqVMZE6yiOBI9pThOJFRc0zWKqtEhoLiXJZUoYxSKjaYq5wDHWVGeRiqimnFMeM6kZy2gmdMpyDl4G4GsEI9lBqxC0HkHLELQGQVsjaEfdrix85LsHsvAND49ndDzjbmbrwTbbtfVAlQiYm4KT3Y6pbvt7IOpTs4n2cmaXjfG6mzEuu-3qEL2-zEIA7jxsqoOeEJxileQ6FCzCXOeKUylUEuqMyTSNwJsOjF8B5gOYmAVaP2OhMgt05uE54GwffLEPwrwDrPkfsHYWYwxsYxYlGCbl48EWK82gcY3vj7cmIG0HVX0a6q1guzhEbx-l8stfp6DEU3RcIFwHlevgK_MLgkFxf3bdtmjnum09-mG9qs3QTNgysTdqVqv_P_xUbbXWycsX_fS7D8VSWMJHN5Wvr7BSmnLg0fcXjJTKXbJOKPTTZX9L8WuN37jQuLKprlz76NLlYeWU98aWc2BmgV45PAvCLNAbt_ePXiO5-zUYNwfXdDBsXvJa3QFfnXBvEbjihPMKQdt0Mxfxk4-FQVCoE854B_4lzk_wzLHlaWa6bX8fBi4AVt-DctjByHUwKjpgxRR8c2pWV-7pB3_ERwW8CGa8cGiHF26pm4OejlUkMKZZGsZUqzAmUuiELmPLcBwrqP1i48lff_8bAAD__y0If5dmBQAA","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:59.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 21:34:59 GMT","end":"Tue, 25 Nov 2025 21:34:58 GMT"},"fingerprint":{"sha1":"E4:24:47:01:B7:F3:A1:0B:CF:EA:36:36:30:C1:21:5D:9E:A1:7B:BE","sha256":"EE:DD:A9:31:87:F8:15:E5:A4:69:BA:E8:17:29:F1:0D:59:DC:1E:48:E2:EB:2F:1D:FE:D6:5C:C0:5F:03:5B:01"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTP2wcxReedfL7FVAgAqJAFFdQgBSfZ3dnd2eTAhFCUESIoyQoBTTz9zx4b2czs3t7vgJFiYRSXkm5fmfHIkRRkGiR0JkuCImjchE3SLQUSKnROZYcXvHe9-23I31v9M03280hiqFhB9c-sxNTFGwt6ePee7dMKW3re1dv9kLcx-d7t0yZkvO98bK50bkwJn38fu8TJTbtWoRDjEMc9i4Zp7Qdrx2pYKpHedjPcZ9E_TAhMHb_5b4JwLMA5OgQnQEjF6_9qb8AI-ZQDp9cVH6zttXZj4dNwWrrYCT3Pi83S9uWMDyB2gWgy73jv8H6BULfroAt9443ADvaWW4A3CzQylvPgJd7xzaBj3ZfOOUFqBK4fBXa0RxUsQ-GzUHYe2Dk7whASLi6DuXwwVXrWrb1QmVLdYFOP_8HTLtAp5-9CeXw8YXCjHs3bNHUxpYexroDM56DGcyhavahnqyAafdB1HfByN_Q2vMrUA531n1hwciDd4lUVAqOV4nO9SoRRK7mSa5WOeZpjgkPVZodXZHRc2B-BRofQGMCaHQATRXAUB70CKZEhCxOdS5FhgkjRCqOcxphzHKRQSOW3qdQV1MQxRSEuwOVuwObZgqu-Rn8xsGPidAyjXGiScySNGKayEzhVGtMFGFJmMuIKBmSNBZYZlzEmaQx1yFNMVaKaRXHNE54pEhCQopDrkKhsogSnFOWcpqqVMZE6yiOBI9pThOJFRc0zWKqtEhoLiXJZUoYxSKjaYq5wDHWVGeRiqimnFMeM6kZy2gmdMpyDl4G4GsEI9lBqxC0HkHLELQGQVsjaEfdrix85LsHsvAND49ndDzjbmbrwTbbtfVAlQiYm4KT3Y6pbvt7IOpTs4n2cmaXjfG6mzEuu-3qEL2-zEIA7jxsqoOeEJxileQ6FCzCXOeKUylUEuqMyTSNwJsOjF8B5gOYmAVaP2OhMgt05uE54GwffLEPwrwDrPkfsHYWYwxsYxYlGCbl48EWK82gcY3vj7cmIG0HVX0a6q1guzhEbx-l8stfp6DEU3RcIFwHlevgK_MLgkFxf3bdtmjnum09-mG9qs3QTNgysTdqVqv_P_xUbbXWycsX_fS7D8VSWMJHN5Wvr7BSmnLg0fcXjJTKXbJOKPTTZX9L8WuN37jQuLKprlz76NLlYeWU98aWc2BmgV45PAvCLNAbt_ePXiO5-zUYNwfXdDBsXvJa3QFfnXBvEbjihPMKQdt0Mxfxk4-FQVCoE854B_4lzk_wzLHlaWa6bX8fBi4AVt-DctjByHUwKjpgxRR8c2pWV-7pB3_ERwW8CGa8cGiHF26pm4OejlUkMKZZGsZUqzAmUuiELmPLcBwrqP1i48lff_8bAAD__y0If5dmBQAA HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzQyMzI5MSwiayI6ImNjYjgwZTU5ZjFjYTIwYmY5ZWI4ZGNlNTFmN2FkNjYyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MTgyMDYzLCJwaWQiOjEyMjMyMjYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6NSwicHQiOjQsInBrIjoicTZoYzMxYnRoIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2d5YW5pZ3VydXMueHl6L3ZpZXcvNjhiMDI1OTVlMDExNSIsImFyIjpbXX19.CTsUpK7VuXmxjWZPIGcPsJmAwrcQWKchP0Ii2zwPsrA; uid_id2=4de8dcb0-4f9f-4c4d-959e-b0b6904b1e67:2:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1; u_pl27423291=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:31:59 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d6a2fb1eccfb4dc5e75c8fa527af9a88\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/interstitial/bottom_banner/1/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 01 Jul 2025 14:01:22 GMT","end":"Mon, 29 Sep 2025 14:59:36 GMT"},"fingerprint":{"sha1":"CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B","sha256":"8B:98:84:C0:8D:47:7C:1B:A7:26:4B:E4:9E:6E:FD:8E:E1:6D:6E:41:1D:E7:91:B7:70:A3:C1:D0:C0:85:6B:31"}}},"request":{"raw":"GET /sb/ssp/interstitial/bottom_banner/1/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 Aug 2025 23:32:00 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IWz1%2FEwL11C3yPrBl8c%2FXdBctF6cVLEkvaRkVXwDaqbtDG0RwyLbPfi8aLri7ezu76lwY0%2FU8EgfM6V8OQAXJ2NHwdft3B6UAg6%2FqV7Z\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"65aa8501-3bd\"\r\ncontent-encoding: br\r\ncf-ray: 97679afd0c58b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":957,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"41051a33fb99370ee2aeae5227abec51","sha1":"f1b81c1d24d27bea43a09f308ae28668453704fb","sha256":"67f07ddfdc4a81dc7ae4f83c332eb76107442caf0230e307d6398bae7663aa0d","sha512":"2ac42bfbc6eceb4cde624f8ff6d7a8ca06a88acb16cedb655d3dbc27df1745189e93f75edac38128ea6aaf839ab937fa518f4bf50fb10e1c968289a415c44aee","ssdeep":"","tlshash":"2e115b27356842b45353f06791176adaba31025bac2a971b712c06cd0fd476903f99f7","first_seen":"2023-12-07T10:00:32Z","last_seen":"2026-01-25T21:57:17.022984Z","times_seen":2153,"resource_available":false,"data":null}},"time_used":484,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=542","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=542 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:32:00 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":93,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fjs%2Fscript.js\u0026l=957\u0026fd=415","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:32:00.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fjs%2Fscript.js\u0026l=957\u0026fd=415 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nCookie: uid_id2=af92783a-fec1-43da-9fa4-c48823241490:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27202472=1; slecf208de889065add07342893ddae508c3=[5857917]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:32:00 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pl27302971.profitableratecpm.com/f2/08/de/f208de889065add07342893ddae508c3.js","fqdn":"pl27302971.profitableratecpm.com","domain":"profitableratecpm.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:58.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"profitableratecpm.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 05 Aug 2025 22:12:52 GMT","end":"Mon, 03 Nov 2025 22:12:51 GMT"},"fingerprint":{"sha1":"54:C4:2C:62:9A:57:36:D6:32:A0:4D:90:BD:83:A7:77:B7:01:F1:29","sha256":"C0:C3:D1:A5:40:5D:2B:81:5B:71:DA:AD:EA:56:AF:E8:53:23:5F:E0:6D:AD:66:32:A6:69:17:4D:A2:EA:26:9D"}}},"request":{"raw":"GET /f2/08/de/f208de889065add07342893ddae508c3.js HTTP/1.1\r\nHost: pl27302971.profitableratecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:31:58 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 29360\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: pl27302971.profitableratecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7acec6d44ef3f3d6626a82167f1db8dc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72606,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"aabb17699d61aadcf1c5bbb77294a141","sha1":"946a395392ab24b489d91f0aa8025db00e14a57a","sha256":"0f6a529b5944d7e188a52d935e013c8923b2af92f7384e16ad826f825e322700","sha512":"df0e6310d5103b3721236a70760d0c1711b04ef977f54e16bdc93e0133b1ca83de370efccbaf7fa6368fea4d4b4426ade90ba29038ebc4326a803bfed59c2751","ssdeep":"768:Y2bnYsmBoFqw648+QhS8u+Jcj/XcdNjN/mOdY08kUbTehzbcepwPf:Y2bnAx4x5O+jvcHdY0U3fX","tlshash":"5463c7483f51b27802e6b8fa712fa61af0265c0195d8e0d8f503f4deae66719f036f25","first_seen":"2025-08-28T23:32:27.101101Z","last_seen":"2025-08-28T23:32:27.101101Z","times_seen":1,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"pl27302971.profitableratecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.1219725909369.js?key=ccb80e59f1ca20bf9eb8dce51f7ad662\u0026kw=%5B%22the%22%2C%22importance%22%2C%22of%22%2C%22daily%22%2C%22exercise%22%5D\u0026refer=https%3A%2F%2Fgyanigurus.xyz%2Fview%2F68b02595e0115\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=4de8dcb0-4f9f-4c4d-959e-b0b6904b1e67%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gyanigurus.xyz/view/68b02595e0115","date":"2025-08-28T23:31:58.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 21:34:59 GMT","end":"Tue, 25 Nov 2025 21:34:58 GMT"},"fingerprint":{"sha1":"E4:24:47:01:B7:F3:A1:0B:CF:EA:36:36:30:C1:21:5D:9E:A1:7B:BE","sha256":"EE:DD:A9:31:87:F8:15:E5:A4:69:BA:E8:17:29:F1:0D:59:DC:1E:48:E2:EB:2F:1D:FE:D6:5C:C0:5F:03:5B:01"}}},"request":{"raw":"GET /watch.1219725909369.js?key=ccb80e59f1ca20bf9eb8dce51f7ad662\u0026kw=%5B%22the%22%2C%22importance%22%2C%22of%22%2C%22daily%22%2C%22exercise%22%5D\u0026refer=https%3A%2F%2Fgyanigurus.xyz%2Fview%2F68b02595e0115\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=4de8dcb0-4f9f-4c4d-959e-b0b6904b1e67%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gyanigurus.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gyanigurus.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.19.5\r\nDate: Thu, 28 Aug 2025 23:31:59 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://gyanigurus.xyz\r\nAccess-Control-Allow-Credentials: true\r\nLocation: https://kettledroopingcontinuation.com/watch.1219725909369.js?dev=e\u0026key=ccb80e59f1ca20bf9eb8dce51f7ad662\u0026kw=%5B%22the%22%2C%22importance%22%2C%22of%22%2C%22daily%22%2C%22exercise%22%5D\u0026pst=1756423979\u0026rb=\u0026refer=https%3A%2F%2Fgyanigurus.xyz%2Fview%2F68b02595e0115\u0026res=14.3095\u0026rmtc=t\u0026shu=5cfd6305f43a562af4d7e06ff04e4a519d24ed1463c0d7bc37d83bf18600eeafe33835b2e4541801be1ce7284098a6b86e6d34ff232cb38985d0ebc86738efc589dd49d64a80c78660bc030f8f72e28f8bb8b3adfaa787cf6a9b\u0026tz=0\u0026uuid=4de8dcb0-4f9f-4c4d-959e-b0b6904b1e67%3A2%3A1\r\nSet-Cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzQyMzI5MSwiayI6ImNjYjgwZTU5ZjFjYTIwYmY5ZWI4ZGNlNTFmN2FkNjYyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MTgyMDYzLCJwaWQiOjEyMjMyMjYsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6NSwicHQiOjQsInBrIjoicTZoYzMxYnRoIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2d5YW5pZ3VydXMueHl6L3ZpZXcvNjhiMDI1OTVlMDExNSIsImFyIjpbXX19.CTsUpK7VuXmxjWZPIGcPsJmAwrcQWKchP0Ii2zwPsrA; expires=Thu, 28 Aug 2025 23:32:59 GMT; path=/; secure; SameSite=None\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c1ef5bd1230c754417b2fc4c93822023\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4808,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":723,"timings":{"blocked":311,"dns":28,"connect":92,"send":0,"wait":96,"receive":0,"ssl":193},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-28","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}